6.20 Action - Launch Executable

The Add Actions - Launch Executable dialog box lets you specify the Windows executable, command line parameters, and additional optional settings. You can also specify the specific requirements that a device must meet for the action to be executed on the device.

To access this dialog box in ZENworks Control Center, click the Bundles tab. Click the underlined link of a bundle in the Name column of the Bundles list, click the Actions tab, click one of the action set tabs (Distribute, Install, Launch, Repair, Uninstall, Terminate, or Preboot), click the Add drop-down list, then select an available action.

NOTE:It is recommended that you do not place an installation under the Launch Executable tab - only the command that starts an installed application. Applications start faster when there are less actions under Launch.

The following sections contains additional information:

6.20.1 General

The General page lets you specify the location of the Windows executable, the command line parameters to run when the executable launches, the working directory for the executable, and the non-zero success codes that the executable returns.

Field	Description
Command	Specify the location of the Windows executable, including its filename. You can specify a local path or a network drive. If you specify the local path, you must include the executable’s full path, unless the executable is included in the workstation’s search path. If you specify a network drive, you can use a mapped drive or a UNC path, if the workstation can resolve the path. If you have not installed ZCC Helper on this device, you must do so before you can browse for a file path.
Command Line Parameters	Specify the command line parameters that you want to run when the executable launches. NOTE:As a best practice, you can add a space at the beginning of the field to ensure that there is a space between the command and the parameters when the command is run by the client.
Working Directory	Specify the working directory for the executable.
Success Return Codes	Specify the non-zero success codes that the executable returns. You can specify multiple success codes separated by commas. If an executable returns non-zero success codes, you should specify these non-zero success codes while launching the action. For example, explorer.exe in Windows returns a success code of 1. To successfully launch the Explorer application, you should add 1 as the success code while launching the action. If you leave this field blank, zero will be considered as the success code. Specify the Success Return Code as * to enable any non-zero code returned by a script to be treated as success.
Environment Variables	Lets you add, edit or remove the environment variables as follows: Add: Click Add to display the Add Environment Variable dialog box. Specify the name and value of the environment variable you want to add. For example, Name = JAVA_HOME; Value = C:\java1.4\. NOTE:Add the ZENPREDEF_REDIRCTSTANDARDOUTPUT predefined environment variable and set it to true to redirect the standard output of a variable or command to the specified file or location. For example, if the command line parameter is /c echo%var% > c:\temp\test.txt, the standard output of var will be redirected to c:\temp\test.txt file. Remove: Select the environment variables to remove and click Remove. Edit: Select the environment variable you want to edit, then click Edit. In the Edit Environment Variable dialog box, specify the new value for the variable. For example, Name = JAVA_HOME; Value = C:\Program Files\Java\jdk1.6.0_06.

6.20.2 Advanced

The Advanced page lets you specify the Window executable’s security level and the wait time after launch of windows executable and before proceeding to the next action.

Field	Description
Wait Before Proceeding to Next Action	Click More Options to specify how long to wait after launching the Windows executable and before proceeding to the next action. Specify what happens after the executable launches: No wait: The next action in the list is immediately performed. When launch action is complete: The next action in the list is performed after the launch action completes. For example, enable this option if you are running the action as a dynamic administrator and you want the profile cleaned up and deleted immediately. If you do not enable this option, the profile is cleaned up and deleted at the device’s next reboot. This option can be used in a scenario in which you want to run an inventory after the installation of program and you have to wait until the installation is finished before running the zac inv scannow action since the new applications will otherwise not be inventoried. Wait for _ seconds: Wait the specified number of seconds before proceeding to the next action. Terminate action if wait period exceeded: If you select the Wait for _ seconds option, this option is enabled. If the specified number of seconds is exceeded and the action is not successfully performed, the action terminates.
Executable Security Level	The executable can run in either the “user” space or the “system” space. By default, the Run normal option is selected, which causes the application to run in the “user” space and inherit the same workstation security level as the logged-in user. If the logged-in user's security level does not provide sufficient rights and file access to run the executable, you can configure the executable to run in the “system” space or as a dynamic administrator, as described below: Run as logged in user: The executable inherits the logged-in user’s credentials. For example, the executable has the same rights to the registry and the file system as the logged-in user. Select this option if the user has sufficient rights to execute the action. Select the executable’s initial window size: Normal, Minimized, Maximized, or Hidden. In Hidden mode, the executable runs normally without a user interface available. This is useful if you want the executable to process something, then go away without user intervention. Run as secure system user (Don't allow system to interact with desktop): The executable is run under the Local System user and inherits Administrator-level credentials. For example, the executable has full rights to the registry and the file system. Because the security level is set to Secure, the executable's interface is not displayed to the user and the executable is only visible in the Task Manager. This option is useful when running executables that require full access to the workstation but require no user intervention. If the installer displays a progress window or tries to interact with the user, the action will fail. Run as dynamic administrator: A dynamic administrator is an administrator account that is created on the fly to perform certain procedures, such as installing applications. Using a dynamic administrator is helpful when installing applications (some MSI applications, for example) that cannot be installed in the system space. When you select this action, the dynamic administrator is created, it performs the required tasks, and then the account is deleted. This option will fail if an installation makes changes in the Registry’s HKCU hive (Current user) for the logged in user. When performing actions as a dynamic administrator, ensure that you select the When action is compete option in the Wait before proceeding to next action group box. Selecting this option ensures that the action is completed and the process has terminated and released its resources before ZENworks begins cleaning up and deleting the dynamic administrator account. You cannot use mapped network drives to specify files and directories because dynamic administrators do not have access to mapped drives. Select credential for network access: If the file or directory specified in the action are a part of the UNC path or network share that can be accessed only through credentials, then browse through the credential vault to select a credential that has access to the network. For more information on Credential Vault and adding credential to the Credential Vault, see Using the Credential Vault in the ZENworks Control Center Reference. NOTE:Performing this action as dynamic administrator on a Windows domain controller fails because Microsoft does not allow the use of local administrator accounts on domain controllers.

Field

Description

Wait Before Proceeding to Next Action

Click More Options to specify how long to wait after launching the Windows executable and before proceeding to the next action.

Specify what happens after the executable launches:

No wait: The next action in the list is immediately performed.

When launch action is complete: The next action in the list is performed after the launch action completes. For example, enable this option if you are running the action as a dynamic administrator and you want the profile cleaned up and deleted immediately. If you do not enable this option, the profile is cleaned up and deleted at the device’s next reboot.

This option can be used in a scenario in which you want to run an inventory after the installation of program and you have to wait until the installation is finished before running the zac inv scannow action since the new applications will otherwise not be inventoried.

Wait for _ seconds: Wait the specified number of seconds before proceeding to the next action.

Terminate action if wait period exceeded: If you select the Wait for _ seconds option, this option is enabled. If the specified number of seconds is exceeded and the action is not successfully performed, the action terminates.

Executable Security Level

The executable can run in either the “user” space or the “system” space. By default, the Run normal option is selected, which causes the application to run in the “user” space and inherit the same workstation security level as the logged-in user.

If the logged-in user's security level does not provide sufficient rights and file access to run the executable, you can configure the executable to run in the “system” space or as a dynamic administrator, as described below:

Run as logged in user: The executable inherits the logged-in user’s credentials. For example, the executable has the same rights to the registry and the file system as the logged-in user.

Select this option if the user has sufficient rights to execute the action.

Select the executable’s initial window size: Normal, Minimized, Maximized, or Hidden. In Hidden mode, the executable runs normally without a user interface available. This is useful if you want the executable to process something, then go away without user intervention.
Run as secure system user (Don't allow system to interact with desktop): The executable is run under the Local System user and inherits Administrator-level credentials. For example, the executable has full rights to the registry and the file system. Because the security level is set to Secure, the executable's interface is not displayed to the user and the executable is only visible in the Task Manager. This option is useful when running executables that require full access to the workstation but require no user intervention.

If the installer displays a progress window or tries to interact with the user, the action will fail.
Run as dynamic administrator: A dynamic administrator is an administrator account that is created on the fly to perform certain procedures, such as installing applications. Using a dynamic administrator is helpful when installing applications (some MSI applications, for example) that cannot be installed in the system space. When you select this action, the dynamic administrator is created, it performs the required tasks, and then the account is deleted.

This option will fail if an installation makes changes in the Registry’s HKCU hive (Current user) for the logged in user.

When performing actions as a dynamic administrator, ensure that you select the When action is compete option in the Wait before proceeding to next action group box. Selecting this option ensures that the action is completed and the process has terminated and released its resources before ZENworks begins cleaning up and deleting the dynamic administrator account.

You cannot use mapped network drives to specify files and directories because dynamic administrators do not have access to mapped drives.

Select credential for network access: If the file or directory specified in the action are a part of the UNC path or network share that can be accessed only through credentials, then browse through the credential vault to select a credential that has access to the network.

For more information on Credential Vault and adding credential to the Credential Vault, see Using the Credential Vault in the ZENworks Control Center Reference.

NOTE:Performing this action as dynamic administrator on a Windows domain controller fails because Microsoft does not allow the use of local administrator accounts on domain controllers.

6.20.3 Launch Options

The Launch Options page lets you specify the Window executable’s compatibility mode, display settings, and the input settings.

Field	Description
Compatibility Mode	Click More Options to specify the Window executable’s compatibility mode. Launches the executable in a contained environment. Some executables cannot run on workstations with newer versions of Microsoft^* Windows because of incompatibility issues. The drop-down list is available after you select the Compatibility mode option. Select this option if you successfully ran an executable on a previous Windows version but you are unable to run the executable on the device’s current Windows version. Select the desired platform from the list.
Display	Click More Options to specify the Window executable’s display settings.Select the desired display options: Run in 256 colors: Sets the color quality setting to 256 colors while this executable is running. The color quality setting reverts back to your default setting when you close the executable. Run in 640 × 480 screen resolution: Sets the screen resolution setting to 640 × 480 while this executable is running. The color quality setting reverts back to your default setting when you close the executable. Disable visual themes: Disables visual themes from being applied to the executable. If you are experiencing problems with menus or buttons on the title bar of the executable, this setting might solve these problems. The theme settings revert back to your default setting when you close the executable.
Input Settings	Click More Options to specify the Window executable’s input settings. Temporarily turns off handwriting recognition, speech recognition, and some accessibility features. Turning off text services does not affect multiple languages or keyboards that you have added.
Use the operating system shell to start the process	This option is enabled by default and allows the executable specified in the action to be launched through the operating system shell. Deselect this option to prevent the executable specified in the action from being launched through the operating system shell. Consequently, the executable can now be launched only through the applications configured in the system’s list of allowed applications. To add applications to the system’s list of the allowed applications: In the ZENworks Control Center, create a new Windows Group Policy. In the Windows Group Policy settings page, select Local Group Policy and click Configure. In the Group Policy window, navigate to User Configuration > Administrative Templates > System. Double-click Run only allowed Windows applications. In the Settings tab, select Enabled and click Show. In the Show Contents window, click Add and enter the name of the application as zapp-launcher.exe and click OK. Click Apply, then OK. You can now launch the executable only if it is available in the NAL window.

6.20.4 Requirements

The Requirements page lets you define specific requirements that a device must meet for the action to be enforced on it. For information about the requirements, see Requirements.