11.5 Using a Task to Deploy the Agent

The ZENworks Server can deploy the ZENworks Agent to devices. This requires that you create a task, called a deployment task, for the ZENworks Server. The task identifies the target devices, the credentials required to perform an installation on the devices, the registration key to use (optional), the date and time to perform the installation, and other tasks you want performed on the devices either before or after the installation.

This form of deployment is only supported on Windows and Linux devices.

The steps for creating a deployment task vary slightly depending on whether or not the target devices are already listed as discovered devices in your Management Zone (see Section I, Device Discovery):

11.5.1 Prerequisites for Deploying to Windows Devices

Before the ZENworks Server can deploy the ZENworks Agent to a device, make sure the following prerequisites are satisfied:

In addition to these requirements, ensure that the date and time are correct on both the ZENworks Server and on managed devices.

Enabling File and Printer Sharing for Microsoft Networks

You need to enable the File and Printer Sharing for Microsoft Networks option to allow other computers on a network to access resources on your computer by using a Microsoft network.

Windows XP

  1. Right-click My Network Places > Properties.

    The Networks Connections window is displayed.

  2. Right-click Local Area Connection > Properties.

    The Local Area Connection Properties dialog box is displayed.

  3. In the General tab, ensure that the File and Printer Sharing for Microsoft Networks option is selected.

  4. Click OK.

For more information, see File and Printer Sharing for Microsoft Networks.

Windows Server 2008

  1. Right-click Network > Properties.

    The Network and Sharing Center window is displayed.

  2. In the left pane, click Manage network connections.

  3. Right-click Local Area Connection > Properties.

    The Local Area Connection Properties dialog box is displayed.

  4. In the Networking tab, ensure that the File and Printer Sharing for Microsoft Networks option is selected.

  5. Click OK.

Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

  1. Right-click Network > Properties.

    The Network and Sharing Center window is displayed.

  2. Right-click Local Area Connection > Properties.

    The Local Area Connection Properties dialog box is displayed.

  3. In the Networking tab, ensure that the File and Printer Sharing for Microsoft Networks option is selected.

  4. Click OK.

Enabling File and Printer Sharing through Windows Firewall

Any target device that is using Windows Firewall needs to be configured to allow file and printer sharing through the firewall. This is done by enabling the File and Printer Sharing exception in the Windows Firewall configuration settings. You can access Windows Firewall through the Control Panel or through the Windows Security Center.

By default, the scope of the exception applies only to a local subnet. If the target device is in a different subnet than the Primary Server from which the deployment is run, you must add the IP address of the Primary Server to the Windows Firewall along with the local subnet.

Windows Server 2008

  1. From the desktop Start menu, click Settings > Control Panel.

  2. Double-click Windows Firewall.

    The Windows Firewall window is displayed.

  3. Click the Exceptions tab.

  4. In the Programs and Services list, select File and Printer Sharing, then click Edit.

    The Edit a Service window is displayed.

  5. Click Change Scope to include the IP address of the Primary Server and the local subnet.

  6. Click OK.

Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

  1. From the desktop Start menu, click Settings > Control Panel.

  2. Double-click Windows Firewall.

    The Windows Firewall window is displayed.

  3. In the left pane, click Allow a program or feature through Windows Firewall.

  4. In the Allowed Programs and Features list, select File and Printer Sharing.

  5. Click OK.

Windows 10

  1. From the desktop Start menu, click Settings > Control Panel.

  2. Double-click Windows Firewall.

    The Windows Firewall window is displayed.

  3. In the left pane, click Allow a program or feature through Windows Firewall.

  4. In the Allowed Programs and Features list, select File and Printer Sharing.

  5. Enable Windows Management Instrumentation (WMI).

  6. Click OK.

Windows XP

You can allow WMI through Windows firewall.

  1. At the command prompt, run the following command:

    netsh firewall set service RemoteAdmin enable

    For more information on WMI, see Connecting Through Windows Firewall.

Enabling Classic File Sharing

The ZENworks Server needs classic file sharing access to the administrative share (displayed as Admin$) on target devices.

To know in detail about the ports that are opened when you enable Classic File sharing, see IP Discovery Technologies.

Windows XP

Windows XP uses simple file sharing by default. You need to disable simple file sharing to enable classic file sharing.

  1. On the Windows XP device, right-click the My Computer icon, then click Open.

  2. Click the Tools menu > Folder Options to display the Folder Options dialog box.

  3. Click the View tab.

  4. In the Advanced Settings list, deselect the Use simple file sharing option, then click OK to save the change.

Disabling this option changes the setting for the Network access: Sharing and security model for local accounts option in the Local Security Policy (Local Policies > Security Options) to Classic - local users authenticate as themselves. You can also use a Windows Group Policy to change the setting.

Windows Server 2008

  1. Open the Windows Registry and access the following:

    HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/LocalAccountTokenFilterPolicy

    If the registry key does not exist, you need to create it.

  2. Change its DWORD (32-bit) value to 1.

    This allows remote users to log in and not be forced to be guest.

  3. Close the registry to save the change.

  4. Open the Services window and set the Remote Registry service to start automatically, then start it.

  5. Click the desktop Start menu > Settings > Control Panel.

  6. Double-click Network and Sharing Center.

  7. Select Turn on File Sharing, then click Apply.

Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2

  1. Open the Windows Registry and access the following:

    HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/LocalAccountTokenFilterPolicy

    If the registry key does not exist, you need to create it.

  2. Change its DWORD (32-bit) value to 1.

    This allows remote users to log in and not be forced to be guest.

  3. Close the registry to save the change.

  4. Open the Services window and set the Remote Registry service to start automatically, then start it.

  5. Click the desktop Start menu > Settings > Control Panel.

  6. Double-click Network and Sharing Center.

  7. In the left pane, click Change advanced sharing settings.

  8. Select Turn on file and printer sharing, then click Save Changes.

Windows 10

  1. Open the Windows Registry and access the following:

    HKLM/Software/Microsoft/Windows/CurrentVersion/Policies/System/LocalAccountTokenFilterPolicy

    If the registry key does not exist, you need to create it.

  2. Change its DWORD (32-bit) value to 1.

    This allows remote users to log in and not be forced to be guest.

  3. Close the registry to save the change.

  4. Open the Services window and set the Remote Registry service to start automatically, then start it.

  5. Click the desktop Start menu > Settings > Control Panel.

  6. Double-click Network and Internet > Network and Sharing Center.

  7. In the left pane, click Change advanced sharing settings.

  8. Select Turn on file and printer sharing, then click Save Changes.

11.5.2 Prerequisites for Deploying to Linux Devices

Before the ZENworks Server can deploy the ZENworks Agent to a Linux device, make sure that SSH Port 22 is open. To open SSH port 22 use the following procedures to add SSH as an allowed service on the target device.

To add SSH as an allowed service on Red Hat Enterprise Linux (RHEL):

  1. Edit vi/etc/sysconfig/iptables to append the following rule:

    -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

  2. Save the iptables file.

  3. Restart the ip tables service by running either the service iptables restart command or the /etc/init.d/iptables restart command.

To add SSH as an allowed service on Red Hat Enterprise Linux (RHEL) 7.6 and later:

  1. Add SSH port 22 by executing the following command:

    firewall-cmd --permanent --zone=public --add-port=22/tcp

    or

    Add the service SSH to the firewall config by executing the following command:

    firewall-cmd --permanent --zone=public --add-service=ssh

  2. Restart the firewall service by running the following command:

    systemctl restart firewalld.service

IMPORTANT:For Linux devices ensure that you copy the ZENworks11-gpg-pubkey.asc key on to the device and execute the import rpm --import ZENworks11-gpg-pubkey.asc command to avoid errors. The ZENworks11-gpg-pubkey.asc is key is available in the ZENworks 2020 iso.

To add SSH as an allowed service on SUSE Linux Enterprise Server (SLES) and SUSE Linux Enterprise Desktop (SLED) 11 and 12:

  1. Edit the following file:

    /etc/sysconfig/SuSEfirewall2

  2. Add SSH to the list of ports under FW_SERVICES_<Firewall Zone>_TCP.

    For example, for an external zone, add SSH under FW_SERVICES_EXT_TCP="ssh".

  3. Run the following command:

    /sbin/SuSEfirewall2.

To add SSH as an allowed service on SUSE Linux Enterprise Server (SLES) and SUSE Linux Enterprise Desktop (SLED) 15 and OpenSUSE 15:

  1. Add the service SSH to firewall config by executing the following command:

    /usr/bin/firewall-cmd --permanent --zone=public --add-service=ssh

  2. Restart the firewall service by running:

    systemctl restart firewalld.service

11.5.3 Deploying to a Discovered Device

This section assumes that you have already performed a discovery task to add the target devices to your ZENworks database. If you have not, you can perform the discovery task before continuing (see Section I, Device Discovery) or you can perform the discovery as part of the deployment task (see Deploying to a Non-Discovered Device).

To deploy the ZENworks Agent to a discovered device:

  1. In ZENworks Control Center, click the Deployment tab.

    The Deployable Device panel lists all the devices (imported or discovered) to which you can deploy the ZENworks Agent.

  2. In the Deployment Tasks panel, click New to launch the Deploy Device Wizard.

  3. Complete the wizard by using information from the following table to fill in the fields.

    Wizard Page

    Details

    Enter Deployment Task page

    Specify a name for the task. The name cannot include any of the following invalid characters: / \ * ? : " ' < > | ` % ~

    Select Devices page

    Allows you to identify the devices to which you want to deploy the ZENworks Agent.

    Click Add to display the Discovered Device Browser dialog box.

    You can deploy to the target devices by using one of the following options:

    • DNS Name

    • IP Address

    If you select IP Address and if the target device is not reachable by using the IP address, the deployment uses the DNS name. If you select DNS Name and if the target device is not reachable by using the DNS name, the deployment uses the IP address. If the deployment uses a proxy, the target device is only connected by using the option provided.

    Discovered Device Browser dialog box > Source > IP Address

    1. In the Source list, select IP Address.

    2. Fill in the IP Address Range/Host Name field.

      The address can use any of the following formats:

      xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a single address. For example, 123.45.167.100.

      xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a range of addresses. For example, 123.45.167.100 - 123.45.167.125.

      xxx.xxx.xxx.xxx/n: Standard CIDR (Classless Inter-Domain Routing) notation. For example, 123.45.167.100/24 matches all IP addresses that start with 123.45.167.

      hostname: Standard device hostname. For example, workstation1.

    3. To add the device to the Selected Devices list, click Add.

    4. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > Add New CSV File

    1. In the Source list, select Add New CSV File to display the Add New Source dialog box.

    2. Fill in the following fields:

      CSV File: Browse for and select the CSV file containing the devices to which you want to deploy the agent.

      DNS Name Column: Select the number of the column that contains the DNS name information.

      IP Address Column: Select the number of the column that contains the IP address information. If you want the IP address to be resolved from the DNS name rather than imported from the file, select the Resolve IP from DNS name option.

      OS Type Column: Select the number of the column that contains the operating system information. If you want to specify a default OS type rather than importing it from the file, select the Use default OS for all selections option, then select the default operating system in the Default OS Type field.

    3. Click OK to display the devices in the source list.

    4. Click to move a device to the Selected Devices list.

    5. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > existing user source

    1. In the Source list, select the existing user source.

      The root of the user source is displayed in the source list.

    2. Browse the directory to find the desired device.

    3. Click to move the device to the Selected Devices list.

    4. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > Add New LDAP Source

    1. In the Source list, select Add New LDAP Source to display the Add New Source dialog box.

    2. Fill in the following fields:

      LDAP Source Name: Provide a name for the LDAP source.

      LDAP Server: Specify the IP address or DNS hostname of the LDAP server.

      LDAP Port/Use SSL: Defaults to the standard SSL port (636) or non-SSL port (389) depending on whether the Use SSL option is enabled or disabled. If your LDAP server is listening on a different port, select that port.

      LDAP Root Context: Establishes the point in the directory where you can begin to browse. If you do not specify a base DN, the directory root container becomes the entry point.

      Save Credentials to Data store: Unless you save the credentials (defined in the Credentials list), they are stored only in memory. Saved credentials are encrypted in the database for increased security. Credentials are cleared from memory when the ZENworks Server is restarted. If you want to permanently retain the credentials as part of the deployment task, you should save the credentials.

      Credentials: Click Add to enter a username and password that provides read-only access to the directory. The user can have more than read-only access, but read-only access is all that is required and recommended.

      For Novell eDirectory access, use standard LDAP notation. For example:

      cn=admin_read_only,ou=users,o=mycompany

      For Microsoft Active Directory, use standard domain notation. For example:

      AdminReadOnly@mycompany.com

    3. Click OK to display the LDAP directory in the source list.

    4. Browse the directory to find the desired device.

    5. Click to move the device to the Selected Devices list.

    6. When you are finished selecting devices, click OK.

    Enter Credentials page > Save Credentials to DataStore field

    The Enter Credentials page lets you provide the usernames and passwords required to deploy the ZENworks Agent to the devices included in the task.

    Unless you save the credentials, they are stored only in memory. Saved credentials are encrypted in the database for increased security.

    Credentials that are not saved are cleared from memory when the ZENworks Server is restarted. If you are creating a scheduled deployment task, you should save the credentials to ensure that they are still available when the deployment is performed.

    Enter Credentials page > Credentials field

    To add a credential on Windows:

    1. Click Add to display the Enter Credential Information dialog box.

    2. In the Type list, select the type of operating system for which you want to enter the credential.

    3. In the Username field, specify the appropriate username.

      To deploy the agent, the ZENworks Server must be able to map a drive to the device administrative share (ADMIN$). This requires the following credentials:

      • If the device is a member of a domain: You can use a domain or local Administrator group credential. If you use the local credential, you must specify the username as workstation_name\username to distinguish it from domain credentials.

      • If the device is not a member of a domain: You must use a local Administrator group credential.

    4. In the Password and Reenter Password fields, enter the user password.

    5. Click OK to save the credential.

    Depending on your environment, one credential might not provide access to all of the devices where you want to deploy the ZENworks Agent. In this case, you need to add as many credentials as necessary to cover the devices included in the task. The ZENworks Server uses the first credential that works.

    Specify only the root credential to deploy the ZENworks Agent on Linux.

    Select Schedule page

    The Select Schedule page lets you choose whether you want the task to run as soon as it is created (the Now option) or if you want to schedule the task to run at a future date and time. If you select Scheduled, choose one of the following schedules:

    No Schedule: Indicates that no schedule has been set. The task does not run until a schedule is set or it is manually launched. This is useful if you want to create the task and come back to it later to establish the schedule or run it manually.

    Date Specific: Specifies one or more dates on which to run the task.

    Recurring: Identifies specific days each week, month, or a fixed interval on which to run the task.

    See Section B.0, Schedules or click the Help button for more information about the schedules.

    Select Primary Server page > Primary Server field

    Select the ZENworks Server that you want to perform the deployment task.

    Select or Edit a Proxy Device page

    The Select or Edit a Proxy Device page lets you choose whether you want to use a proxy device to perform the deployment task.

    Select or Edit a Proxy Device page > Windows Proxy

    If you want to use a Windows Proxy instead of the Primary Server to perform the deployment tasks on Windows devices, click the Windows Proxy option and configure the settings in the Select Windows Proxy dialog box.

    A Windows Proxy is used to perform the following actions:

    • Enable Linux Primary Servers to perform deployment tasks on Windows devices.

    • Deploy Windows devices that are in a different subnet than the Primary Server.

    • Deploy Windows devices in a network enabled for NAT.

    The connection between the ZENworks Server and the Windows Proxy is secured through SSL.

    For deployment, you need to add File and Printer Sharing as an exception in the Windows Firewall configuration settings. By default, the scope of the exception applies only to a local subnet. If the target device is in a different subnet than the Primary Server from which the deployment is run, you also need to add the IP address of the Primary Server as an exception. However, if you use a Windows Proxy in the same subnet as a target device, you do not need to change the scope of the Windows Firewall exception.

    Override Zone Windows Proxy Settings: Select this option if you want to override the Windows Proxy settings configured at the Management Zone and configure new settings for the task.

    Windows Proxy: Select a Windows managed device (server or workstation) to be used as a Windows Proxy for performing the deployment tasks instead of a ZENworks Server. The Windows Proxy must reside in the same network as the target devices.

    Windows Proxy Timeout: Specify the number of seconds you want the ZENworks Server to wait for a response from the Windows Proxy.

    Select or Edit a Proxy Device page > Linux Proxy

    If you want to use a Linux Proxy instead of the Primary Server to perform the deployment tasks on Linux devices, click the Linux Proxy option and configure the settings in the Select Linux Proxy dialog box.

    A Linux Proxy is used to perform the following actions:

    • Enable Primary Servers to offload a deployment task to a Linux Proxy if the task includes devices in a different subnet.

    • Deploy Linux devices in a different subnet than the Primary Server.

    • Deploy Linux devices in a network enabled for NAT.

    The SSH discovery requires port 22 to be reachable in order to enable the Primary Server to connect to the target device. If the SSH port is blocked in the Network Firewall, you use a Linux managed device in the same subnet as the target device.

    Override Zone Linux Proxy Settings: Select this option if you want to override the Linux Proxy settings configured at the Management Zone and configure new settings for the task.

    Linux Proxy: Select a Linux managed device (server or workstation) to be used as a Linux Proxy for performing the deployment tasks instead of a ZENworks Server. The Linux Proxy must reside in the same network as the target devices.

    Linux Proxy Timeout: Specify the number of seconds you want the ZENworks Server to wait for a response from the Linux Proxy.

    Windows Options page > Reboot Option field

    After installation of the ZENworks Agent, a device must reboot to make the agent functional. Do the following:

    1. Select the desired reboot option.

      • Immediate: To reboot immediately after installation of the ZENworks Agent, select Immediate to force the device

      • Manual: To allow the user to manually reboot the device at his or her convenience, select Manual.

      • Scheduled: To reboot the device at a specified time, select Scheduled. Fill in the schedule fields.

        • Start Date: Click to display a calender you can use to select a date for the event.

        • Start Time: Specify the time at which the event must start.

        • Use Coordinated Universal Time (UTC): The Start Time is converted to Universal Coordinated Time (UTC). Select this option to indicate that the Start Time you entered is already in Coordinated Universal Time and should not be converted. For example, suppose you are in the Eastern time zone. If you enter 10:00 a.m. and select this option, the Start Time is scheduled for 10:00 UTC. If you do not select this option, the Start Time is scheduled for 14:00 UTC because Eastern time is UTC - 4 hours.

    2. (Optional) Select the Do Not Prompt for Reboot option if you do not want the reboot prompt message to be displayed.

      • Start ZENworks Agent with limited functionality: (Optional) This is enabled only if you select Manual reboot option. Select this option to start ZENworks Agent with limited functionality and without rebooting a device.

        IMPORTANT:If you select Immediate or Manual reboot option, and Do not prompt for reboot option, then Cancel the reboot after agent install, a prompt is displayed to start the ZENworks agent with limited functionality. If user selects Yes, the agent service starts with limited functionality until a reboot is done.

    NOTE:The Windows Options page is displayed only if you have provided Windows credentials on the Enter Credentials page.

    Windows Options page > Permission Prompt Options fields

    After deployment, you can use these options to postpone the agent installation on the target machine:

    • Show Permission Prompt: Select On to display a dialog box on the agent when the installation is ready to begin. Users can cancel, postpone, or allow the installation to begin based on the Permission Prompt options configured by the Zone administrator.

      NOTE:By default, this setting is set to Off, so users cannot cancel or postpone the installation. The installation begins immediately without any prompt. If you select On, the following options are enabled:

    • Prompt Max Postpone: Specify how many times a user can postpone or snooze the installation. Select Unlimited to let the user postpone the installation an unlimited number of times, or select Limit To, then specify the number of times the user can postpone the installation.

    • Prompt Timeout: Specify how long to wait for an answer before the installation begins. To display the permission prompt until the user responds, select No Timeout. Or, select Timeout after _ mins and specify the number of minutes you want an unanswered prompt to remain on the user’s screen before the installation starts. By default, the user has five minutes to respond to the prompt.

    • Prompt Nag Time: Specify, in minutes, how often the prompt should appear to let a user know that an installation is waiting to start. By default, this prompt displays every 15 minutes.

    • Prompt Max Wait Time: Specify the maximum timeout for which the agent installation can be postponed. When this timeout is reached, the agent installation starts even if there are other prompt messages remaining.

    • Agent Message Overrides: Customize the text for agent installation messages that display in dialog boxes during the installation. Click Add to display the Edit Agent Installation Message dialog box. Select a Message Key from the drop-down list, type the desired text, then click OK.

    Windows Options page > Deployment Package field

    Depending upon the processor architecture of the managed device, select the deployment package to be used for installing ZENworks Agent on the device.

    If you are not sure about the device's processor architecture, choose the package with target architecture as All, which applies to 32-bit and 64-bit platforms.

    If the selected package has been deleted from the Primary Server, then the default deployment package is deployed.

    Windows Options page > Agent Installation Folder field

    Specify the directory on the managed device where you want to install ZENworks Agent. By default, the agent is installed to the directory specified in the %ZENWORKS_HOME% system environmental variable or to the %ProgramFiles%\novell\zenworks directory if the variable is not set on the managed device.

    Ensure that the installation path does not contain spaces.

    NOTE:If the directory you specify cannot be created, then the agent is installed in the default location.

    Linux Options page

    The Linux Options page lets you configure the installation options to make the ZENworks Agent functional after the installation of the agent on the Linux devices.

    Deployment Package: Depending upon the processor architecture of the managed device, select the deployment package to be used for installing ZENworks Agent on the device. If you are not sure about the device's processor architecture, choose the package with target architecture as All, which applies to 32-bit and 64-bit platforms. If the selected package has been deleted from the Primary Server, then the default deployment package is deployed.

    Installation Options: Configure the following options for deploying the ZENworks Agent:

    • Do Not Install the GUI Packages: Select this option if you do not want to install the RPMs that provide a GUI interface for the ZENworks Agent such as the icon.

    • Disable SELinux for Red Hat Devices: Select this option to disable SELinux (Security-Enhanced Linux).

      SELinux provides limited access control on Linux. Select this option to disable SELinux if the agent is unable to open the ports required by ZENworks. SELinux is temporarily disabled only if the agent is unable to open the ports, and is automatically enabled again after the agent installation.

    NOTE:The Linux Options page is displayed only if you have provided Linux credentials on the Enter Credentials page.

    Add Registration Key page

    Select a registration key to use during the registration portion of the deployment process. A registration key provides information about the folders and groups to which a device is assigned during registration. Selecting a registration key is optional; if you do not select one, registration rules are used to determine the folder and group assignments. To deploy to servers or workstations, choose a server registration key or a workstation registration key respectively.

    For more information about registration keys and rules, see Section 10.0, Registering Devices.

    Pre/Post Deployment page

    Specify commands that you want to run before and after the agent is installed on a device. For example, you can execute operating system commands, run scripts, and launch executables.

    The commands are passed to the pre-agent as part of the deployment task package. The pre-agent executes the commands in the system space, so you must specify commands that do not require user interaction.

    For more information about predeployment and post-deployment commands, click the Help button.

    When you finish the wizard, the deployment task is added to the list in the Deployment Tasks panel. You can use the panel to manage current tasks and create new tasks for deploying the ZENworks Agent to devices. The panel includes the following information for each task:

    • Name: Displays the name given to the task. If Credentials Cleared is displayed below the task name, the credentials required to perform the task on the targeted devices have been cleared from the ZENworks Server memory and must be entered again. To avoid having credentials lost when they are cleared from memory, you must store them in the ZENworks database.

    • Schedule: Displays the dates on which the task is scheduled to run.

    • Status: Displays the following status information: Scheduled, Pending, Installing, Registering, Inactive, Finished, or Error. You can mouse over certain statuses to receive more information about the status.

      If an error occurred, the error is also recorded for the target device in the Deployable Devices panel. You can click the target device in the Deployable Devices panel to receive more information about the error.

11.5.4 Deploying to a Non-Discovered Device

If a target device has not been added to your ZENworks database through a discovery task, you can select the device while you are creating the deployment task. The following sections explain how to create the deployment task depending on whether you want to identify the target device by its IP address/hostname, from a CSV file, or from an LDAP directory.

  1. In ZENworks Control Center, click the Deployment tab.

  2. In the Deployment Tasks panel, click New to launch the Deploy Device Wizard.

  3. Complete the wizard by using information from the following table to fill in the fields.

    Wizard Page

    Details

    Enter Deployment Task page

    Specify a name for the task. The name cannot include any of the following invalid characters: / \ * ? : " ' < > | ` % ~

    Select Devices page

    Allows you to identify the devices to which you want to deploy the ZENworks Agent.

    Click Add to display the Discovered Device Browser dialog box.

    You can deploy to the target devices by using one of the following options:

    • DNS Name

    • IP Address

    If you select IP Address and if the target device is not reachable by using the IP address, the deployment uses the DNS name. If you select DNS Name and if the target device is not reachable by using the DNS name, the deployment uses the IP address. If the deployment uses a proxy, the target device is only connected by using the option provided.

    Discovered Device Browser dialog box > Source > IP Address

    1. In the Source list, select IP Address.

    2. Fill in the IP Address Range/Host Name field.

      The address can use any of the following formats:

      xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a single address. For example, 123.45.167.100.

      xxx.xxx.xxx.xxx - xxx.xxx.xxx.xxx: Standard dotted-decimal notation for a range of addresses. For example, 123.45.167.100 - 123.45.167.125.

      xxx.xxx.xxx.xxx/n: Standard CIDR (Classless Inter-Domain Routing) notation. For example, 123.45.167.100/24 matches all IP addresses that start with 123.45.167.

      hostname: Standard device hostname. For example, workstation1.

    3. To add the device to the Selected Devices list, click Add.

    4. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > Add New CSV File

    1. In the Source list, select Add New CSV File to display the Add New Source dialog box.

    2. Fill in the following fields:

      CSV File: Browse for and select the CSV file containing the devices to which you want to deploy the agent.

      DNS Name Column: Select the number of the column that contains the DNS name information.

      IP Address Column: Select the number of the column that contains the IP address information. If you want the IP address to be resolved from the DNS name rather than imported from the file, select the Resolve IP from DNS name option.

      OS Type Column: Select the number of the column that contains the operating system information. If you want to specify a default OS type rather than importing it from the file, select the Use default OS for all selections option, then select the default operating system in the Default OS Type field.

    3. Click OK to display the devices in the source list.

    4. Click to move a device to the Selected Devices list.

    5. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > existing user source

    1. In the Source list, select the existing user source.

      The root of the user source is displayed in the source list.

    2. Browse the directory to find the desired device.

    3. Click to move the device to the Selected Devices list.

    4. When you are finished selecting devices, click OK.

    Discovered Device Browser dialog box > Source > Add New LDAP Source

    1. In the Source list, select Add New LDAP Source to display the Add New Source dialog box.

    2. Fill in the following fields:

      LDAP Source Name: Provide a name for the LDAP source.

      LDAP Server: Specify the IP address or DNS hostname of the LDAP server.

      LDAP Port/Use SSL: Defaults to the standard SSL port (636) or non-SSL port (389) depending on whether the Use SSL option is enabled or disabled. If your LDAP server is listening on a different port, select that port.

      LDAP Root Context: Establishes the point in the directory where you can begin to browse. If you do not specify a base DN, the directory root container becomes the entry point.

      Save Credentials to Datastore: Unless you save the credentials (defined in the Credentials list), they are stored only in memory. Saved credentials are encrypted in the database for increased security. Credentials are cleared from memory when the ZENworks Server is restarted. If you want to permanently retain the credentials as part of the deployment task, you should save the credentials.

      Credentials: Click Add to enter a username and password that provides read-only access to the directory. The user can have more than read-only access, but read-only access is all that is required and recommended.

      For Novell eDirectory access, use standard LDAP notation. For example:

      cn=admin_read_only,ou=users,o=mycompany

      For Microsoft Active Directory, use standard domain notation. For example:

      AdminReadOnly@mycompany.com

    3. Click OK to display the LDAP directory in the source list.

    4. Browse the directory to find the desired device.

    5. Click to move the device to the Selected Devices list.

    6. When you are finished selecting devices, click OK.

    Enter Credentials page > Save Credentials to DataStore field

    The Enter Credentials page lets you provide the usernames and passwords required to deploy the ZENworks Agent to the devices included in the task.

    Unless you save the credentials, they are stored only in memory. Saved credentials are encrypted in the database for increased security.

    Credentials that are not saved are cleared from memory when the ZENworks Server is restarted. If you are creating a scheduled deployment task, you should save the credentials to ensure that they are still available when the deployment is performed.

    Enter Credentials page > Credentials field

    To add a credential:

    1. Click Add to display the Enter Credential Information dialog box.

    2. In the Type list, select the type of operating system for which you want to enter the credential.

    3. In the Username field, specify the appropriate username.

      To deploy the agent, the ZENworks Server must be able to map a drive to the device administrative share (ADMIN$). This requires the following credentials:

      • If the device is a member of a domain: You can use a domain or local Administrator group credential. If you use the local credential, you must specify the username as workstation_name\username to distinguish it from domain credentials.

      • If the device is not a member of a domain: You must use a local Administrator group credential.

    4. In the Password and Reenter Password fields, enter the user password.

    5. Click OK to save the credential.

    Depending on your environment, one credential might not provide access to all of the devices where you want to deploy the ZENworks Agent. In this case, you need to add as many credentials as necessary to cover the devices included in the task. The ZENworks Server uses the first credential that works.

    Select Schedule page

    The Select Schedule page lets you choose whether you want the task to run as soon as it is created (the Now option) or if you want to schedule the task to run at a future date and time. If you select Scheduled, choose one of the following schedules:

    No Schedule: Indicates that no schedule has been set. The task does not run until a schedule is set or it is manually launched. This is useful if you want to create the task and come back to it later to establish the schedule or run it manually.

    Date Specific: Specifies one or more dates on which to run the task.

    Recurring: Identifies specific days each week, month, or a fixed interval on which to run the task.

    See Section B.0, Schedules or click the Help button for more information about the schedules.

    Select Primary Server page > Primary Server field

    Select the ZENworks Server that you want to perform the deployment task.

    Select or Edit a Proxy Device page

    The Select or Edit a Proxy Device page lets you choose whether you want to use a proxy device to perform the deployment task.

    Select or Edit a Proxy Device page > Windows Proxy

    If you want to use a Windows Proxy instead of the Primary Server to perform the deployment tasks on Windows devices, click the Windows Proxy option and configure the settings in the Select Windows Proxy dialog box.

    A Windows Proxy is used to perform the following actions:

    • Enable Linux Primary Servers to perform deployment tasks on Windows devices.

    • Deploy Windows devices that are in a different subnet than the Primary Server.

    • Deploy Windows devices in a network enabled for NAT.

    The connection between the ZENworks Server and Windows Proxy is secured through SSL.

    For deployment, you need to add File and Printer Sharing as an exception in the Windows Firewall configuration settings. By default, the scope of the exception applies only to a local subnet. If the target device is in a different subnet than the Primary Server from which the deployment is run, you also need to add the IP address of the Primary Server as an exception. However, if you use a Windows Proxy in the same subnet as a target device, you do not need to change the scope of the Windows Firewall exception.

    Override Zone Windows Proxy Settings: Select this option if you want to override the Windows Proxy settings configured at the Management Zone and configure new settings for the task.

    Windows Proxy: Select a Windows managed device (server or workstation) to be used as a Windows Proxy for performing the deployment tasks instead of a ZENworks Server. The Windows Proxy must reside in the same network as the target devices.

    Windows Proxy Timeout: Specify the number of seconds you want the ZENworks Server to wait for a response from the Windows Proxy.

    Select or Edit a Proxy Device page > Linux Proxy

    If you want to use a Linux Proxy instead of the Primary Server to perform the deployment tasks on Linux devices, click the Linux Proxy option and configure the settings in the Select Linux Proxy dialog box.

    A Linux Proxy is primarily used for Primary Servers if you want to deploy to Linux devices in a different subnet than the Primary Server. When a Primary Server receives a deployment task that includes devices in a different subnet, it offloads the deployment tasks to the Linux Proxy. A Linux Proxy is also used for performing deployment tasks on Linux devices in a network enabled for NAT.

    The SSH discovery requires port 22 to be reachable in order to enable the Primary Server to connect to the target device. If the SSH port is blocked in the Network Firewall, you use a Linux managed device in the same subnet as the target device.

    Override Zone Linux Proxy Settings: Select this option if you want to override the Linux Proxy settings configured at the Management Zone and configure new settings for the task.

    Linux Proxy: Select a Linux managed device (server or workstation) to be used as a Linux Proxy for performing the deployment tasks instead of a ZENworks Server. The Linux Proxy must reside in the same network as the target devices.

    Linux Proxy Timeout: Specify the number of seconds you want the ZENworks Server to wait for a response from the Linux Proxy.

    Windows Options page > Reboot Option field

    After installation of the ZENworks Agent, a device must reboot to make the agent functional. Do the following:

    1. Select the desired reboot option.

      • Immediate: To reboot immediately after installation of the ZENworks Agent, select Immediate to force the device

      • Manual: To allow the user to manually reboot the device at his or her convenience, select Manual.

      • Scheduled: To reboot the device at a specified time, select Scheduled. Fill in the schedule fields.

        • Start Date: Click to display a calender you can use to select a date for the event.

        • Start Time: Specify the time at which the event must start.

        • Use Coordinated Universal Time (UTC): The Start Time is converted to Universal Coordinated Time (UTC). Select this option to indicate that the Start Time you entered is already in Coordinated Universal Time and should not be converted. For example, suppose you are in the Eastern time zone. If you enter 10:00 a.m. and select this option, the Start Time is scheduled for 10:00 UTC. If you do not select this option, the Start Time is scheduled for 14:00 UTC because Eastern time is UTC - 4 hours.

    2. (Optional) Select the Do Not Prompt for Reboot option if you do not want the reboot prompt message to be displayed.

      • Start ZENworks Agent with limited functionality: (Optional) This is enabled only if you select Manual reboot option. Select this option to start ZENworks Agent with limited functionality and without rebooting a device.

        IMPORTANT:If you select Immediate or Manual reboot option, and Do not prompt for reboot option, then Cancel the reboot after agent install, a prompt is displayed to start the ZENworks agent with limited functionality. If user selects Yes, the agent service starts with limited functionality until a reboot is done.

    NOTE:The Windows Options page is displayed only if you have provided Windows credentials on the Enter Credentials page.

    Windows Options page > Permission Prompt Options fields

    After deployment, you can use these options to postpone the agent installation on the target machine:

    • Show Permission Prompt: Select On to display a dialog box on the agent when the installation is ready to begin. Users can cancel, postpone, or allow the installation to begin based on the Permission Prompt options configured by the Zone administrator.

      NOTE:By default, this setting is set to Off, so users cannot cancel or postpone the installation. The installation begins immediately without any prompt. If you select On, the following options are enabled:

    • Prompt Max Postpone: Specify how many times a user can postpone or snooze the installation. Select Unlimited to let the user postpone the installation an unlimited number of times, or select Limit To, then specify the number of times the user can postpone the installation.

    • Prompt Timeout: Specify how long to wait for an answer before the installation begins. To display the permission prompt until the user responds, select No Timeout. Or, select Timeout after _ mins and specify the number of minutes you want an unanswered prompt to remain on the user’s screen before the installation starts. By default, the user has five minutes to respond to the prompt.

    • Prompt Nag Time: Specify, in minutes, how often the prompt should appear to let a user know that an installation is waiting to start. By default, this prompt displays every 15 minutes.

    • Prompt Max Wait Time: Specify the maximum timeout for which the agent installation can be postponed. When this timeout is reached, the agent installation starts even if there are other prompt messages remaining.

    • Agent Message Overrides: Customize the text for agent installation messages that display in dialog boxes during the installation. Click Add to display the Edit Agent Installation Message dialog box. Select a Message Key from the drop-down list, type the desired text, then click OK.

    Windows Options page > Deployment Package field

    Depending upon the processor architecture of the managed device, select the deployment package to be used for installing ZENworks Agent on the device.

    If you are not sure about the device's processor architecture, choose the package with target architecture as All, which applies to 32-bit and 64-bit platforms.

    If the selected package has been deleted from the Primary Server, then the default deployment package is deployed.

    Windows Options page > Agent Installation Folder field

    Specify the directory on the managed device where you want to install ZENworks Agent. By default, the agent is installed to the directory specified in the %ZENWORKS_HOME% system environmental variable or to the %ProgramFiles%\novell\zenworks directory if the variable is not set on the managed device.

    Ensure that the installation path does not contain spaces.

    NOTE:If the directory you specify cannot be created, then the agent is installed in the default location.

    Linux Options page

    The Linux Options page lets you configure the installation options to make the ZENworks Agent functional after the installation of the agent on the Linux devices.

    Deployment Package: Depending upon the processor architecture of the managed device, select the deployment package to be used for installing ZENworks Agent on the device. If you are not sure about the device's processor architecture, choose the package with target architecture as All, which applies to 32-bit and 64-bit platforms. If the selected package has been deleted from the Primary Server, then the default deployment package is deployed.

    Installation Options: Configure the following options for deploying the ZENworks Agent:

    • Do Not Install the GUI Packages: Select this option if you do not want to install the RPMs that provide a GUI interface for the ZENworks Agent such as the icon.

    • Disable SELinux for Red Hat Devices: Select this option to disable SELinux (Security-Enhanced Linux).

      SELinux provides limited access control on Linux. Select this option to disable SELinux if the agent is unable to open the ports required by ZENworks. SELinux is temporarily disabled only if the agent is unable to open the ports, and is automatically enabled again after the agent installation.

    NOTE:The Linux Options page is displayed only if you have provided Linux credentials on the Enter Credentials page.

    Add Registration Key page

    Select a registration key to use during the registration portion of the deployment process. A registration key provides information about the folders and groups to which a device is assigned during registration. Selecting a registration key is optional; if you do not select one, registration rules are used to determine the folder and group assignments. To deploy to servers or workstations, choose a server registration key or a workstation registration key respectively.

    For more information about registration keys and rules, see Section 10.0, Registering Devices.

    Pre/Post Deployment page

    Specify commands that you want to run before and after the agent is installed on a device. For example, you can execute operating system commands, run scripts, and launch executables.

    The commands are passed to the pre-agent as part of the deployment task package. The pre-agent executes the commands in the system space, so you must specify commands that do not require user interaction.

    For more information about predeployment and post-deployment commands, click the Help button.

    When you finish the wizard, the deployment task is added to the list in the Deployment Tasks panel. You can use the panel to manage current tasks and create new tasks for deploying the ZENworks Agent to devices. The panel includes the following information for each task:

    • Name: Displays the name given to the task. If Credentials Cleared is displayed below the task name, the credentials required to perform the task on the targeted devices have been cleared from the ZENworks Server memory and must be entered again. To avoid having credentials lost when they are cleared from memory, you must store them in the ZENworks database.

    • Schedule: Displays the dates on which the task is scheduled to run.

    • Status: Displays the following status information: Scheduled, Pending, Installing, Registering, Inactive, Finished, or Error. You can mouse over certain statuses to receive more information about the status.

      If an error occurred, the error is also recorded for the target device in the Deployable Devices panel. You can click the target device in the Deployable Devices panel to receive more information about the error.