You can configure whether or not to allow users to uninstall the ZENworks Agent. In addition, you can require a password for the uninstall, define an override password to provide access to restricted administrative features in the agent, and enable self-defense to protect agent files from being removed.
The following sections explain how to configure the security settings both before the ZENworks Agent is deployed and after:
In ZENworks Control Center, click the Configuration tab.
In the Management Zone Settings panel, click Device Management, then click ZENworks Agent.
In the Agent Security panel:
Allow Users to Uninstall the ZENworks Agent: Enable this option to allow users to perform a local uninstall of the ZENworks Agent. If this option is disabled, the agent can only be uninstalled through the ZENworks Control Center.
The following settings apply only to the ZENworks 11 SP2 and newer versions of the ZENworks Agent. For older versions of the agent, use the Security Settings policy (one of the Windows Endpoint Security policies) to configure these settings.
Require an Uninstall Password for the ZENworks Agent: Enable this option to require users to enter a password in order to uninstall the ZENworks Agent. Click Change to set the password.
To avoid distributing the uninstall password to users, we recommend that you use the Password Key Generator utility to generate a key for the uninstall password. The key, which is based on the uninstall password, functions the same as the uninstall password but can be tied to a single device or user so that its use is limited.
You access the Password Key Generator utility in the Configuration Tasks list in the left navigation pane.
Enable an Override Password for the ZENworks Agent: An override password can be used in the ZENworks Agent to:
Access information about the device current location and how the location was assigned.
Access the Administrative options in the Endpoint Security Agent. These options let you disable the currently applied security policies (with the exception of the Data Encryption policy), view detailed policy information, and view agent status information.
Access the Administrative options in the Full Disk Encryption Agent. These options let you view detailed policy information, view agent status information, and perform functions such as
Uninstall the ZENworks Agent.
To enable an override password, select the check box, then click Change to set the password.
To avoid distributing the override password to users, we recommend that you use the Password Key Generator utility to generate a key for the override password. The key, which is based on the override password, functions the same as the override password but can be tied to a single device or user and can have a usage or time limit.
You access the Password Key Generator utility in the Configuration Tasks list in the left navigation pane
Enable Self Defense for the ZENworks Agent Currently, self-defense functionality protects only the ZENworks Endpoint Security Agent. It does not protect the other ZENworks Agent modules.
Self defense protects the Endpoint Security Agent from being shut down, disabled, or tampered with in any way. If a user performs any of the following activities, the device is automatically rebooted to restore the correct system configuration:
Using Windows Task Manager to terminate any Endpoint Security Agent processes.
Stopping or pausing any Endpoint Security Agent services.
Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset.
Disabling NDIS filter driver binding to adapters.
Select the check box to enable self defense.
To save the changes, click OK.
The ZENworks Agent is deployed with the features selected at the Management Zone level. After deploying the agent to a device, you can do any of the, following:
Change the agent settings configured at the Management Zone level
Override the Management Zone settings at the device folder or device level
The new settings are applied to the agent on a device refresh.
For more information on how to override and configure the settings for an existing agent, see Configuring ZENworks Agent Settings after Deployment
in the ZENworks Agent Reference.