Workstation Import Policy

In previous versions of ZENworks for Desktops when a workstation registered with the tree, it would place a cookie into the container of the user. Then the administrator had to execute an import program on their workstation to take these registration records and create workstation objects. These workstation object DNs were then communicated back to the workstation via the same registration/reboot process. If your system was very large, it could become very uncomfortable having to keep running the import program. Often administrators got creative and scheduled the import process to run as a scheduled action on their workstations.

In ZENworks for Desktops 4, this is no longer necessary. A service that now runs on a NetWare or Windows server automatically receives these requests and immediately creates the workstation object. Once the object is created it returns the DN to the workstation. The workstation no longer needs to perform a reboot in order to get its registered workstation DN. In order to perform these actions, the import service must be running on the server and must be accessible using the DNS name of zenwsimport through the local host file on each workstation or via a DNS service. Additionally, the import service must have rights in the directory to be able to create the workstation objects. The pages in this policy enable you to grant these create rights to the import service, to specify how to name the workstation objects and in which container to place the objects, and to limit the number of requests that can be satisfied (to keep the system from overloading a server).

The import service can also be configured to ignore the first N requests from a workstation before it creates a workstation object. This can be useful if the workstation needs to pass through several hands to get properly configured and tested before it is actually given to the final user. This is to help this process settle before the workstation object is actually created.

NOTE

Your desktops do not import automatically if the workstations are finding a ZENworks 2 search policy in the tree. They must see either no search policy or a ZENworks for Desktops 4 search policy in order to activate the automatic workstation import and other ZENworks for Desktops 4 features. See Chapter 3, "Setting Up ZENworks for Desktops 4 in Your Tree," and the section, "Setting Up the Workstation in the Tree" for more information.

The following sections describe each of the pages found in the Workstation Import process. The NDS Rights, Other, and Rights to Files and Folders pages are described in the "Setting Up a Server Policy Package" section.

Containers Page

This page enables you to grant rights to the import service to containers where they must create workstation objects. When you add a container to the list, the system grants rights to the policy object. When the import service needs to perform an import it logs in as the policy being used, enabling it to obtain rights to create workstation objects in the specified container.

The process of adding and removing containers is familiar. You press the Add button and then you are presented with a dialog box that enables you to browse through the tree to select the container you desire. Once selected, the container is added to the list and the import service is given a trustee assignment to that container and given the rights to Browse and Create objects.

To remove a container from the list, select the desired container and press the Remove button. This removes the trustee assignment that was given to the service and deletes it from the displayed list.

Platforms Page

The Platforms page enables you to specify the naming of the workstation objects, the location of the object in the tree, and any workstation groups of which you want the workstation objects to be a member. This can be specified for each of the following categories: General, WinNT/2000 (including Windows XP), or Win 9x (for example, Windows 95/98).

Each of the pages within these categories is identical, with the exception that on the non-general pages you have the additional field: Enable Platform Settings to Override General Settings. When this field is checked, the platform-specific configuration parameters are used rather than the general ones. This chapter discusses the general pages because they apply to all of the other platform pages.

Figure 12.8 displays the first general page that is available.

Each page has three tabs that enable you to configure separate options of the import policy. These tabs are Location, Naming, and Groups. Each of the following subsections discusses these tabs.

Location Tab

This page enables you to identify the container in the tree that should hold the workstation object when it is created during the import process. Figure 12.8 displays this screen.

The Allow Importing of Workstations flag enables you to import workstations from this user. Once this flag is activated, the other fields of the page are usable.

The Create Workstation Objects in drop-down box allows the administrator various options for locating the container in which to place the workstation objects. The options are as follows:

• Server Container This option is new to ZENworks for Desktops 4 and when selected tells the system to place the workstation objects in the same container as the server that is running the import process.

• User Container This signals that the container that holds the user object, of the user who had logged into the system when the registration of the workstation occurred, is the container that also holds the workstation object. Remember it is the first user who connects to the system (after the number of ignored connections has passed) that has the association to the workstation. You can specify a path relative to the user's container. The path field is constructed by entering a relative path. This relative path is constructed by a series of dots and container names. For each dot in the path, the system moves up one level from the associated object container. For example, the path of ..Workstations tells the system to go up two levels and then in a container called Workstations at that level. If you want an alternative user, you must run the un-registration tool described in Chapter 14.

• Associated Object Container This signals that the container that has the policy package associated with it is used as the starting container to place the workstation object. If a path is specified, the associated container is used as the base and the path is considered a relative path. The path field is constructed by entering a relative path, as described previously.

• Selected Container This identifies that the specified path is an absolute container path in the tree. The Path field is required with this selection and must identify the specific container that will hold the workstation object.

Workstation Naming Page

On this page, you can describe how the import process should use the information in the registration to craft the name of the workstation object.

The Workstation Name field displays the final combination of registration information that is combined into the name. In the previous example, the workstation object name is the computer name followed by the MAC address. This is confirmed by the fact that the workstation name field has Computer+MAC Address. If the computer name was Rtanner and the MAC address of the NIC card were 12345, the workstation object name would be Rtanner12345.

The Add Name Fields and Place Them in Order field displays the various components that form the workstation name. Each line that is displayed in this field represents a value that is part of the name. The order of the lines from top to bottom represents the order that they appear in the name. The options that can be placed in the names are as follows:

• <User Defined> This represents an administrator defined string. When this field is chosen, the administrator is prompted to enter a string into the dialog box. This string is placed into the name. This can be any combination of standard ASCII visible characters including white space characters.

• Computer This represents the computer name that was given to the computer usually during installation of the operating system.

• Container This represents the name of the container into which the workstation object is placed. This name is then included in the workstation name.

• CPU This value represents the CPU type of the machine. The possible values are 386, 486, and PENTIUM.

• DNS This represents the DNS (Domain Name Services) name of the computer.

• IP Address This represents the IP address of the machine when it is first registered with the tree. In previous versions of ZENworks for Desktops this was retrieved through the Network Address request and a preferred protocol set to IP.

• MAC Address This represents the address of the machine when it is first registered with the tree. In previous versions of ZENworks for Desktops this was referred to as the network address.

• OS This represents the operating system type of the machine. The expected values would be WINNT, WIN95, for example.

• Server This represents the name of the current server. If the user login has not occurred, and the preferred server has not been done, this server could simply be the first server that responded with a connection. In WINNT systems, where the registration is running as part of a service, this server is the first server to respond to the request for the connection and not necessarily the preferred server of the user.

• User This is the login name of the user who was connected to the tree when the registration process first executed.

As an example, assume that a workstation had been registered with the following values:

CPU = PENTIUMDNS = zen.novell.comMAC address = 00600803c2e7IP address = 137.65.61.99OS = WINNTServer = ZENSERVERUser = rtannerComputer = RonComputer

Then, if you were to administer the workstation import policy with the following naming attributes, the corresponding workstation name would be created, assuming pieces that are in quotes are a user-defined string:

UserOS = rtannerWINNTDNSCPU = zen.novell.comPENTIUMUser" "MAC Address = rtanner 00600803c2e7

You must remember that these values are only used at workstation object creation time. Once the object is created its name never changes. So if you replace the NIC card, although the address of the workstation changed, the name of the workstation does not change; if the name includes the NIC address, the workstation retains the name with the old NIC address.

Workstations Groups

The Workstation Groups page enables you to specify into which groups you want to place the workstation object when it is created. By placing the workstation object into a specific group you can automatically provide policies or rights to the workstation by group associations.

In the Workstation Groups page you can add and remove groups in the list and the workstation will be placed in as a member of each group. The following describes the behavior of each button on the screen:

• Add Press this button to add a group to the list. A dialog box enables you to browse the tree to identify the group. You browse the tree in the right pane and select the group in the left pane. Once a group is selected it is added and displayed to the list.

• Remove This button is activated when a group in the window is highlighted (by pressing the left mouse button) when the cursor is over the desired group. When a group is selected and this button is pressed, the group is removed from the list.

• Remove All This button removes all groups from the list and cleans the set from consideration.

Remember that this policy is only activated when a new workstation is imported into the tree. If a workstation that was created with this policy is associated with a group and you go into the import policy and change the group memberships, the workstations that have already been created retain their group memberships. Only the new workstations created after the change are affected.

Limits Page

On the Limits page you can have some control over when a workstation automatically registers and how the import service on the server behaves. The intention of these fields is to ensure that the performance of the service does not consume a significant amount of processing on the server.

The first portion of the page, the User Login Number field, enables you to configure how many times the workstation must be used (a user logs into the network via that desktop) before it is registered into the tree. This option is useful when your desktops must pass through several hands (that may connect to the tree) before they get to the final user destination. Each time the workstation is used and a user is connected to the tree (or the Workstation Manager agents connect to the tree), the workstation communicates with the workstation import and requests a workstation object. If the number of login times has not been consumed, the service reports that one is not created, and the workstation continues. This repeats until the number of login times has occurred, whereupon the service creates the workstation object and returns the DN of the workstation object to the workstation. The desktop then records this DN in its Registry.

The user login count is kept in the workstation Registry and is transmitted to the import server, which checks it against the policy. If the count is greater than the policy, the import is performed. This count on the workstation is not reset if the policy changes.

Limiting the number of workstations imported enables the administrator to throttle the number of workstations that are created. This keeps your NDS from overloading with a tremendous amount of objects and having to synchronize them around your tree. Imposing this limit forces the service to only create the specified number of workstations in an hour. As soon as the maximum has been reached within the hour, the workstations are told to proceed without a workstation object. The next time they log into the network, and the maximum has not been exceeded, the service creates a workstation object for them.