zman (1)

Every action in zman is governed by the access limitations of the administrator. The initial Administrator account created during the initial installation has rights to all objects. Additional administrator accounts you create are granted read-only rights by default. These accounts must be explicitly granted rights to any objects they are to manage.

The zman command line interface provides help at several levels. Pipeline the help through the operating system's native more command for scrollable output.

If no folder is specified for commands that take a folder argument, the command targets the root folder. To specify a folder path, list each folder from the root separated by a forward slash (/). For example, if you have a folder named folder1 in the root, containing a subfolder named subfolder1, you would reference this folder as folder1/subfolder1. Each specified folder must already exist.

Arguments enclosed inside parentheses ( ) are mandatory and those enclosed by square brackets [ ] are optional.

An ellipsis indicates that a command accepts multiple entries of the last argument type. The arguments must be separated by space or commas, depending on the command. For example:

zman server-add-bundle [options] (server) (bundle) [...]

The ellipsis indicates that server-add-bundle can accept multiple bundles. In the command level help, the multiple entry argument help is given as [(bundle) (bundle)... (bundle)] for more clarity.

All commands that have multiple entries of the last argument also have the -f|--folder option. This option is convenient if all the entries of the argument are under the same folder. The path of the entries are calculated relative to this folder path. For example:

zman server-add-bundle server1 bundlefolder/bundle1 bundlefolder/bundle2

can also be given as:

zman server-add-bundle server bundle1 bundle2 --folder bundlefolder

If the argument required is the path of a ZENworks object, the path must be specified relative to the root folder of that object separated by a forward slash (/), unless it is specified in the command help to enter the absolute path. For example:

zman server-add-bundle serverfolder/server bundlefolder/bundle1

where the absolute paths of the arguments are:

/devices/servers/serverfolder/server and /bundles/bundlefolder/bundle1

You can use the zman commands such as bundle-export-to-file, policy-export-to-file, and settings-export-to-file to export bundles, policies, and settings definitions respectively to a specified file in the XML format. The file is created with the specified name and file extension. If the file extension is not specified, the .xml extension is added by default. You can use these files to create bundles, policies, and settings.

Starts the zman service.

Accepts the following options:

• -s or --servicePort: Specify the port for the zman server to run. The default port is 2020

Stops the zman service.

Displays the zman service status.

Imports a contract to a file. The command queues the import task to be processed by the loader. The loader then loads the contracts from the file.

The command is asynchronous, which means that zman returns immediately and does not wait for the import to be complete. This is because the command might run for a long time. You can check the progress of the import by viewing the log file created by the command.

Accepts the following option:

• -f, --filename=[File path]: Specify the full path of the comma-separated (.csv or .txt) file to be imported.

Loads a purchase record file. The Purchase Record Loader looks for the purchase record file to load on the primary server in the folder ZENWORKS_HOME/temp/PurchaseRecordImport/uploaded. If you have not yet used the Purchase Record Loader from ZENworks Control Center, you need to create this folder.

This command is asynchronous, which means zman returns immediately and does not wait for the command to complete. This is because the command may run for a long time. You can check the status of this process from ZENworks Control Center.

Runs the software compliance engine to refresh the software license compliance data.

This command is asynchronous, which means zman returns immediately and does not wait for the command to complete. This is because the command may run for a long time. You can check the status of this process from ZENworks Control Center.

Exports change and agent audit event settings to an XML file for a zone, device folder or device level.

-s, --source=<source device or device folder path>: Path of the device or device folder relative to /Devices from which settings have to be exported. If not specified, settings will be exported from the Management Zone level.

-a, --auditEventStatus=<Event status>: Event status enabled, disabled or all. Default is all.

-t, --type=<Type>: The event type can be AgentEvents, ChangeEvents or all. The default value is all.

-e, --effective: If specified, the effective settings will be retrieved, else only the settings defined or overridden at the source path will be retrieved.

(XML file path): The file into which the settings data will be stored in XML format. If the file does not exist a new file is created.

[settings name][...]: Names of the settings to be exported. If not specified, all settings will be exported. If specified, the effective settings will be retrieved, else, only the settings defined or overridden at the source path will be retrieved.

Imports change and agent audit event settings from an XML file, for a zone, device folder or device level.

(XML file path): XML file containing exported settings information. Use audit-settings-export-to-file (asetf) to export settings information into an XML file.

[destination device or device folder path][...]: Path of the device or device folder relative to /Devices on which settings have to be set. If not specified, settings will be set at the Management Zone level.

Clears the ZENworks username and password stored by using the admin-store-credential command. It is always safer and is a good practice to delete the stored credentials after you are finished executing the commands.

Creates a ZENworks administrator account.

(administrator or user) - Name of the administrator or full path of a user in a user source.

Accepts the following options:

• -f, --fullname=[full name] - Full name of the ZENworks administrator.
• -a, --assign-same-rights - Gives the new administrator the same rights as the administrator who executes this command.

The command prompts for the password of the administrator, to avoid entering the password in clear text. If the administrator account is based on a user, it uses the same credentials defined in the user source so the command does not prompt for the password.

Deletes a ZENworks administrator account.

(ZENworks administrator name) [...] - Name of the ZENworks administrator. The wildcard * can be used in the object names if it is enclosed in quotation marks. Exercise caution while using wildcards for deleting objects.

Lists all ZENworks administrator accounts.

Accepts the following options:

• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists roles assigned to a ZENworks administrator account.

Accepts the following option:

• -l, --longnames - Displays names for the rights. By default, the abbreviated form of the rights name is displayed.

Renames a ZENworks administrator account.

Deletes rights assigned to a ZENworks administrator account.

[object path] [...] - Full path of the ZENworks object, starting with a forward slash (/).

Accepts the following option:

• -c, --category=[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman admin-rights-set --help | more.

Displays rights assigned to a ZENworks administrator account.

[object path] [...] - Full path of the ZENworks object, starting with a forward slash (/).

Accepts the following options:

• -c, --category=[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman admin-rights-set --help | more.
• -e, --effective - Displays the effective rights of the administrator. Effective rights include rights inherited from roles assigned to the administrator. If this option is not specified, rights assigned directly to the administrator are displayed.
• -l, --longnames - Displays names for the rights. By default, the abbreviated form of the rights name is displayed.

Allows or denies rights for a ZENworks administrator account.

[rights category] - Name of the category under which the rights are grouped. To see the list of categories, run zman admin-rights-set --help | more.

[object path] [...] - Full path of the ZENworks object, starting with forward slash (/), on which the rights should be enforced. To view the root folders of the allowed object types for which rights can be assigned within each rights category, run zman admin-rights-modify --help | more.

Accepts the following options:

• -a, --allow=[right][...] - A comma-separated list of long or short names of the rights to be allowed. To view the rights for each category, run zman admin-rights-set --help | more.
• -A, --allow-all - Allows all rights of the Rights category.
• -d, --deny=[right][...] - A comma-separated list of long or short names of the rights to be denied. To view the rights of each category, run zman admin-rights-set --help | more.
• -D, --deny-all - Denies all rights of the Rights category.
• -f, --folder=[folder name] - Full path of a folder. If specified, the path of the objects is determined relative to this folder. This can be used to specify multiple objects under the same folder.
• -H, --help - Displays detailed help about the categories of rights available, and the long and short form of rights names within each category. If a category name is specified, help is provided for that category.

Stores the ZENworks username and password for use with every command so credentials need not be entered for every command. The credentials are stored on the home directory of the logged-in user and are used only for that logged-in user. In Linux, ensure that the user has a home directory. If you share the same machine login with other ZENworks administrators, you must clear your credentials by using the admin-clear-credential command after you are finished executing commands.

Performs effective assignment computation for all managed devices in the zone.

Computes the bundle assignments status for all managed devices in the zone.

Executes zman commands from text files in a batch (not to be confused with Windows batch files).

(file path) [...] - The path of the text files containing zman commands to be executed. Lines starting with #, rem, REM, ; and // are considered as comments, and are not processed. For a sample file, refer to BatchExecuteCommands.txt located in:

Accepts the following option:

• -e, --exit-on-failure - Stops executing the commands and exits if a command fails partially or totally. A command is said to partially fail for commands that take multiple arguments when the processing of one or more of the arguments was not successful. For example, for bundle-delete, the command is said to partially fail if one of the arguments could not be found or deleted. By default, the commands in the file are executed continuously without checking for failure.

Examples:

Adds actions to a bundle.

(action XML file) [...] - The XML files that contain information for actions to be added. The actions are grouped under one of these action sets: Distribution, Install, Launch, Verify, Uninstall, Terminate. The XML file contains an ActionSet element that contains information of actions to be added for an action set. Multiple XML files can be given as input to add actions to different action sets of the bundle. The XML files can be created by exporting actions of an existing bundle using the bundle-export-actions command.

Accepts the following option:

• -a, --actioninfo=[content and dependency for actions] - XML file containing content and bundle dependency information for actions that have file content or dependency on another bundle. For example, for Install MSI Action, the MSI file to be installed is the file content. Install Bundle Action takes another bundle as dependency so this data also needs to be specified for proper functioning of these actions. For the XML format template, refer to ActionInfo.xml located in:
• On Windows: %ZENSERVER_HOME%\Micro Focus\Zenworks\share\zman\samples\bundles
• On Linux: /opt/microfocus/zenworks/share/zman/samples/bundles

Assigns a bundle or bundle group to one or more device or user objects.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to the root folder of the device or user type specified.

Accepts the following options:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.
• -I, --icon-location=[application location XML file] - XML file that contains the locations to place the icon for the bundle application. For the XML file format, refer to IconLocation.xml located in:
• On Windows: %ZENSERVER_HOME%\micro focus\zenworks\share\zman\samples\bundles
• On Linux: /opt/microfocus/zenworks/share/zman/samples/bundles
• -d, --distribution-schedule=[distribution schedule XML file] - XML file that contains the distribution schedule.
• -l, --launch-schedule=[launch schedule XML file] - XML file that contains the launch schedule.
• -a, --availability-schedule=[availability schedule XML file] - XML file that contains the availability schedule. For the schedule XML file templates, refer to the XML files located in:
• On Windows: %ZENSERVER_HOME%\Micro Focus\Zenworks\share\zman\samples\ schedules
• On Linux: /opt/microfocus/zenworks/share/zman/samples/schedules
• -i, --install-immediately - Installs the bundle immediately after distribution. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -L, --launch-immediately - Launches the bundle immediately after installation. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -n, --distribute-now - Sets the distribution schedule to distribute the bundle immediately. If this option is specified, the --distribution-schedule and --distribute-on-device-refresh options are ignored. The --distribute-now, --distribute-on-device-refresh, and --distribution-schedule options are mutually exclusive and are used to set the distribution schedule. The --distribute-now option is considered first, followed by --distribute-on-device-refresh and --distribution-schedule.
• -r, --distribute-on-device-refresh - Sets the distribution schedule to distribute the bundle on device refresh. If this option is specified, the --distribution-schedule option is ignored.
• -s, --launch-on-device-refresh - Sets the launch schedule to launch the bundle on device refresh. If this option is specified, the --launch-schedule option is ignored.
• -w, --wakeup-device-on-distribution - Wakes up the device by using Wake-On-LAN if it is shut down while distributing the bundle. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -B, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -S, --server=[Path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the device(s). This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -T, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.
• -N, --app-installation-now-schedule - Sets the app installation schedule to install the bundle immediately. If this option is specified, the -app-installation-schedule option is ignored.
• -M –app-installation-schedule=<app installation schedule XML file> - A XML file includes the installation schedule. For more information on the schedule template, see:
• On Windows: %ZENSERVER_HOME%\Micro Focus\ZENworks\share\zman\samples\schedules
• On Linux: /opt/microfocus/zenworks/share/zman/samples/schedule
• -c, --conflicts=[bundle conflict resolution order] - Determines how bundle conflicts are resolved.
• Valid values are userprecedence or 1, deviceprecedence or 2. For userprecedence, user-associated bundles are applied first, followed by device-associated bundles. For deviceprecedence, device-associated bundles are applied first, followed by user-associated bundles. If this option is not specified, userprecedence is taken as the default value.

Copies a bundle to a desired destination folder.

Accepts the following options:

• -d, --desc=[description] - Description for the bundle.
• -i, --icon-file=[bundle icon file] - The path of the image file containing the image that should be used as the bundle icon. If this option is not specified, the contents of the subfolders are not listed.

Examples:

To create a copy of the source bundle in the destination folder:

zman bcp bundle1 bundle2 bundlefolder

To create a copy of the source bundle in the root folder /Bundles:

zman bcp bundle1 bundle2 /

To create a copy of the source bundle in the same folder as source bundle:

zman bcp bundle1 bundle2

Creates a new bundle.

(bundle XML file) - XML file containing exported bundle information. Use bundle-export-to-file (betf) to export an existing bundle's information into an XML file. If you want to reuse files, template XML files can be created from bundles that were created through ZENworks Control Center. For a sample XML file, refer to WindowsMSIBundle.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\bundles on a Windows server.

Accepts the following options:

• -d, --desc=[description] - Description for the bundle.
• -a, --actioninfo=[content and dependency for actions] - XML file containing content and bundle dependency information for actions that have file content or dependency on another bundle. For example, for Install MSI Action, the MSI file to be installed is the file content. Install Bundle Action takes another bundle as a dependency. This data also needs to be specified for proper functioning of these actions. For the XML format template, refer to ActionInfo.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ bundles on a Windows server.
• -i, --icon-file=[bundle icon file] - The path of the image file containing the image that should be used as the bundle icon.
• -s, --create-as-sandbox=[create as sandbox] - Creates the bundle as a sandbox.
• -x, --actions-as-in-xml - Creates default actions for the new bundle as found in the template XML file. For example if you delete Verify Install default action (for the Verify action type) from the bundle and export the bundle information into an XML file, all default actions found in the XML file excluding the Verify Install default action will be created for the new bundle. If you do not specify this option, a bundle will be created with all the default actions including the Verify Install default action which is not found in the XML file.
• -n, --create-with-new-guid - Creates the policy object with the new GUID. If the option is not specified, it will validate the policy objects for imported GUID in the policy XML file. If the imported GUID does not exists, a new GUID will be created, else the imported GUID will be retained.

Deletes one or more bundle objects.

(bundle object path) [...] - The path of the bundle objects (bundle, bundle folder or bundle group) relative to /Bundles. The wildcard * can be used in the object names if it is enclosed in quotation marks. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Deletes one or more versions of the bundle.

[bundle version number] [...] - Version of the bundle to delete.

Accepts the following option:

• -a --all - Deletes all the older versions of the bundle.
• -p, --previous - Deletes all the versions of the bundle older than the specified version.

Examples:

To delete the version 5 of the bundle, zenbundle:

zman bdv zenbundle 5

To delete all the versions of the bundle, zenbundle:

zman bdv zenbundle -a

To delete all the versions of the bundle, zenbundle, that are older than the version 3:

zman bdv zenbundle version -p 3

Disables bundles.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Enables bundles.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Exports the actions added to a bundle's action set to a file. The file can be used as input to the bundle-add-actions command.

(action set type) - The type of the action set. If this option is specified, the actions for only this action set are listed. Valid values are Install, Launch, Verify, Uninstall, Terminate, and Preboot.

[action's positions] [...] - A comma-separated list of position of actions in the action set. The first action is at position 1. Use the bundle-list-actions command to see the position of a particular action in an action set. This is optional, but if it is not specified, all the actions in the specified action set are exported.

Exports a bundle's information (in XML format) to a file and also exports bundle icon to the <parent folder of bundle xml>/Icon/image.ext file. The XML file is to be used as input for creating bundles.

(XML file path) - The complete path of the XML file to which the bundle’s information is to be exported.

[version of the bundle] - Version of the bundle to be exported. If this option is not specified, the published version of the bundle is considered. To export a sandbox version of the bundle, specify sandbox.

[-c|--export-content] - Exports the content of the bundle to a sub directory within the directory containing the XML file to which the bundle’s information is exported. If the option is not specified, the bundle content is not exported.

Examples:

To export the sandbox version of a bundle named zenbundle to an xml file named bundle.xml:

zman betf bundlefolder/zenbundle C:\bundles\bundle.xml sandbox

To export the version 3 of a bundle named zenbundle to an xml file named bundle.xml:

zman betf bundlefolder/zenbundle C:\bundles\bundle.xml 3

To export the version 5 of a bundle named zenbundle to an xml file named bundle.xml and export the bundle’s content to the C:\bundles\bundle_content directory:

zman betf bundlefolder/zenbundle C:\bundles\bundle.xml 5 -c

Creates a new folder for containing bundles.

Accepts the following option:

• --desc=[description] - Description for the folder.

Adds bundles to a bundle group.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Creates a bundle group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[bundle path][...] - The path of the bundles relative to /Bundles.
• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Lists members of a bundle group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Removes bundles from a bundle group.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Increments the version of bundles. This command is applicable for versions prior to ZENworks 11 SP 1. In ZENworks 11 SP 1or higher, this command is replaced by the bundle-sandbox-publish (bsp) command

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Lists bundles objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists actions added to a bundle.

[action set type] - The type of the action set. If this option is specified, the actions for only this action set are listed. Valid values are Install, Launch, Verify, Uninstall, Terminate, and Preboot.

Lists the device and user assignments for a bundle.

Accepts the following options:

-t, --typefilter=[assignment type] - Filters on the assignment type. Valid values are device and user.

-s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the bundle groups of which the given bundle is a member.

Accepts the following options:

-s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Examples:

To list all the bundle groups that bundle1 belongs to with five results displayed at a time:

zman blg bundlefolder/bundle1 -s 5

Lists all the versions of the bundle.

Examples:

To list all the versions of the bundle, zenbundle:

zman blv zenbundle

Moves a bundle object to a different folder.

(bundle object path): Path of the bundle object (bundle, bundle folder or bundle group) relative to /Bundles

[destination folder path] Path of the bundle folder to which the bundle object is to be moved relative to /Bundles.

Removes actions from a bundle.

(action set type) - The type of the action set that contains the action. Valid values are Install, Launch, Verify, Uninstall, Terminate, and Preboot.

[action's positions] [...] - A comma-separated list of position of actions in the action set. The first action is at position 1. Use the bundle-list-actions command to see the position of a particular action in an action set. This is optional, but if it is not specified, all the actions in the specified action set are removed.

Renames a bundle object.

(bundle object path): Path of the bundle object (bundle, bundle folder or bundle group) relative to /Bundles.

(new name): New name to be given to the bundle object.

• -p, --publish =[publish] - If this option is specified and the display name of the bundle is edited, the bundle is immediately published. However, if the current display name of the bundle is different from the existing bundle name or if a sandbox already exists for the bundle, specifying this option will have no effect.

Relocates actions from the Source action set type to the Target action set type of a bundle.

• (bundle path) - path of the bundle, relative to /Bundles
• (action set type) - Type of action set that contains the source action. Valid values are Install, Launch, Verify, Uninstall, Terminate and Preboot.
• [Target action set type] - Type of action set that contains the target action. Valid values are Install, Launch, Verify, Uninstall, Terminate and Preboot.
• [action's positions]- A comma separated list of the position of each action in the action set. The first action is at position 1. Use bundle-list-actions command to identify the position of a particular action in the action set. This is optional and if not specified, all the actions in the specified action set are relocated.
• Examples:
• To relocate all actions from the Launch action set to the Install action set of a bundle: zman brla bundlefolder/bundle1 Launch Install
• To relocate the first three actions from the Install action set to the Launch action set of a bundle: zman brla bundle1 Install Launch 1,2,3

Reorders actions in the action set of a bundle.

(action set type) - The type of the action set that contains the action. Valid values are Install, Launch, Verify, Uninstall, Terminate, and Preboot.

(current position) - The current position of the action in the action set. The first action is at position 1.

(new position) - The new position to which the action is to be moved. The first action is at position 1.

Creates a sandbox from an existing version of a bundle

[version of the bundle] - Specify the version of the bundle to be used for creating the sandbox.

Accepts the following option:

• -f, --force =[force] - Overwrites any existing sandbox.

Example:

To create a sandbox from the version 2 of a bundle, zenbundle:

zman bsc zenbundle2

Publishes a sandbox to create a published version.

Accepts the following options:

• -f, --force =[force] - If a primary bundle has dependent child bundles with the sandbox only version, you must specify this option to publish the changes made both to the primary and the dependent bundles. If you do not specify this option, the publish of the primary bundle also fails.

• -c, --allChild =[all children] - If a primary bundle has dependent child bundles with the sandbox version, you can specify this option to publish the changes made both to the primary and the dependent child bundles.

• -i, --incAllParent =[increment all parents] - If a primary bundle has parent bundles, you can specify this option to increment the version of the parent bundle to apply the newly published changes made to the primary bundle to the devices that are assigned to the parent bundles.

• -p, --forceParent =[force parent] - If a primary bundle has parent bundles and you choose to increment the version of the parent bundle, then you must specify this option to publish any of the parent bundles which already have a sandbox version.

Examples:

To publish the sandbox version of a bundle, zenbundle:

zman bsp zenbundle

To publish the sandbox version of a bundle named zenbundle1 along with all its dependent bundles:

zman bsp zenbundle1 -f -c

Publishes a sandbox to a new bundle.

Accepts the following option:

• -s, --createAsSandbox =[create as sandbox] - Create the bundle as a sandbox.

• -g, --groups - Adds the newly created bundle to all the groups which the primary bundle is member of.

• -d, --deviceAssignments - Copies all the device assignments from the primary bundle to the new bundle.

• -u, --userAssignments - Copies all the user assignments from the primary bundle to the new bundle.

• -f, --force =[force] - If a primary bundle has dependent child bundles with the sandbox only version, you must specify this option to publish the changes made both to the primary and the dependent bundles. If you do not specify this option, the publish of the primary bundle also fails.

• -c, --allChild =[all children] - If a primary bundle has dependent child bundles with the sandbox version, you can specify this option to publish the changes made both to the primary and the dependent child bundles.

• -i, --incAllParent =[increment all parents] - If a primary bundle has parent bundles, you can specify this option to increment the version of the parent bundle to apply the newly published changes made to the primary bundle to the devices that are assigned to the parent bundles.

• -p, --forceParent =[force parent] - If a primary bundle has parent bundles and you choose to increment the version of the parent bundle, then you must specify this option to publish any of the parent bundles which already have a sandbox version.

• -n, --depsToNewFolder =[publish depends bundles to new folder] -Path of the bundle folder in which the dependent bundles are published as new bundles. This folder should not contain any of the dependent bundles selected to be published because the new bundle is published with the same name as the original dependent bundle.

Examples:

To publish the sandbox version of a bundle named zenbundle1 as a new bundle named zenbundle2:

zman bsptn zenbundle1 zenbundle2 /Bundles/Folder1

To publish the sandbox version of a bundle named zenbundle1 as a new bundle named zenbundle2 and publish the dependent bundles of zenbundle1 as new bundles:

zman bsptn zenbundle1 zenbundle2 /Bundles/Folder1 --depsToNewFolder=/Bundles/Folder2

Deletes the sandbox and reverts to the latest version of the bundle.

Example:

To delete the sandbox of a bundle, zenbundle and revert to the latest version of the bundle:

zman bsr zenbundle

Unassigns a bundle or bundle group from one or more device or user objects.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to the root folder of the device or user type specified.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Updates the assignment between a bundle or bundle group and device or user objects.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to the root folder of the device or user type specified.

Accepts the following options:

• -f, --folder=[device or user folder] - The path of the device or user folder relative to the respective root folder. If this option is specified, the path of the device or user objects is determined relative to this folder. This can be used to specify multiple device or user objects with the same folder.
• -I, --icon-location=[application location XML file] - XML file that contains the locations to place the icon for the bundle application. For the XML file format, refer to IconLocation.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ bundles on a Windows server.
• -d, --distribution-schedule=[distribution schedule XML or NoSchedule] - XML file that contains the distribution schedule or NoSchedule if the schedule must be removed.
• -l, --launch-schedule=[launch schedule XML file or NoSchedule] - XML file that contains the launch schedule or NoSchedule if the schedule must be removed.
• -a, --availability-schedule=[availability schedule XML file or NoSchedule] - XML file that contains the availability schedule or NoSchedule if the schedule must be removed. For the schedule XML file templates, refer to the XML files located in /opt/microfocus/zenworks/share/zman/samples/schedules on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ schedules on a Windows server.
• -i, --install-immediately=[yes or no] - Install the bundle immediately after distribution, or remove the same option set during bundle assignment. Valid values are true or yes, and false or no.
• -L, --launch-immediately=[yes or no] - Launch the bundle immediately after installation, or remove the same option set during bundle assignment. Valid values are true or yes, and false or no.
• -n, --distribute-now=[yes or no] - Sets the distribution schedule to distribute the bundle immediately. If this option is specified, the --distribution-schedule and --distribute-on-device-refresh options are ignored. The --distribute-now, --distribute-on-device-refresh, and --distribution-schedule options are mutually exclusive and are used to set the distribution schedule. The --distribute-now option is considered first, followed by --distribute-on-device-refresh and --distribution-schedule.
• -r, --distribute-on-device-refresh=[yes or no] - Sets the distribution schedule to distribute the bundle on device refresh, or removes the same option set during bundle assignment. Valid values are true or yes, and false or no. If this option has the value true or yes, the --distribution-schedule option is ignored and any previously set distribution schedule is overwritten.
• -s, --launch-on-device-refresh=[yes or no] - Sets the launch schedule to launch the bundle on device refresh. If this option is specified, the --launch-schedule option is ignored.
• -w, --wakeup-device-on-distribution=[yes or no] - Wakes up the device by using Wake-On-LAN if it is shut down while distributing the bundle, or removes the same option set during bundle assignment. Valid values are true or yes, and false or no.
• -B, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -S, --server=[Path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the devices. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -T, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.
• -M --app-installation-schedule=<app installation schedule XML file> - A XML file includes the installation schedule.
• -c, --conflicts=[bundle conflict resolution order] - Determines how bundle conflicts are resolved.
• Valid values are userprecedence or 1, deviceprecedence or 2. For userprecedence, user-associated bundles are applied first, followed by device-associated bundles. For deviceprecedence, device-associated bundles are applied first, followed by user-associated bundles. If this option is not specified, userprecedence is taken as the default value.

Displays advanced deployment status of a bundle.

Accepts the following options:

• -d, --device=[device path] - Displays the deployment status only for the specified device. The path of the device is relative to /Devices.
• -u, --user=[user path] - Displays the deployment status only for the specified user. The path of the user is relative to /Users. If device is also specified, status details for the specified user logged into the specified device are displayed.
• -n, --namefilter=[target device name] - Filters on the name of the device. Displays options matching the specified filter. The wildcards * and ? can be used if they are enclosed in quotations.
• --statusfilter=[status type][...] - Filters on the status of Bundle Distribution and Install Events. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -t, --typefilter=[target device or user type][...] - Filters on the type of the target. Valid values are server, workstation, and user. A comma-separated list of target type can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

-v, --version [value]

Following are the valid values:

-c, --status-calculation [value]

The default value is version.

Displays the deployment schedules for a bundle assigned to a device or user object.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to which the bundle group is assigned.

Displays a summary of the deployment status of a particular bundle.

Accepts the following options:

-v, --version [value]

Following are the valid values:

-c, --status-calculation [value]

The default value is version.

Creates an XML file to export package metadata. Use the baa command to add the exported content to the server.

• (Action Type) - Specify the action for which you want to create the XML file. The supported action types are Install RPM and Distribute RPM.
• (Action XML File path) - Location of the generated Action Definition XML file.
• (Content Files location Path) - Location of the RPM content files on the local machine.

Accepts the following option:

• -t, --target - Specify a valid linux distribution target for packages.

Queues a loader action that will calculate and cache application data for bundles, and waits until the action is fully executed. The cached data will be used to prepare web service responses and enhance performance.

Copies settings.

(source bundle or bundle folder path) - The path of the bundle or bundle folder relative to /Bundles from which settings have to be copied.

(destination bundle or bundle folder path) [...] - The path of the bundles or bundle folders relative to /Bundles to which settings must be copied.

Accepts the following option:

• -n, --names=[settings name][...] - Names of the settings to be copied from the source path. If this option is not specified, all settings defined at the source path are copied.

Exports settings data (in XML format) to a file. The XML file is to be used as input for creating or modifying settings.

(XML file path) - The file into which the settings data is stored in XML format. If the file does not exist, a new file is created.

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

Accepts the following options:

• -s, --source=[source bundle or bundle folder path] - The path of the bundle or bundle folder relative to /Bundles from which settings must be exported. If this option is not specified, settings are exported from the Zone.
• -e, --effective - If specified, the effective settings are retrieved; otherwise, only the settings defined or overridden at the source path are retrieved.

Reverts the settings to that of the parent folder.

(source bundle or bundle folder path) - The path of the bundle or bundle folder relative to /Bundles, whose settings must be reverted.

Sets settings at various levels.

(XML file path) - XML file containing exported settings information. Use settings-export-to-file (setf) to export settings information into a XML file.

Accepts the following options:

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

• -f, --force - Forces all children (subfolders and individual bundles) to inherit these settings.
• (zml file path): XML file containing exported settings information. Use bundle-setting-export-to-file (bsetf) to export settings information into a XML file.
• (Destination bundle or bundle folder path): Path of the bundle or bundle folder relative to /Bundle on which settings have to be set. If not specified, settings will be set at the Management Zone level.

Exports the key-pair credentials of the zone certificate authority to a file, and optionally disables the Certificate Authority role of the local server.

Accepts the following option:

• -d, --disable-CA-role - Removes the Certificate Authority role of the local server.

Imports the key-pair credentials of the zone certificate authority from a file and enables the Certificate Authority role on the local server.

Disables the Certificate Authority role on the local server.

Enables the Certificate Authority role on the local server.

Displays the server that has the Certificate Authority role.

Creates credentials.

Accepts the following options:

• -u, [--userName=username] - The user name to access the resource.
• [--userPassword=Password] - The password used to access the resource.
• -d, --desc - A description of the credential.

Deletes credentials.

Creates a new folder for containing credentials.

Accepts the following option:

• --desc=[description] - Description for the folder.

Lists credentials.

Moves a credential.

Renames credentials.

Creates credentials.

Accepts the following options:

• -u, --user - The username to access the resource.
• --password - The password used to access the resource.
• -d, --desc - A description of the credential.

Creates a pending entry for missing content in the database, for a given server GUID or path.

Accepts the following arguments:

Example: zman ccpe ce979ba8949c19fd4a2fe50aaad98470

Where ce979ba8949c19fd4a2fe50aaad98470 is the server GUID.

Triggers the content cleanup action, which removes unreferenced content from the database.

Retrieves the Assignable Content Object (ACO) names for a given content GUID.

Bundles, Policies and System update objects are referred as ACO.

Accepts the following arguments:

Retrieves the content GUIDs for the specified ACO path.

Accepts the following arguments:

zman cnfa /Bundles/bundle1 -v 1

Where Bundle1 is the name and 1 is the version number of the bundle.

zman cnfa /Bundles/bundle1 -v sandbox

Where Bundle1 is the name and sandbox is the version of the bundle.

zman cnfa /Policies/policy1

Retrieves the credentials used to connect to the Audit Embedded PostgreSQL database and Embedded PostgreSQL database.

Retrieves the credentials used to connect to the Antimalware Embedded PostgreSQL database.

Retrieves the super user credentials used to connect to the Embedded PostgreSQL database.

Backs up the embedded PostgreSQL database or the network locations where the database files are backed up.

Aborts the deployment task.

Creates a deployment task to deploy the ZENworks Agent to devices by using the IP address or DNS name.

(user credential file) - The path of the file containing the credentials to connect to the device. Each line in the file should have a username and password separated by a space. For example, administrator password.

Accepts the following options:

• -f, --file=[IP address file][...] - A comma-separated list of file paths containing the IP addresses or DNS names of devices to which the ZENworks Agent should be deployed. The file can contain a list of IP addresses or DNS names of devices in comma-separated-value (CSV) format, or one IP address or DNS name on each line.
• -s, --schedule=[launch schedule XML file] - XML file that contains the launch schedule. For the schedule XML file templates, refer to the XML files located in /opt/microfocus/zenworks/share/zman/samples/scheduleson a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ schedules on a Windows server. If the schedule file or the --run-now option is not specified, the task is not scheduled to run.
• -r, --run-now - Schedules the deployment task to run immediately after creation.
• -b, --reboot=[Reboot option] - Indicates when the device must be rebooted after deploying the agent. Valid values are immediate and manual.
• -d, --desc=[description] - Description for the deployment task.
• -p, --proxy=[Windows Proxy] - The path of a Windows device relative to /Devices. In order to deploy management agents to Microsoft Windows devices from a Linux Primary Server, a managed device running Microsoft Windows is needed. Ignore this option if you are running the deployment task from a Windows Primary Server.
• -t, --timeout=[Time out] - The number of seconds you want the Primary Server to wait for a response from the Windows Proxy.
• -k, --key=[Registration key] - Registration key for registering the device.

Deletes the deployment task.

Lists the deployment tasks and the status.

Accepts the following options:

• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotations marks.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Schedules the specified deployment task to run immediately. The task should have the credentials saved in the data store.

Lists the discovered devices.

Accepts the following options:

• -n, --nameFilter=[filter string] - Displays the devices matching the specified filter. The wildcard * can be used if it is enclosed in quotations.
• -t, --typefilter=[type filter] - Displays options matching the specified type. Valid values are server, workstation, printer, network, thinclient, other, unknown, and deployable. If this option is not specified, all types of devices are displayed.
• -o, --osfilter=[operating system] - Displays devices having the specified OS installed. Valid values are other, win9x, winnt, wince, win2k, win2k3, winxp, nw6, nw6_5, nwoes, suse, sles, nld, rh_es, and rh_as. If this option is not specified, all devices are displayed.
• -m, --management-status=[management status] - Displays devices having the specified status. Valid values are discovered, inventoried, managed, and retired. If this option is not specified, all types of devices are displayed regardless of their status.
• --modefilter=[discovery mode] - Displays the devices discovered by using the specific discovery mode. Valid values are IP, LDAP, csvimport, ZENworks-migration, and ZAM-migration. If this option is not specified, all devices are displayed.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the discovery tasks and the status.

Accepts the following options:

• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Executes the specified discovery task immediately.

Lists the dynamic groups.

Accepts the following options:

• (device type) - Valid values are server and workstation.
• [folder] - Lists the content of the specified folder. If it is not specified, the content of the root folder is displayed.
• [-n|--namefilter=filter string] - Displays the results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• [-s|--scrollsize=scroll size] - Number of results to be displayed at a time.
• [-r|--recursive] - Lists the results recursively, including subfolders. If it is not specified, the contents of subfolders are not listed.
• [-c|--count] - Displays the count of the results.

Lists the members of the specified dynamic group.

Accepts the following options:

• (device type) - Valid values are server and workstation.
• (dynamic group name) - Name of the dynamic group.
• [path of the dynamic group folder] - The path of the dynamic group. You can specify either the complete path or the relative path of the root folder.
• [-s|--scrollsize=scroll size] - Number of results to be displayed at a time.

Recalculates the membership in the dynamic group based on the criteria established for the group.

Accepts the following options:

• (device type) - Valid values are server and workstation.
• (dynamic group name) - Name of the dynamic group. You can list multiple groups.
• [-f|--folder=folder name including path of the dynamic group folder] - Dynamic group folder’s name, including its full path.
• [-a|--all] - Refresh all existing dynamic groups.

Lists the filters for the specified dynamic group.

(path of the dynamic group folder) - Path of the dynamic group. You can either specify the complete path or the relative path of the root folder

Exports a security policy's information to an encrypted XML policy file. The XML policy file can be used to import the policy to the same Management Zone or a different Management Zone.

NOTE: To import a policy, you must also supply the zone’s security policy encryption key (KMK) so that the encrypted XML policy file can be decrypted. Use the esmpolicy-export-kmk-to-file command to create the key file.

(policy path) - The path (including the filename) of the policy object relative to the Policies root folder. For example, FWpolicy1 or ESMpolicies/DEpolicy4.

(XML policy file path) - The path (including the filename) where you want to save the XML policy file. If you specify a filename only, the file is saved to the current directory. For example, firewallpolicy.xml or c:\firewallpolicy.xml.

Examples:

zman epetf FWPolicy1 c:\FWpolicy1.xml

zman epetf ESMpolicies/DEpolicy4 DEpolicy4.xml

Exports the Management Zone’s security policy encryption key (KMK) to a file. The key file is required to decrypt an XML policy file (that was exported from a policy in the zone) when importing the policy with the esmpolicy-import command.

(policy encryption key file path) - The path (including filename) where you want to save the security policy encryption key (KMK) file. If you specify a filename only, the file is saved to the current directory. Use any supported filename for the file. The extension is not important; you can use any extension or no extension. For example, KMK.txt, key.xml, KMK, and decryption.file are all valid filenames.

Examples:

zman epektf c:\key.txt

zman epektf EncryptionKey.xml

Imports a security policy from an encrypted XML file created by the esmpolicy-export-to-file command.

(policy name) - The name to assign to the policy object.

(policy encryption key file path) - The full path (including filename) of the security policy encryption key (KMK) file for the Management Zone from which the policy was exported. This file is required to decrypt the encrypted XML file. If the key file is in the current directory, specify the filename only.

(XML policy file path) - The full path (including filename) of the encrypted XML policy file. If the file is in the current directory, specify the filename only.

[parent folder] - The Policies folder in which to create the policy object. If you want to create the object in the root folder, ignore this option.

Examples:

zman epi FWPolicy c:\key.txt c:\FWpolicy.xml

zman epi DEPolicy key.txt encryptionpolicy.xml esmpolicies/encryption

Purges effective policy report records from the ZENworks database. The following options can be used to target report records for specific devices or for specific time periods.

[(device path) (device path) ... (device path)]: To purge the effective policy report records for specific devices, specify the full path for each device. Ignore this option to purge reports for all devices.

This command accepts the following options:

[-b|--begin-date=yyyy-MM-dd HH:mm:ss]: To purge effective policy report records starting with a specific date, specify the begin date. All records with a timestamp on or after the begin date are purged. Use this option with the end-date option to designate a specific time period.

[-e|--end-date=yyyy=MM-dd HH:mm:ss]: To purge effective policy report records up to a specific date, specify the end date. All records with a timestamp on or before the end date are purged. Use this option with the begin-date option to designate a specific time period.

[-u|--unregisteredDevices]: Purge effective policy report records for devices that are no longer registered in the zone but that still have report data in the ZENworks database.

Examples:

zman epep /Devices/Workstations/device1

zman epep /Devices/Workstations/device1 -b "2010-10-10 10:10:10" -e "2010-12-31 24:00:00"

zman epep -u

Purges emergency recovery information (ERI) records from the ZENworks database. The following options can be used to target records for specific devices or for specific time periods.

[(device path) (device path)... (device path)]: To purge the ERI records for specific devices, specify the full path for each device. Ignore this option to purge records for all devices.

[-b|--begin-date=yyyy-MM-dd HH:mm:ss]: To purge ERI records starting with a specific date, specify the begin date. All records with a timestamp on or after the begin date are purged. Use this option with the end-date option to designate a specific time period.

[-e|--end-date=yyyy=MM-dd HH:mm:ss]: To purge ERI records up to a specific date, specify the end date. All records with a timestamp on or before the end date are purged. Use this option with the begin-date option to designate a specific time period.

[-u|--unregisteredDevices]: Purge ERI records for devices that are no longer registered in the zone but that still have ERI records in the ZENworks database.

Examples:

zman fpe /Devices/Workstations/device1

zman fpe /Devices/Workstations/device1 -b "2010-10-10 10:10:10" -e "2010-12-31 24:00:00"

zman fpe -u

Exports a full disk encryption policy's information to an encrypted XML policy file. The XML policy file can be used to import the policy to the same Management Zone or a different Management Zone.

NOTE: To import a policy, you must also supply the zone’s full disk encryption policy encryption key (KMK) so that the encrypted XML policy file can be decrypted. Use the fdepolicy-export-kmk-to-file command to create the key file.

(policy path) - The path (including the filename) of the policy object relative to the Policies root folder. For example, FDEpolicies/FDEpolicy4.

(XML policy file path) - The path (including the filename) where you want to save the XML policy file. If you specify a filename only, the file is saved to the current directory. For example, FDEpolicy.xml.

Example:

zman fpetf FDEPolicy1 c:\FDEpolicy1.xml

Imports a full disk encryption policy from an encrypted XML file created by the fdepolicy-export-to-file command.

(policy name) - The name to assign to the policy object.

(policy encryption key file path) - The full path (including filename) of the full disk encryption policy encryption key (KMK) file for the Management Zone from which the policy was exported. This file is required to decrypt the encrypted XML file. If the key file is in the current directory, specify the filename only.

(XML policy file path) - The full path (including filename) of the encrypted XML policy file. If the file is in the current directory, specify the filename only.

[parent folder] - The Policies folder in which to create the policy object. If you want to create the object in the root folder, ignore this option.

Example:

zman fpi FDEPolicy c:\key.txt c:\FDEpolicy.xml

Exports the Management Zone’s full disk encryption policy encryption key (KMK) to a file. The key file is required to decrypt an XML policy file (that was exported from a policy in the zone) when importing the policy with the fdepolicy-import command.

(policy encryption key file path) - The path (including filename) where you want to save the full disk encryption policy encryption key (KMK) file. If you specify a filename only, the file is saved to the current directory. Use any supported filename for the file. The extension is not important; you can use any extension or no extension. For example, KMK.txt, key.xml, KMK, and decryption.file are all valid filenames.

Examples:

zman fpektf c:\key.txt

zman fpektf EncryptionKey.xml

This command enables the iPadOS platform in the zone. On enabling this platform:

Lists devices that have unacknowledged warnings or errors.

Accepts the following options:

• -c, --count - Displays only the count of the hotlist items.
• -t, --type=[error type] - Filters on the error type of hotlist items. Valid values are Noncompliant, Critical, and Warning.
• -o, --operator=[comparison operator] - If specified, this operator is used in error-count-based filtering. Valid values are >, >=, =, <, and <=. Enclose the operators in double quotation marks so that > and < are not considered by the system as redirection operators.
• -e, --errorcount=[erorr count] - Filter by the count of the error type specified. If the comparison operator is not specified, the >= is used by default. If error type is not specified, the count is taken as the sum of noncompliant, critical and warning errors.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time. Warning or errors can be acknowledged by using the messages-acknowledge command. When all warnings or errors for a device are acknowledged the messages no longer appear on the hotlist.
• Example: To view devices in hotlist that have more than 5 critical errors:
• zman hlv --type critical --operator ">" --error-count 5

Prints the ZENworks Root Certificate hash.

Creates or imports the Intel AMT Provisioning or Management Certificate in the .DER format on every Primary Server that is used as an iAMT Provisioning or Management Server.

Accepts the following options if you are importing an external certificate:

• -p, --certpath - Specify the path of the Intel AMT Provisioning / Management Certificate that is signed by the External CA. The certificate should be in the .DER format

For example, to import an external certificate, run the following command:

zman icmc --certpath C:\Certificate.DER

Creates the Certificate Request for the Intel AMT Provisioning / Management Server or the AMT device in an External CA environment.

• isCA - The valid values are True or False. If true, the Certificate Request generates the certificate for the Intel AMT Management Zone.
• Type - Valid values are mgmt or device. The Certificate Request is created for the Management Zone or for specific devices in the Management Zone.

Accepts the following options:

• -c, --country=[country name] - Specify the name of the country.
• -s, --state=[state name] - Specify the name of the state.
• -o, --organization=[organization name] - Specify the name of the organization.
• -u, --orgunit=[Organization Unit] - Specify the organization unit.
• -n, --commonname=[Common name] - Specify the common name of the certificate.
• -d, --destination-folder=[Destination Folder]: Specify the path of the destination folder where you want to copy the Certificate Signing Request file.

Clears the Intel AMT Provisioning / Management Certificate.

Imports the External CA or its subordinate CA on the server.

• [isclear] - The valid values are True or False. If true, the imported External CA or its subordinate CA is deleted.

Accepts the following options if you are importing an External CA or its subordinate CA:

• -i, --inform - Specifies whether the certificate format is PEM or DER.

• -p, --cacertpath - Specifies the certificate path.

Applies the latest preboot bundle that is directly assigned to the selected device. If there are no direct assignments available, this command applies the first preboot bundle that belongs to the inherited assignments of the selected device. The bundle is applied next time when the device checks for preboot work.

Accepts the following options:

• (Device type) - Valid values are server and workstation.
• (Device name) - Name of the server or workstation object.

For example, to apply the assigned Imaging bundle to a server with the name server1, run the following command:

zman iaaib server server1

If the device object is located within a folder, use the following command:

iaaib (Device type) (folder/path of device)/(Device name)

where folder/path of device is the relative path of the device within the Workstation or Server folder.

If you have multiple workstations in a directory, and the name of the workstations is prepended by common alphanumeric characters (for example, dev091, dev092,...dev099), use the following command from a Linux server to simultaneously apply the assigned imaging bundle on multiple devices:

zman iaaib workstation folderx/dev{09{1,2,3,4,5,6,7,9}}

The bundle is applied to devices dev091, dev092, and so on.

Sends the inventory data collection form to one or more devices.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to /Devices. If this option is specified, the path of the device objects is determined relative to this folder. This option can be used to specify multiple device objects under the same folder.

Initiates an inventory scan of one or more devices.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to /Devices. If this option is specified, the path of the device objects is determined relative to this folder. This option can be used to specify multiple device objects under the same folder.

Exports the administrator-defined local products and product fingerprints. Only administrators with CDLP rights can export the local products.

To export product data:

zman ielp {pathname}.

Example:

To export all administrator-defined local products from ZENworks Configuration Management to a file in ./output/lpexports.txt:

zman ielp ./output/lpexports.txt.

Imports the administrator-defined local products and product fingerprints. Only administrators with CDLP rights can import the local products.

• dokbmerge - To trigger KB merge after importing local product(s).

To import product data:

zman iilp {pathname} [-U (Administrator)] [-P (password)].

Example:

To import administrator-defined local products to ZENworks Configuration Management from a file in ./output/lpimports.txt:

zman iilp ./output/lpimports.txt -U Administrator -P novell.

Activates the ZENworks products (Asset Inventory for Linux, ZENworks Configuration Management, ZENworks Asset Management, ZENworks Full Disk Encryption, ZENworks Endpoint Security Management) or the ZENworks Suite.

Deactivates the ZENworks products. Only the product name is needed as an argument.

Displays the licensing information.

Forces the system to refresh the stored license cache, which is normally updated once per day. Use this command to update the cache at any time, such as when an evaluation license might expire and the cache doesn’t yet reflect that.

Lists the current license states of all known ZENworks Configuration Management components and DataModel plug-ins (two separate lists).

Generates the user data and creates a ZIP file that includes a CSV file with user data.

Downloads the user data file that was generated by running the lgur command.

Assigns a location to a particular device folder or device object.

(Device Folder or Device Object Path) - Complete path of the device folder or device object.

[Location Object] [...] - Name of the location object.

-a, --allLocations - Specify this parameter to assign all the locations and network environments to the device folder or device object.

Configures the audit data upload for a specified location.

(location name) - The name of the location.

(state) - Select the state:

Creates a location and (optionally) assigns network environments to the location.

(location name) - The name you want assigned to the new location.

[network environment name] - The name of an existing network environment that you want to assign to the location. You can add multiple network environments. Adding network environments during creation of a location is optional. You can use the location-nwenv-assign command to add network environments after creation.

[network environment name] - The name of an existing network environment that you want to assign to the location. You can add multiple network environments. Adding network environments during creation of a location is optional. You can use the location-nwenv-assign command to add network environments after creation.

Accepts the following options:

Specify IPv4 if you want the devices in this location to try communicating with the servers using IPv4 URLs first before attempting IPv6 URLs.

Specify IPv6 if you want the devices in this location to try communicating with the servers using IPv6 URLs first before attempting IPv4 URLs.

Deletes locations.

(location name) - The name of the location you want to delete. You can specify one or more location names.

Removes all network environments from a location.

(location name) - The name of the location from which you want to remove all assigned network environments.

Removes specific network environments from a location.

(location name) - The name of the location from which you want to remove network environments.

[network environment name] - The name of the network environment that you want to remove. You can remove multiple network environments.

Lists locations.

Accepts the following options:

• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the network environments assigned to a location.

(location name) - The name of the location whose network environments you want to view.

Accepts the following options:

• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the ZENworks objects such as policies and bundles that are associated with the specified location.

(location name) - The name of the location whose ZENworks objects you want to view.

Accepts the following option:

• -c, --count - Displays the count of the results.

Adds network environments to a location.

(location name) - The name of the location to which you want to assign network environments.

[network environment name] - The name of an existing network environment that you want to add to the location. You can add multiple network environments.

Renames a location.

(old name) - The name of the location that you want to rename.

(new name) - The new name for the location.

Requests the server to recompute the location configuration response so that the requesting devices can obtain the latest changes.

[Device Folder or Device Object Path][...]: Specify the path of a device folder or device object.

-f, --forceRecompute: Force recompute all the location configuration responses.

Sets the bandwidth throttle rate to be used for distributing content to devices identified with the specified location. To maximize performance of your ZENworks Servers and network system, high bandwidth environments can use one set of throttle rates and low bandwidth environments can use a different set of throttle rates. The throttle rate can be overridden in a bundle so that high-priority patch and bundle content can be deployed quickly.

(location name) - The name of the location for which you want to define the bandwidth throttle rate.

(throttle rate) - The maximum bandwidth rate in kilobits per second (kbps).

Sets the bandwidth throttle rate to be used for distributing content to devices identified with the Unknown location.

(throttle rate) - The maximum bandwidth rate in kilobits per second (kbps).

Edits an existing location.

<location name>: Specify a name for the location.

Accepts the following options:

Acknowledges messages associated with a ZENworks managed device, bundle, or policy.

[object path] - Full path of the object that has messages associated with it. The object can be a server, workstation, bundle, or policy.

Accepts the following options:

• -b, --begin-date=[message logged date] - Messages logged on and after this date are acknowledged. The format for the date is YYYY-MM-DD.
• -e, --end-date=[message logged date] - Messages logged on and before this date are acknowledged. The format for the date is YYYY-MM-DD.
• -a, --all - Acknowledges all messages logged for the object. If an object is not specified, all the logged messages are acknowledged.
• -l, --logID=[log id][...] - A comma-separated list of log IDs of the messages to be acknowledged. You can obtain the log IDs by using the messages-view command.
• -L, --logID-file=[file path] - The path of the file containing message log IDs. Each line in the file should contain a message log ID. Use this option instead of the --log-ID option to input the log IDs.

Deletes messages associated with a ZENworks managed device.

[object path] - Full path of the object that has messages associated with it. The object can be a server, workstation, bundle, or policy.

Accepts the following options:

• -b, --begin-date=[message logged date] - Messages logged on and after this date are deleted. The format for the date is YYYY-MM-DD.
• -e, --end-date=[message logged date] - Messages logged on and before this date are deleted. The format for the date is YYYY-MM-DD.
• -l, --logID=[log ID][...] - A comma-separated list of log IDs of the messages to be deleted. You can obtain the log IDs by using the messages-view command.
• -L, --logID-file=[file path] - The path of the file containing the message log IDs. Each line in the file should contain a message log ID. Use this option instead of the --log-ID option to input the log IDs.

Lists messages associated with a ZENworks managed device, bundle, or policy.

• -S, --severity=[severity [ ...] - Filters on the message severity. Valid values are critical, warning, and info.
• -t, --type=[message type] - Filters on the source of message. Valid values are server and client. Filtering on server lists messages generated by the ZENworks server and filtering on client lists messages generated by the ZENworks Agent on that device.
• -D, --date-condition=[date condition] - Filters messages based on a date range. Valid values are before, since, and between. Use the --begin-date and --end-date options to specify the dates. If date condition is used and no date is specified, the current date is taken by default.
• -b, --begin-date=[message logged date] - The date on which the message was logged. The format for the date is YYYY-MM-DD. This option is to be used in conjunction with the date condition option. If date condition is not specified, messages logged before this date are displayed.
• -e, --end-date=[message logged date] - The date on which the message was logged. The format for the date is YYYY-MM-DD. This option is to be specified when between is specified as the value for the date condition option.
• -a, --acknowledged - Filters on acknowledged messages.
• -n, --not-acknowledged - Filters on messages that are not acknowledged.
• -m, --messagefilter=[localized message] - Filters on the localized message.
• -c, --count - Displays only the count of the messages.
• -o, --sort-order=[sort order] - Sorts the messages based on date, severity, and acknowledged.
• -A, --asc - Specifies the direction of sorted listing. The default is descending order.
• -d, --detailed - Returns more information about the messages.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Configures the audit data upload setting for a specified network environment.

(network environment name) - The name of the network environment.

(state) - Select the state:

Creates a network environment from the information contained in the specified XML file.

(network environment name) - The name you want assigned to the new network environment.

-d, --desc=<description> - A description for the network environment.

[network environment XML file] - The pathname of the XML file containing the information needed to create the network environment. If you don’t already have an XML file, use the network-environment-export-to-file command to export the information for an existing network environment. You can then use the XML file as a template for creating new network environment files.

Deletes a network environment.

(network environment name) - The name of the network environment you want to delete. You can specify one or more names.

Exports a network environment’s information to an XML-formatted file.

The network-environment-create command requires network environment information to be input through an XML-formatted file. You can use this file as a template, modifying it as necessary to include the information you want used when creating a new network environment.

(network environment name) - The name of the network environment whose information you want to export to the file.

(XML file path) - The file path and name for the export file.

Lists network environments.

Accepts the following options:

• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the ZENworks objects such as policies and bundles that are associated with the specified network environment.

(network environment name) - The name of the network environment whose ZENworks objects you want to view.

Accepts the following option:

• -c, --count - Displays the count of the results.

Renames a network environment.

(old name) - The name of the network environment that you want to rename.

(new name) - The new name for the network environment.

Sets the bandwidth throttle rate for distributing content to devices located in a specific network environment. To maximize performance of your ZENworks Servers and network system, high bandwidth environments can use one set of throttle rates and low bandwidth environments can use a different set of throttle rates. The throttle rate can be overridden in a bundle so that high-priority patch and bundle content can be deployed quickly.

(network environment name) - The name of the network environment for which you want to define the bandwidth throttle rate.

(throttle rate) - The maximum bandwidth rate in kilobits per second (kbps).

Creates a network environment

<network environment name>: Specify a name for the network environment.

Accepts the following options:

Copies relationships from a source mobile device to target mobile devices. Mobile relationships include bundle assignments, policy assignments and group memberships.

Accepts the following options:

-r, --relationship-type: Relationship types to copy. Valid values include bundles, policies and groups. The bundles option copies all the associated bundle assignments of the source mobile device to the target mobile devices. The policies option copies all the associated policy assignments of the source device to the target devices. The groups option adds target devices as members of the groups to which the source device belongs.

-a, --assignment-options: Assignment options. Valid values include assign-to-group-members, assign-to-folder-members and assign-to-folder-members-recursively. The assign-to-group-members option, copies the assignments from the source to members of the target groups. The assign-to-folder-members option copies assignments from the source to devices inside the target folder. The assign-to-folder-members-recursively option copies the assignments from the source to devices within the target folders and their sub folders. if a value is not specified, the assignments are made to the target folders or groups directly.

-c, --conflict-resolution: Conflict resolution options for existing assignments. Valid values include delete-existing-assignments and replace-existing-assignments. The delete-existing-assignments option deletes all the existing assignments of the target devices. The replace-existing-assignments option replaces the existing assignments of the target devices with the selected assignments. If a value is not specified, the existing assignments on the target devices are retained.

-g, --group-membership: Group Memberships options for the target object type Groups and Folders. Valid values include add-folder-members-recursively and delete-existing-group-membership. The add-folder-members-recursively option adds devices inside the target folders and their sub folders as members of the groups to which the source device belongs. The delete-existing-group-membership option deletes the existing group memberships of the target devices. If the targets have groups, then all the members of the groups are added to the selected group. If the targets have folders, then, by default, all the devices in that folder are added to the selected group, non-recursively.

-p, --export-path: The complete path of the file to which the Copy Relationships results need to be exported, in CSV format. You can specify a file path along with a file name that has the .csv extension. If the path is not specified, the CSV file will be exported to the default path (Linux: /var/opt/microfocus/zenworks/tmp; Windows: %zenworks_home%\work\tmp).

-f, --continue-on-failure: This option is not mandatory. If this option is specified, the Copy Relationships operation will continue even when a failure is encountered. If this option is not specified, the Copy Relationships operation will terminate when a failure is encountered.

For example:

To copy all the relationships of the source mobile device to multiple mobile types:

zman mobile-copy-relationships mobilefolder/sourcemobile --relationship-type=bundles,policies,groups mobilefolder/mobile mobilefolder/mobilefolder1 mobilefolder/mobilegroup

To copy the policy assignments of a source mobile device to mobile devices within target mobile folders, recursively:

zman mcr mobilefolder/sourcemobile --relationship-type=policies mobilefolder1 mobilefolder2 -assignment-options=assign-to-folder-members-recursively

To replace conflicted bundle assignments of target mobile devices while copying the assignments from a source mobile device:

zman mcr mobilefolder/sourcemobile -r=bundles mobilefolder/mobile1 -conflict-resolution=replace-existing-assignments

To add mobile devices of target mobile groups to groups of the source mobile device:

zman mcr mobilefolder/sourcemobile -r=groups mobilegroup

To add mobile devices of target mobile groups to groups of the source mobile device, with the Continue on failure option and the Export as CSV option (to C:\temp\ folder) specified:

zman mcr mobilefolder/sourcemobile -r=groups mobilegroup -f -p=C:\temp\

Creates a new folder for mobile devices.

Accepts the following option:

• --desc=[description] - Description for the folder.

Creates a mobile group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[mobile path][...] - The path of the mobile devices relative to /Devices/Mobile Devices.
• -f, --folder=[mobile folder] - The path of a mobile device folder relative to /Devices/Mobile Devices. If this option is specified, the path of the mobile device objects is determined relative to this folder. This can be used to specify multiple mobile device objects under the same folder.

Moves a mobile device object to a different folder.

Renames a mobile device object.

Deletes one or more mobile device objects.

(mobile object path) [...] - The path of the mobile device objects (mobile device, mobile device folder or mobile device group) relative to /Devices/Mobile Devices. The wildcard * can be used in the object names if it is enclosed in quotations. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -f, --folder=[mobile folder] - The path of a mobile device folder relative to /Devices/Mobile Devices. If this option is specified, the path of the mobile device objects is determined relative to this folder. This can be used to specify multiple mobile device objects under the same folder.

Adds mobile devices to a mobile device group.

Accepts the following option:

• -f, --folder=[mobile folder] - The path of a mobile device folder relative to /Devices/Mobile Devices. If this option is specified, the path of the mobile device objects is determined relative to this folder. This can be used to specify multiple mobile device objects under the same folder.

Lists mobile device objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -t, --typefilter=[type filter][...] - Displays results matching the comma-separated list of object types specified. Valid values are device, group, and folder.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.
• -f, --flagfilter=[flag filter][...] - Displays results matching the comma-separated list of flags specified. Valid values are retired, notretired, test, and non-test.

Lists members of a mobile device group or a dynamic mobile device group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Removes mobile devices from a mobile device group.

Accepts the following option:

• -f, --folder=[mobile folder] - The path of a mobile device folder relative to /Devices/Mobile Devices. If this option is specified, the path of the mobile device objects is determined relative to this folder. This can be used to specify multiple mobile device objects under the same folder.

Lists groups of which the given mobile device is a member.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Assigns policies to a mobile device object.

Accepts the following options:

• -c, --conflicts=[policy conflict resolution order] - Determines how policy conflicts are resolved. Valid values are userlast or 1, devicelast or 2, deviceonly or 3, useronly or 4. For userlast, device-associated policies are applied first, followed by user-associated policies. For devicelast, user-associated policies are applied first, followed by device-associated policies. For deviceonly, user-associated policies are ignored. For useronly, device-associated policies are ignored. If this option is not specified, userlast is taken as the default value.
• -e, --enforce-now - Enforces the policy immediately on all assigned devices.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Removes policies assigned to a mobile device object.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Lists policies assigned to a mobile device object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective policies.
• -e, --effective - Lists only effective policies.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Changes the order of policies assigned to a mobile device. Use the mobile-list-policies command to get the order of assigned policies.

Displays the advanced deployment status of policies assigned to a mobile.

Accepts the following options:

• --statusfilter=[status type][...] - Filters on the status of Policy Apply Event. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Sets a mobile device as a test device.

Example:

To set mobiledevice1 as a test device:

zman msat mobiledevice1

Sets a mobile device as a non-test device.

Example:

To set mobiledevice1 as a non-test device:

zman msan mobiledevice1

Refreshes the mobile devices.

Accepts the following options:

-f, --folder=[mobile folder] - The path of a mobile device folder relative to /Devices/Mobile Devices. If this option is specified, the path of the mobile device objects is determined relative to this folder. This can be used to specify multiple mobile devices under the same folder.

--notify=<minutes> - Time in minutes to notify all devices.

--expire=<minutes> - Time in minutes for expiry after creation of the quick task. Specify 0 to expire immediately.

--expirenever - The quick task never expires in the Primary Server.

Exports the activation lock bypass codes of all supervised iOS devices in the zone to a ZIP file.

[file-name] Specify a file name for the ZIP file in which the bypass codes should be saved. This is an optional field.

After executing the command, you will be prompted for a password.

The ZIP file will be saved in the current command prompt directory.

Only super admins have rights to execute the command.

Example: malbetf lock_code

In this example, the generated ZIP file will be saved with the name lock_code. The file name is an optional field. After executing the command, you will be prompted for the password.

Exports the Factory Reset Protection (FRP) details, which is the corporate account details of users who are authorized to provision devices after a hard factory reset, to CSV files and consolidates these files to create a ZIP archive file.

(ZIP file path) Specify the complete path where the ZIP archive that contains the CSV files, should be saved.

Example:

zman mfetf C:\frpbackup\frpaccounts.zip

Exports the CSV files containing FRP details and create a ZIP archive file named frpaccounts.zip in the path C:\frpbackup.

Purges Factory Reset Protection (FRP) details of all the deleted devices from the ZENworks database.

Gets the GUID of a ZENworks object.

(object path) - Full path of the ZENworks object, starting with a forward slash (/).

Gets the name of a ZENworks object.

(ZENworks GUID) - The ZENworks GUID of the object, consisting of 32 characters.

Gets the path of a ZENworks object, given the GUID.

(ZENworks GUID) - The ZENworks GUID of the object, consisting of 32 characters.

Replicates the content for the specified bundle or policy on the Primary Server.

Examples:

To replicate the content of a bundle to the current server: zman psrc /Bundle/bundle1

To replicate the content of a policy to the current server: zman psrc /Policy/policy1

Cleans up the content for the specified bundle/policy on the Primary Server.

Examples:

To clean up the content of a bundle from the current server: zman pscc /Bundle/bundle1

To clean up the content of a policy from the current server: zman psrc /Policy/policy1

Assigns a policy or policy group to one or more device or user objects.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to the root folder of the device or user type specified.

Accepts the following options:

• -c, --conflicts=[policy conflict resolution order] - Determine how policy conflicts are resolved. Valid values are userlast or 1, devicelast or 2, deviceonly or 3, useronly or 4. For userlast, device-associated policies are applied first followed by user-associated policies. For devicelast, user-associated policies are applied first followed by device-associated policies. For deviceonly, user-associated policies are ignored. For useronly, device-associated policies are ignored. If this option is not specified, userlast is taken as the default value.
• -e, --enforce-now - Enforces the policy immediately on all assigned devices.
• -f, --folder=[device or user folder] - The path of the device or user folder relative to the respective root folder. If this option is specified, the path of the device or user objects is determined relative to this folder. This can be used to specify multiple device or user objects under the same folder.

Creates a policy.

(policy XML file) - XML file containing exported policy information. Use policy-export-to-file (petf) to export a policy's information into a XML file. If you want to reuse files, template XML files can be created from policies created through ZENworks Control Center.

Accepts the following options:

• -d, --desc=[description] - Description for the policy.
• -a, --actioninfo=[file content for policy] - XML file containing information about file content to be associated and packaged with the policy. For example, the driver file to be installed for a Printer policy is the file content. For the XML format template, refer to ActionInfo.xml located in /opt/microfocus/zenworks/share/zman/samples/policies on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\ samples\policies on a Windows server.
• -s, --create-as-sandbox=[create as sandbox] - Creates the policy as a sandbox.
• -n, --create-with-new-grid - Creates the policy object with the new GUID. If the option is not specified, it will validate the policy objects for imported GUID in the policy XML file. If the imported GUID does not exist, a new GUID will be created, else the imported GUID will be retained.

Copies a policy.

Accepts the following option:

• -d, --desc=[description] - Description for the policy.

Deletes one or more policy objects.

(policy object path) [...] - The path of the policy objects (policy, policy folder or policy group) relative to /Policies. The wildcard * can be used in the object names if it is enclosed in quotations. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Disables policies.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Deletes one or more versions of the policy.

Examples:

To delete the version 3 of the policy, zenpolicy:

zman pdv zenpolicy 3

To delete all the versions of the policy, zenpolicy:

zman pdv zenpolicy -a

To delete all the versions of the policy, zenpolicy, that are older than the specified version:

zman pdv zenpolicy version -p

Enables policies.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Exports a policy's information (in XML format) to a file. The XML file is to be used as input for creating policies.

(XML file path) - The complete path of the XML file to which the policy information is to be exported.

[Version of the policy] - Version of the policy to be exported. If the version is not specified, the published version of the policy is exported. To export a sandbox version of the policy, specify sandbox.

[-c|--export-content] - Exports the content of the policy to a subdirectory within the directory containing the XML file to which the policy’s information is exported. If the option is not specified, the policy content is not exported.

Examples:

To export the sandbox version of a policy named zenpolicy to an XML file named policy.xml:

zman petf policyfolder/zenpolicy C:\policies\policy.xml sandbox

To export version 3 of a policy named zenpolicy to an XML file named policy.xml:

zman petf policyfolder/zenpolicy C:\policies\policy.xml 3

To export version 5 of a policy named zenpolicy to an XML file named policy.xml and export the policy’s content to the C:\policies\:

zman petf policyfolder/zenpolicy C:\policies\policy.xml 5 -c

Creates a new folder for containing policies.

Accepts the following option:

• --desc=[description] - Description for the folder.

Adds policies to a policy group.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Creates a policy group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[policy path][...] - The path of the policies relative to /Policies.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Lists members of a policy group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Removes policies from a policy group.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Lists policy objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the device and user assignments for a policy.

Accepts the following options:

• -t, --typefilter=[assignment type] - Filters on the assignment type. Valid values are device and user.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists groups where the given policy is a member.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists all the versions of the policy.

Examples:

To list all the versions of the policy, zenpolicy:

zman plv zenpolicy

Moves a policy object to a different folder.

Create a sandbox from an existing version of a policy

[version of the policy] - Specify the version of the policy to be used for creating the sandbox.

Accepts the following option:

• -f, --force =[force] - Overwrite any existing sandbox.

Example:

To create a sandbox from the version 2 of a policy, zenpolicy:

zman psc zenpolicy 2

Publish a sandbox to create a published version of the policy.

Example:

To publish the sandbox of a policy, zenpolicy

zman psp zenpolicy

Publishes sandbox version of a policy to a new policy.

(policy path) - The path of the policy object relative to the policies root folder, /Policies.

(policy name) - Name of the new policy to be created.

[parent folder] - Folder in which the new policy is to be created. If not specified, the policy is created in the root folder.

Accepts the following options:

• -s, --createAsSandbox =[create as sandbox] - Creates the policy as a sandbox.
• -g, --groups - Adds the newly created policy to all the groups which the source policy is a member of.
• -d, --deviceAssignments - Copies all the device assignments from the source policy to the new policy created.
• -u, --userAssignments - Copies all the user assignments from the source policy to the new policy created.

Example:

To publish the sandbox version of a policy to a new policy.

zman psptn policy1 policy2 /Policies/Folder1

Deletes the sandbox and reverts to the latest published version of the policy.

Example:

To delete the sandbox and revert to the latest published version of the policy:

zman psr zenpolicy

Renames a policy object.

• -p, --publish =[publish] - If this option is specified and the display name of the bundle is edited, the bundle is immediately published. However, if the current display name of the bundle is different from the existing bundle name or if a sandbox already exists for the bundle, specifying this option will have no effect.

Unassigns a policy or policy group from one or more device or user objects.

(device or user type) - Valid values are device, server, workstation, and user.

(device or user object path) [...] - The path of the device or user objects relative to the root folder of the device or user type specified.

Accepts the following option:

• -f, --folder=[device or user folder] - The path of the device or user folder relative to the respective root folder. If this option is specified, the path of the device or user objects is determined relative to this folder. This can be used to specify multiple device or user objects under the same folder.

Displays the advanced deployment status of a policy.

Accepts the following options:

• -d, --device=[device path] - Displays the deployment status only for the specified device. The path of the device is relative to /Devices.
• -u, --user=[user path] - Displays the deployment status for the specified user only. The path of the user is relative to /Users. If device is also specified, status details for the specified user logged into the specified device are displayed.
• -n, --namefilter=[target device name] - Filters on the name of the device. Displays options matching the specified filter. The wildcard * and ? can be used if they are enclosed in quotation marks.
• --statusfilter=[status type][...] - Filters on the status of Policy Apply Event. Valid values are S, F, and P (Success, Failure and Pending). A comma-separated list of status types can be given.
• -t, --typefilter=[target device or user type][...] - Filters on the type of the target. Valid values are server, workstation, and user. A comma-separated list of target types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.
• -v, --version [value]
• Following are the valid values:
• published:Use this option to display number of non-test devices on which the policy is deployed.
• sandbox: Use this option to display the number of test device on which the sandbox version of the policy is deployed.
• [version-of-the-object]: Use a version number to get the status of the related policy version.
• The default value is published.
• -c, --status-calculation [value]
• Following are the valid values:
• consolidated: Use this option to display the total number of devices on which this policy is deployed.
• version: Use this option to display the status of specific version.
• The default value is version.

Displays a summary of the deployment status of a particular policy.

Accepts the following options:

-v, --version [value]

Following are the valid values:

-c, --status-calculation [value]

The default value is version.

Copies settings.

(source policy or policy folder path) - The path of the policy or policy folder relative to /Policies from which settings have to be copied.

(destination policy or policy folder path) [...] - The path of the policies or policy folders relative to /Policies to which settings must be copied.

Accepts the following option:

• -n, --names=[settings name][...] - Names of the settings to be copied from the source path. If this option is not specified, all settings defined at the source path are copied.

Exports settings data (in XML format) to a file. The XML file is to be used as input for creating or modifying settings.

(XML file path) - The file into which the settings data is stored in XML format. If the file does not exist, a new file is created.

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

Accepts the following options:

• -s, --source=[source policy or policy folder path] - The path of the policy or policy folder relative to /Policies from which settings must be exported. If this option is not specified, settings are exported from the Zone.
• -e, --effective - If specified, the effective settings are retrieved; otherwise, only the settings defined or overridden at the source path are retrieved.

Reverts the settings to that of the parent folder.

(source policy or policy folder path) - The path of the policy or policy folder relative to /Policies, whose settings must be reverted.

Sets settings at various levels.

(XML file path) - XML file containing exported settings information. Use settings-export-to-file (setf) to export settings information into a XML file.

Accepts the following options:

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

• -f, --force - Forces all children (subfolders and individual polices) to inherit these settings.
• -s, --source=[source policy or policy folder path] - The path of the policy or policy folder relative to /Policies for which settings have to be set. If this option is not specified, settings are set at the Zone level.

Removes baseline patches.

Syntax: zman prb <Full patch name>

Lists the saved searches.

Accepts the following option:

• [-d, --detailed] - Lists the filter criteria for the saved search.

Runs a saved search.

Accepts the following options:

• (saved search) - Saved search to be executed.
• [folder path] - The path of the device folder where the search is to be performed relative to /Devices. The default folder is /Devices.
• [-r, --recursive] - This option has been deprecated in ZENworks 11 SP3. If you specify this option, it will be ignored. The recursive value is taken from the saved search.
• [-s, --scrollsize=scroll size] - Number of results to be displayed at a time.

Flushes the queue by removing the queue entries.

(queue status) [...] - Filters on the status of the queue entries. Valid values are N, I, C, S, and F (New, In Progress, Cancelled, Success, and Failed).

Lists queue entries.

[server path] - The path of a server relative to /Devices/Servers. Lists only the queue entries belonging to the specified server.

Accepts the following options:

• -t, --type=[queue action type] - Filters on the type of the queue entry. For example, content.cleanup is a queue entry type.
• -s, --status=[queue status] - Filters on the status of the queue entries. Valid values are N, I, C, S, and F (New, In Progress, Canceled, Success, and Failed).

Resets the queue, and sets the status of failed queue entries to New.

[server path] - The path of a server relative to /Devices/Servers. Resets only the queue entries belonging to the specified server.

Updates the list of Primary Servers that should be excluded while executing specific queue actions. This command can be run only by a super administrator.

(actionType) - The Queue Action type for which the exclusion servers list needs to becreated. You can either pass the Queue Action Type or “RUN_ASSIGNED_TASKS_ONLY” (without quotes).

If RUN_ASSIGNED_TASKS_ONLY is passed, then the Primary Servers will run only the directly assigned queue actions.

The Queue Action Type takes priority over RUN_ASSIGNED_TASKS_ONLY.

For more information on how to use, see Optimizing Primary Server Performance in the ZENworks Best Practices Guide.

-g, --guids=<serverGUIDs>[...]: List of Primary Server GUIDs that need to be excluded while executing all or specific queue actions.

--clear: Removes the exclusion servers list that was created for a specific queue action.

Updates the list of Primary Servers that should be excluded while executing specific queue actions.

(actionType) - The Queue Action type for which the exclusion servers list needs to becreated.

-t, --actionType=<actionType>: The Queue Action type for which the exclusion servers list needs to be displayed.

Adds an action to the queue.

[server path] - The path of a server relative to /Devices/Servers. This is the server that will perform this queue action.

Accepts the following options:

-t, --type=[queue action type] - Type of the queue action to be created. For example, content.cleanup is a queue entry type. This is a mandatory argument.

-d, --data=[value] -> Any data required by the queue action.

Adds membership in the specified device groups for devices registering with the given key.

(device type) - Type of the registering device. Valid values are server and workstation.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to root folder of the device type specified. If this option is specified, path of the device objects is determined relative to this folder. This can be used to specify multiple device objects under the same folder.

Creates a new registration key.

(device type) - Type of the registering device. Valid values are server and workstation.

Accepts the following options:

• -f, --devicefolder=[device folder] - The path of the device folder relative to the root folder of the device type specified. Registering devices are placed in this folder.
• -g, --devicegroup=[device group path][...] - A comma-separated list of path of the device groups. The paths specified should be relative to the root folder of the device type specified. Registering devices become members of these device groups.
• --desc=[description] - Description for the registration key.
• --site=[site] - The site where the devices are located. Registering devices are populated with this site information.
• --dept=[department] - The department in which the devices are used. Registering devices are populated with this department information.
• --loc=[location] - The physical location of the devices. Registering devices are populated with this location information.
• --limit=[limit] - Number of times this key can be used to register devices.

Copies a registration key.

(registration key) - Name of the registration key.

(new name) - Name for the copied registration key.

Deletes registration objects.

(registration object path) [...] - The path of the registration objects (registration key or folder) relative to /Keys. The wildcard * can be used in the object names if it is enclosed in quotations. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -f, --folder=[registration folder] - The path of a registration folder relative to /Keys. If this option is specified, the path of the registration objects is determined relative to this folder. This can be used to specify multiple registration objects under the same folder.

Creates a new registration folder.

Accepts the following option:

• --desc=[description] - Description for the folder.

Displays detailed information about a registration key.

Lists all registration objects.

Accepts the following options:

• -r, --recursive - Lists results recursively, including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists the device groups associated with a registration key.

Moves a registration object to a different registration folder.

Removes the association of device groups to a registration key.

(device type) - Type of the registering device. Valid values are server and workstation.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to the root folder of the device type specified. If this option is specified, the path of the device objects is determined relative to this folder. This can be used to specify multiple device objects under the same folder.

Renames a registration object.

Updates a registration key.

Accepts the following options:

• -f, --devicefolder=[device folder] - The path of the device folder relative to the root folder of the device type specified. Registering devices are placed in this folder.
• --desc=[description] - Description for the registration key.
• --site=[site] - The site where the devices are located. Registering devices are populated with this site information.
• --dept=[department] - The department in which the devices are used. Registering devices are populated with this department information.
• --loc=[location] - The physical location of the devices. Registering devices are populated with this location information.
• --limit=[limit] - Number of times this key can be used to register devices.
• --unlimited - The key can be used without limit to register devices.

Imports the devices from the CSV file, which is used to specify the device information.

(CSV file path) - The name of the CSV file with the path. Each entry in the file contains details for a workstation or a server.

For a workstation, or a server, the format of the file entry is version, host name, serial number, and macAddress.

For a workstation, or a server, the version is WS_1.0.

The values for version and host name are mandatory, and the values for serial number and macAddress are optional.

(registration key) - Name of the registration key.

For example:

To register the devices in the CSV devicesInfo file by using the registration key regkey, run the zman rid c:\devicesInfo.csv regkey command.

Assigns a role to one or more ZENworks administrators and associates the rights categories in a role to different object contexts.

[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman role-rights-add-admins --help | more.

[object path] [...] - Full path of the ZENworks object starting with a slash (/) on which the rights grouped in a rights category should be enforced. To view the root folders of the object types that can be associated with a rights category, run zman role-add-admins --help | more.

Accepts the following options:

• -f, --folder=[folder name] - Full path of a folder. If this option is specified, the path of the objects is determined relative to this folder. This provides convenience if you want to specify multiple objects under the same folder.
• -H, --help - Displays detailed help about the categories of rights available, and the root folders of the object types on which the rights can be enforced.

Creates a ZENworks administrator role.

Renames a ZENworks administrator role.

(role name) [...] - Name of the roles. The wildcard * can be used in the object names if it is enclosed in quotation marks. Exercise caution when using wildcards to delete objects.

Lists all ZENworks administrator roles.

Accepts the following options:

• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -N, --name-only - Displays the role name only.
• -T, --name-and-type - Displays the role name and privilege types only.
• -l, --longnames - Displays names of the rights. By default, the abbreviated form of the rights name is displayed.

Lists the ZENworks administrators with the specified role, and the contexts associated with the rights categories of that role.

Removes assignment of a role from one or more ZENworks administrators or removes the association of rights categories to object contexts.

[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman role-rights-add-admins --help | more.

[object path] [...] - Full path of the ZENworks object starting with / on which the rights grouped in a rights category should be enforced. To view the root folders of the object types that can be associated with a rights category, run zman role-add-admins --help | more.

Accepts the following option:

• -f, --folder=[folder name] - Full path of a folder. If this option is specified, the path of the objects is determined relative to this folder. This provides convenience if you want to specify multiple objects under the same folder.

Renames a ZENworks administrator role.

Deletes rights assigned to a ZENworks administrator role.

[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman role-rights-set --help | more.

Displays rights assigned to a ZENworks administrator role.

Accepts the following options:

• -c, --category=[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman role-rights-set --help | more.
• -l, --longnames - Displays names of the rights. By default, the abbreviated form of the rights name is displayed.

Allows or denies rights for a ZENworks administrator role.

[rights category] - Name of the category within which the rights are grouped. To see the list of categories, run zman role-rights-set --help | more.

Accepts the following options:

• -a, --allow=[right][...] - A comma-separated list of long or short names of the rights to be allowed. To view the rights of each category, run zman role-rights-set --help | more.
• -A, --allow-all - Allows all rights of the rights category.
• -d, --deny=[right][...] - A comma-separated list of long or short names of the rights to be denied. To view the rights of each category, run zman role-rights-set --help | more.
• -D, --deny-all - Denies all rights of the rights category.
• -u, --unset=[right][...] - A comma-separated list of long or short names of the rights to be unset. To view the rights of each category, run zman role-rights-set --help | more.
• -H, --help - Displays detailed help about the categories of rights available, and the long and short names of the rights within each category. If a category name is specified, help is provided on the rights for that category.

Adds membership in the specified device groups for devices imported by using the specified rule set.

(device type) - Type of the registering device. Valid values are server and workstation.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(device group path) - Specify the device group path relative to the root folder of the device type.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to root folder of device type specified. If this option is specified, the path of the device objects is determined relative to this folder. This can be used to specify multiple device objects under the same folder.

Adds rules or rule groups to a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(add mode) - Specify the mode of addition, whether rules or rule groups are being added. Valid values are rule and rulegroup. If mode is rule, all rules across rule groups in the input file will be picked and added.

(rules group position) - Specify the position of the rule group. If you are adding rule groups, this refers to the position the new groups must be inserted at. If you are adding rules, it refers to the position in the rule group where the new rule needs to be added. To point to the last rule group, specify last. To add rules in a new rule group or to add rule groups at the end of the list, specify makenew. The first rule group is at position 1.

(rules file) - The path of the XML file containing the information of rules or rule groups to be added to the rule set. The XML file can be created by exporting rules of an existing rule set using ruleset-export-rules-to-file command. The conjunction specified in the XML file is immaterial. Alternately, to add only rules, the older format can still be used.

For the file format, refer to AddRulesToRuleSet.txt located in /opt/microfocus/zenworks/share/zman/samples/rulesets on a Linux Server or <Installation directory>:\Micro Focus\Zenworks\share\zman\samples\rulesets on a Windows Server.

For example:

To add rule groups at position 4 in a rule set:

zman rsar ruleset2 rulegroup 4 C:\RuleGroups.xml

To add rules to the third rule group of a rule set:

zman rsar ruleset2 rule 3 C:\Rules.xml

To add rules to the last rule group of a rule set:

zman rsar ruleset2 rule last C:\Rules.xml

To add rules as a new rule group in a rule set:

zman rsar ruleset2 rule makenew C:\Rules.xml

Creates a new rule set to apply when registering a device without a registration key.

(device type) - Type of the registering device. Valid values are server and workstation.

(rule set name) - Specify the name of the rule set.

(rules file) - The path of the XML file containing the information of rules or rule groups for the new rule set. The XML file can be created by exporting rules of an existing rule set by using the ruleset-export-rules-to-file command. Alternately, to add only rules (conjunction being AND), the older format can still be used.

For a sample of the file format, see the AddRulesToRuleSet.txt file located in /opt/microfocus/zenworks/share/zman/samples/rulesets on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ rulesets on a Windows server.

(position) - Position of the rule set among the rule sets. The first rule set is at position 1.

Accepts the following options:

• -f, --devicefolder=[device folder] - The path of the device folder relative to the root folder of the device type specified. Registering devices are placed in this folder.
• -g, --devicegroup=[device group path][...] - A comma-separated list of paths of the device groups. The paths specified should be relative to the root folder of the device type specified. A registered device becomes a member of these device groups.
• --desc=[description] - Description for the rule set.
• --site=[site] - The site where the devices are located. Registering devices are populated with this site information.
• --dept=[department] - The department in which the devices are used. Registering devices are populated with this department information.
• --loc=[location] - The physical location of the devices. Registering devices are populated with this location information.

For example:

To create a rule set for registering servers:

zman rsc server ruleset1 C:\RuleSet1.xml --devicefolder serverfolder --desc "rule to import servers" --site "Building A" --dept Finance --loc Brazil

Any registering device that evaluates to true for the rules defined in this rule set is placed in the /Devices/Servers/serverfolder folder with the given site, department, and location values.

To create a rule set for registering workstations that might become members of some workstation groups:

zman rsc workstation ruleset3 --devicegroup wsgroup,wsgroup1,wsfolder/wsgroup2

The association of device groups to a rule set can also be done after the rule set creation by using the ruleset-add-device-group command.

Copies a ruleset.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(new name) - New name to be given to the copied ruleset.

(position) - Position of the rule set among the rule sets. The first rule set is at position 1.

For example:

To copy a rule set to the first position:

zman rscp ruleset3 newruleset 1

Note: If the new position specified is 0 or greater than the number of rule sets, the rule set is copied to the beginning or the end of the list, respectively.

Exports the rules of a rule set to a file.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(XML file path) - Specify the file in which the rules will be stored in XML format.

For example:

To export rules from a rule set:

zman rsertf ruleset1 C:\ExportedRuleSet.xml

Deletes a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

Displays detailed information about a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

For example:

To display details about the ruleset MyRegRule:

zman rsi MyRegRule

Lists all rule sets.

Lists the device groups associated with a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

Changes the position of a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(new position) - Specify the new position to which the rule set needs to be moved.

For example:

zman rsmv ruleset3 1

Note: If the new position specified is 0 or greater than the number of rule sets, the rule set is moved to the beginning or the end of the list, respectively.

Removes the association of device groups to a rule set.

(device type) - Type of the registering device. Valid values are server and workstation.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(device group path) - Path of the device groups relative to the root folder of the device type specified.

Accepts the following option:

• -f, --folder=[device folder] - The path of the device folder relative to root folder of the device type specified. If this option is specified, the path of the device objects is determined relative to this folder. This can be used to specify multiple device objects under the same folder.

Removes rules or rule groups from a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(rule positions) - Specify the positions of the rules to be removed. The first rule group is denoted as G1 and the first two rules in G1 are denoted as G1:1,2. The position can be either a group or specific rules within a group.

For example:

To remove the second rule group of a rule set:

zman rsrr ruleset2 G2

To remove specific rule groups and specific rules from different rule groups:

zman rsrr ruleset2 G1:3 G2:2,5,6 G3 G6:4,9 G8

Renames a rule set.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

(new name) - Specify the new name to be given to the rule set.

Updates a rule set.

(device type) - Type of the registering device. Valid values are server and workstation.

(rule set name or position) - Specify the name of the rule set or its position within the rule sets. The first rule set is at position 1.

Accepts the following options:

• -f, --devicefolder=[device folder] - The path of the device folder relative to the root folder of the device type specified. Registering devices are placed in this folder.
• --desc=[description] - Description for the rule set.
• --site=[site] - The site where the devices are located. Registering devices are populated with this site information.
• --dept=[department] - The department in which the devices are used. Registering devices are populated with this department information.
• --loc=[location] - The physical location of the devices. Registering devices are populated with this location information.

For example:

To update a rule set that registers servers:

zman rsu server ruleset1 --devicefolder serverfolder1 --desc "rule to import servers" --site "Building B" --dept Transport --loc Brazil

To modify server groups in which the imported server should become a member use, ruleset-add-device-group and ruleset-remove-device-group commands.

To update the device folder from a workstation folder to a server root folder:

zman rsu server ruleset2

This command changes the folder to which the registering device needs to be placed; from /Devices/Workstations to /Devices/Servers.

Add a content type replication schedule and throttle setting to the Satellite device.

• (Path To Device) - The full name of the satellite device to which to add the replication setting.
• (Content Type) - The name of the content type for the replication setting to add to the satellite device.
• -s, --scheduleFileName=<file path> - The full path to a file with the schedule data for the replication setting saved in XML format.
• -t, --throttleRate=<throttle rate> - The throttle rate in kbps for the replication setting to add to the satellite device.
• -d, --duration=<duration> - The content replication duration period (in minutes).
• --noSchedule - Use this option if you do not want to specify a schedule for content replication.

Promotes a managed device to a Satellite Server with the Imaging server role. If the managed device is already functioning as a Satellite Server, this command adds the Imaging server role.

Accepts the following options:

• (Path to Device) - The path of the managed device relative to /Devices or the absolute path of the managed device.
• [Parent Primary Server] - The path of the Primary Server relative to /Devices or the absolute path of the Primary Server that would act as the parent server to the new Satellite Server.
• -p, --proxydhcp=<ProxyDHCP Service> - Starts or stops the Proxy DHCP service. The valid values are start and stop.
• -s, --serverPort=<Satellite Server Port> - The port which the satellite server should use to listen for managed device requests. If not specified, port 80 will be used.
• -r, --Content-Replication-Schedule=<Satellite Server Content Replication Schedule> - The XML file containing the Content Replication Schedule. In the Content Replication Schedule, enter the number of days, hours and minutes for how often the Satellite Server content should be updated from the parent Primary Server. For the XML format template, refer to ContentReplicationSchedule.xml located in /opt/microfocus/zenworks/share/zman/samples/schedules on a Linux server or <Installation directory>:\Micro Focus\Zenworks\share\zman\samples\schedules on a Windows server.
• --force-port-change - If the managed device is already functioning as a satellite server this option allows you to change the port that all satellite server components on this device will listen on for managed device requests.
• --force-parent-change - If the managed device is already functioning as a satellite server this option allows you to change the Primary Server parent for all satellite server components on the device.

Allows you to configure a Satellite role.

Accepts the following options:

• (path to device) - The full name of the managed device to create as a Satellite.
• (role) - The Satellite roles to add to the managed device. Roles include Authentication, Collection, and Content and JoinProxy. If you want to assign the Imaging Satellite role or to promote a managed device to a Satellite with the Imaging server role, you must use the zman ssaimg command instead of this command. If you want to reconfigure JoinProxy role settings, you must use the zman ssujs command.
• [Parent Primary Server] - The full name of the Primary Server to which the Satellite rolls up its collection data or from which it obtains its content. This field is optional if the managed device is already a Satellite.
• [Satellite Server Port] - The port that the Satellite should use to listen for collection roll-up requests or for obtaining content from the parent Primary Server. If it is not specified, port 80 is used.
• [Satellite Server Secure HTTPS Port] - The port that the Satellite should use to listen for authentication secure HTTPS requests. If not specified, port 443 is used.
• [Satellite Server Output Throttle Rate]: Satellite Server Output Throttle Rate (in KB/s).
• [--enable-ssl=<rolename>,<rolename>,...,<rolename>]: The Satellite Server roles for which SSL needs to be enabled. Valid roles include Content and Collection.
• [--force-port-change] - If the managed device is already functioning as a Satellite, this option allows you to change the port that all Satellite components on this device listen to for requests or for obtaining content.
• [--force-parent-change] - If the managed device is already functioning as a Satellite, this option allows you to change the Primary Server parent for all Satellite components on the device.

A non-root user can successfully execute this command (zman ssc) on a Linux Primary Server only if the user has been added to the ZENworks user group. To add the non-root user to the ZENworks user group, use the usermod -A non-root_username command.

Enables SSL on an imported list of Satellite Servers having the Content or Collection role, or both.

Accepts the following options:

• -f, --fileName=<Filepath> - The full path of the comma-separated values (.csv or .txt) file to be imported. The file should contain a list of Satellite Server GUIDs or Satellite Server paths.
• Sample GUID: 422d4e7dc31506ef2c44b54a2a2fa7db
• Sample Server Path: /Devices/Workstations/Linux-SS-01
• -r, --role=<role>[...] - The Satellite Server roles for which SSL needs to be enabled. Valid roles include Content and Collection.

Example: zman sses|satellite-server-enable-ssl -f "satellite_server_guids.csv|satellite_server_guids.txt" -r "Content|Collection|Content,Collection"

Updates the JoinProxy settings on a Satellite Server. You can promote only a Windows or a Linux managed device to the JoinProxy Satellite role. The Primary Servers have the JoinProxy role by default.

Accepts the following options:

• (Path to Device) - The full name of the Satellite Server for which to update the JoinProxy settings.
• -j, --jpport=<jpport> - The Port on which the JoinProxy will listen for connection.
• -m, --maxconnections=<maxConnections> - Maximum number of devices allowed for connecting to JoinProxy.
• -c, --connectionCheckInterval=<connectionCheckInterval> - The time interval for the Join Proxy to periodically check if the devices are still connected to it or not.

Allows you to delete Satellite roles from the device. If all roles are removed, the device will be automatically delisted from the Server Hierarchy listing in ZENworks Control Center.

If your Management Zone consists of ZENworks Primary Server and ZENworks Configuration Management Satellites, you cannot remove individual roles from the Satellites. You can only demote the Satellite to a managed device. You can delete a Satellite that has any version of the ZENworks Agent installed.

Accepts the following options:

• (Path to Device) - The full name of the Satellite Server from which to delete the Satellite roles.
• [role] - The Satellite roles to delete from the device. If no roles are specified, all Satellite roles are deleted from the device. You can delete the following roles: Authentication, Collection, Content and Join Proxy.To remove the Imaging role, use the satellite-server-remove-imagingrole (ssrimg) command instead of this command.

[-f|--force] - Forces the demotion of a Satellite Server to a managed device while removing all the specified, existing roles. Use this option only in any of the following scenarios:

Configures the user source connections used by a Satellite with the Authentication role. Execute this command multiple times to configure connections for multiple user sources on the same Satellite, specifying a different user source each time. Execute this command with no connections to remove the specified user source from the authentication role of the Satellite.

Accepts the following options:

• (Path To Device) - The full name of the Satellite for which to configure the authentication role user source.
• (User Source) - The name of the user source to configure.
• [User Connection] - User connections listed in order that this Satellite uses to authenticate users against the given user source.

Starts or stops the Proxy DHCP service of the Imaging Satellite.

• (Path to Device) - The path of the device relative to /Devices/Workstations. The device specified must be a Satellite with the Imaging role.
• (Action on ProxyDHCP Service) - Starts or stops the Proxy DHCP service. The valid values are start and stop.

Exports content files from the content repository for manual import into the Satellite device’s content repository. To import the content into the content repository on a managed device, use the zac cdp-import-content (cic) command.

• (Path To Device) - The full name of the Satellite device for which to export the content files.
• (Export Directory) - The full path to a directory to which to export the content files.

Accepts the following options:

• -a, --exportAll - Exports all content assigned to the Satellite device (by default, only missing content is exported).

Export the content type replication schedule from the Satellite device to a file.

• (Path To Device) - The full name of the satellite device from which to export the replication setting schedule.
• (Content Type) - The name of the content type for the replication setting to export from the satellite device.
• -s, --scheduleFileName =<file path> - The full path to a file to which to export the schedule data.

Lists the authentication role settings on a Satellite device.

• (path to device) - The full name of the satellite device from which to list the authentication role settings.

Lists the Satellites with the Imaging role.

Lists the content replication schedule and throttle settings on the Satellite by content type.

• (path to device) - The full name of the satellite device from which to list the replication settings.

Lists previously defined Satellite roles.

Accepts the following option:

• [Managed device] - The full name of the managed device for which to list Satellite roles. If not specified, all available Satellite roles are displayed.

Lists the Satellites and their roles.

Remove a content type replication schedule and throttle setting from the Satellite device.

• (Path To Device) - The full name of the satellite device from which to remove the replication setting.
• (Content Type) - The name of the content type for the replication setting to remove from the satellite device.

Removes the Satellite Imaging server role from the managed device.

If your Management Zone consists of ZENworks Primary Server and ZENworks Configuration Management Satellites, you cannot remove individual roles from the Satellites. You can only demote the Satellite to a managed device. You can delete a Satellite that has any version of the ZENworks Agent installed.

• (Path to Device) - The path of the managed device relative to /Devices/Workstations. The device specified must be a Satellite with the Imaging role.
• -r, --removeImageFiles - Deletes the image files from the specified device.

-f|--force] - Forces demotion of imaging role on Satellite Server. Use this option only in any of the following scenarios:

Updates a content type replication schedule and throttle setting to the Satellite device.

• (Path To Device) - The full name of the satellite device to which to update the replication setting.
• (Content Type) - The name of the content type for the replication setting to update to the satellite device.
• -s, --scheduleFileName=(file path) - The full path to a file with the schedule data for the replication setting saved in XML format.

Accepts the following option:

• -d, --duration=<duration> - The content replication duration period (in minutes).
• -t, --throttleRate=<Throttle Rate> - The throttle rate in kbps for the replication setting to update to the satellite device.

Assigns bundles to a server object.

Accepts the following options:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.
• -I, --icon-location=[application location XML file] - XML file that contains the locations to place the icon for the bundle application. For the XML file format, refer to IconLocation.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\bundles on a Windows server.
• -d, --distribution-schedule=[distribution schedule XML file] - The XML file that contains the distribution schedule.
• -l, --launch-schedule=[launch schedule XML file] - The XML file that contains the launch schedule.
• -a, --availability-schedule=[availability schedule XML file] - The XML file that contains the availability schedule. For the schedule XML file templates, refer to the XML files located in /opt/microfocus/zenworks/share/zman/samples/schedules on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ schedules on a Windows server.
• -D, --dry-run - Tests and displays the requested actions but does not actually perform them.
• -i, --install-immediately - Installs the bundle immediately after distribution. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -L, --launch-immediately - Launches the bundle immediately after installation. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -n, --distribute-now - Sets the distribution schedule to distribute the bundle immediately. If this option is specified, the --distribution-schedule and --distribute-on-device-refresh options are ignored. The --distribute-now, --distribute-on-device-refresh, and --distribution-schedule options are mutually exclusive and are used to set the distribution schedule. The --distribute-now option is considered first, followed by --distribute-on-device-refresh and --distribution-schedule.
• -r, --distribute-on-device-refresh - Sets the distribution schedule to distribute the bundle on device refresh. If this option is specified, the --distribution-schedule option is ignored.
• -s, --launch-on-device-refresh - Sets the launch schedule to launch the bundle on device refresh. If this option is specified, the --launch-schedule option is ignored.
• -w, --wakeup-device-on-distribution - Wakes up the device by using Wake-On-LAN if it is shut down while distributing the bundle. To use this option, you must also specify the distribution schedule. The distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -B, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -S, --server=[The path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the device(s). This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -T, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.

Prior to ZENworks 11 SP4, this command was used to add a new valid certificate for a server, replacing the existing certificate that was about to expire. With the introduction of the SSL Management feature in ZENworks 11 SP4, this command has been deprecated.

To add a certificate that is missing in the database, you can use this command with the force ( -f, --force) option. However, if there is already an active certificate present in the database, you cannot use this command.

(server object path) - The path of the server objects (server, server folder or server group) relative to /Devices/Servers.

(certificate file path)- Path of the DER format certificate file.

• -f, --force - Forces the certificate to the added as the active certificate. This option will work only if an active certificate is not available in the database.

Assigns policies to a server object.

Accepts the following options:

• -c, --conflicts=[policy conflict resolution order] - Determines how policy conflicts are resolved. Valid values are userlast or 1, devicelast or 2, deviceonly or 3, useronly or 4. For userlast, device-associated policies are applied first, followed by user-associated policies. For devicelast, user-associated policies are applied first, followed by device-associated policies. For deviceonly, user-associated policies are ignored. For useronly, device-associated policies are ignored. If this option is not specified, userlast is taken as the default value.
• -e, --enforce-now - Enforces the policy immediately on all assigned devices.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Copies relationships from a selected server to other servers. Server relationships include bundle assignments, policy assignments and group memberships.

Accepts the following options:

• -r, --relationship-type: Relationship types to copy. Valid values are bundles, policies and groups. The option bundles will copy all the associated bundle assignments of the source device. The option policies will copy all the associated policy assignments of the source device. The option groups will add target devices as the member of the groups that are associated with the source devices. You can provide multiple types by comma separated values.
• -a, --assignment-options: Assignment options. The valid values are assign-to-group-members, assign-to-folder-members and assign-to-folder-members-recursively. The option assign-to-group-members will copy the assignments to members of the target groups. The option assign-to-folder-members will copy the assignments to devices inside the target folder. The option assign-to-folder-members-recursively will copy the assignments to devices inside the target folders and its sub folders. if a value is not specified, the assignments are made to the target folders or groups directly.
• -c, --conflict-resolution: Conflict resolution options for existing assignments. The valid values are delete-existing-assignments and replace-existing-assignments. The option delete-existing-assignments will delete all the existing assignments of the target devices. The option replace-existing-assignments will replace the existing assignments of the target devices with the selected assignments. If a value is not specified, the existing assignments on the target devices are retained.
• -g, --group-membership: The group membership options for the target object type, Groups and Folders. The valid values are add-folder-members-recursively, and delete-existing-group-membership. The option add-folder-members-recursively adds devices inside the target folders and their sub folders as members of the groups to which the source device belongs. The option delete-existing-group-membership deletes the existing group memberships of the target devices. If the targets have groups, then all the members of the groups are added as members of the selected group and if the targets have folders, then all the devices in that folder are added as members to the selected group, non-recursively.
• -p, --export-path: The complete path of the file to which the Copy Relationships results need to be exported, in CSV format. You can specify a file path along with a file name that has the .csv extension. If the path is not specified, the CSV file will be exported to the default path (Linux: /var/opt/microfocus/zenworks/tmp; Windows: %zenworks_home%\work\tmp).
• -f, --continue-on-failure: This option is not mandatory. If this option is specified, the Copy Relationships operation will continue even when a failure is encountered. If this option is not specified, the Copy Relationships operation will terminate when a failure is encountered.

Examples:

To copy all the relationships of the source server to multiple servers types:

zman server-copy-relationships serverfolder/sourceserver --relationship-type=bundles,policies,groups serverfolder/server serverfolder/serverfolder1 serverfolder/servergroup

To copy policy assignments of the source server to the servers inside target server folders recursively: zman scr serverfolder/sourceserver --relationship-type=policies serverfolder1 serverfolder2 -assignment-options=assign-to-folder-members-recursively.

To replace conflict bundle assignments of the target servers while copying the assignments from source server:

To add servers of the target servers groups to the groups of the source server: zman scr serverfolder/sourceserver -r=groups servergroup -group-membership=add-group-members.

zman scr serverfolder/sourceserver -r=bundles serverfolder/server1 -conflict-resolution=replace-existing-assignments

To add servers of the target servers groups to the groups of the source server:

zman scr serverfolder/sourceserver -r=groups servergroup

To copy all the relationships of the source server to multiple servers with the Continue on failure and Export as CSV options (to C:\temp\) specified:

zman server-copy-relationships serverfolder/sourceserver --relationship-type=bundles,policies,groups serverfolder/server serverfolder/serverfolder1 serverfolder/servergroup -f -p=C:\temp\

To copy policy assignments of the source server to the servers within the target folders, recursively, with terminate on failure and Export as CSV options (to C:\temp\copyresult.csv)specified:

zman scr serverfolder/sourceserver --relationship-type=policies serverfolder1 serverfolder2 -assignment-options=assign-to-folder-members-recursively -p=C:\temp\copyresult.csv

Deletes one or more server objects.

(server object path) [...] - The path of the server objects (server, server folder or server group) relative to /Devices/Servers. The wildcard * can be used in the object names if it is enclosed in quotation marks. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -p, --preapproved - Adds the deleted devices to the pre-approved devices list.
• -f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.

Creates a new folder for containing servers.

Accepts the following option:

• --desc=[description] - Description for the folder.

Adds servers to a server group.

Accepts the following option:

• -f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.

Creates a server group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[server path][...] - The path of the servers relative to /Devices/Servers.
• -f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.

Lists members of a server group or a dynamic server group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Removes servers from a server group.

Accepts the following option:

• -f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.

Lists detailed information about a server.

Lists server objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -t, --typefilter=[type filter][...] - Displays results matching the comma-separated list of object types specified. Valid values are device, group, and folder.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.
• -f, --flagfilter=[flag filter][...] - Displays results matching the comma-separated list of flags specified. Valid values are retired, notretired, test, and non-test.

Lists bundles assigned to a server object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective bundles.
• -e, --effective - Lists only effective bundles.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists groups of which the given server is a member.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists policies assigned to a server object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective policies.
• -e, --effective - Lists only effective policies.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Moves a server object to a different folder.

Refreshes the ZENworks Agent in the servers.

Accepts the following option:

-f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.

--server=<server/server folder/server group object path>[...] - The path of Primary Server objects (server, server folder or server group) relative to /Devices/Servers to send Quick Task notifications.

--notify=<minutes> - Time in minutes to notify all devices.

--expire=<minutes> - Time in minutes for expiry after creation of the quick task. Specify 0 to expire immediately.

--currentserver - Add quick task to the current Primary Server.

--anyserver - Add quick task in any of the Primary Servers.

--expirenever - The quick task never expires in the Primary Server.

Removes bundles assigned to a server object.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Removes policies assigned to a server object.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This helps you to specify multiple policy objects under the same folder.

Renames a server object.

Changes the order of bundles assigned to a server. Use the server-list-bundles command to get the order of assigned bundles.

Changes the order of policies assigned to a server. Use the server-list-policies command to get the order of assigned policies.

Retires the selected server from your ZENworks system at its next refresh. Retiring a device is different from deleting a device. When you retire a device, its GUID is retained (as opposed to when you delete a device, which also deletes its GUID). As a result, all inventory information is retained and is accessible, but all policy and bundle assignments are removed. If you reactivate the device in the future, its assignments are restored.

Accepts the following option:

• -i, --immediate - Forces a device refresh to immediately retire the device.

Sets a server as a test device.

Examples

To set server1 as a test device:

zman ssat server1

Assigns the ZooKeeper role to a Primary Server.

--servers - Comma separated list of servers. The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Removes a server from the Zookeeper cluster. At least one server in the zone must have the ZooKeeper role in it.

--servers - The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Lists the currently configured servers in the Zookeeper Cluster.

Updates the common properties of the Zookeeper Cluster.

Accepts the following options:

• -l --leader-connect-port: Define the leader port that the followers will use to connect to a leader in the cluster. The default port is 6790. However, you can specify an unused port between 6000 and 65535.
• -c --client-port: Define the port on which Zookeeper will listen in for incoming connections. The default port is 6789. However, you can specify an unused port between 6000 and 65535.
• -e --leader-elect-port: Define the election port that all servers in the cluster will use to elect the leader. The default port is 6791. However, you can specify an unused port between 6000 and 65535.
• -t --tick-time: Define the length of a single tick, which is a basic time unit in milliseconds, used by Zookeeper to regulate heartbeats and timeouts. The default value is 2000.
• -i --init-limit: Define the amount of time, in ticks, to allow followers to connect to the leader. The default value is 10.
• -s --sync-limit: Define the amount of time, in ticks, to allow followers to sync with Zookeeper. The default value is 5.
• -x --max-connections: Specify the maximum number of client connections that the Zookeeper cluster can accept. The default value is 60.

Configures the Kafka cluster.

• Accepts the following options:
• -a --logRetentionPeriod: Specify the duration (in hours) for which the Kafka logs should be retained.
• -c --replication count: Specify the number of copies to be made for each topic.
• -l --logRetentionBytes: Specify the maximum permissible size of the log, beyond which, the existing data is overwritten with the new data. By default the log size is unlimited.
• -t --zkSessionTimeout: Specify the Zookeeper session timeout (in milliseconds). The default value is 30000 ms. If the server fails to signal a heartbeat to ZooKeeper within this specified time period, then the server is considered to be dead. A heartbeat request helps identify if the server is still connected to the Kafka cluster.
• -r --retainDetectedLogsDuration: Specify the maximum time to retain deleted logs.
• -p --logCleanupPolicy: Specify the default cleanup policy for segments that exceed the maximum permissible retention window. The possible values are Delete and Compact. The default value is Delete. The Delete policy will remove old segments when the retention time or size limit has reached. The Compact policy will enable log compaction on the topic, which ensures that Kafka will always retain at least the last known value for each message key within the log of data for a single topic partition.
• -s --schemaregistryport: Specify the port on which the schema registry is running. The default port is 8081.
• -k, --kafkaport: Specify the port on which Kafka listens. The default port is 9093.
• -x, --connectport: Specify the port on which Kafka connect listens. The default port is 8083.

Adds a broker to the Kafka cluster.

--servers - Comma separated list of servers. You can specify the GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

-i --ignorewarning- Specify true or false. This option is used to ignore the warning message related to client authentication certificate that is displayed when an External CA is identified. To proceed, you can set this option as true.

Removes a broker from the Kafka cluster.

--servers - The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Reconfigures the Kafka broker.

--servers- Comma separated list of servers. The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Updates the Kafka cluster configuration.

• Accepts the following options:
• -l --logRetentionBytes: Specify the maximum permissible size of the log, beyond which, the existing data is overwritten with the new data. By default the log size is unlimited.
• -t --zkSessionTimeout: Specify the Zookeeper session timeout (in milliseconds). The default value is 30000 ms. If the server fails to signal a heartbeat to ZooKeeper within this specified time period, then the server is considered to be dead. A heartbeat request helps identify if the server is still connected to the Kafka cluster.
• -r --retainDetectedLogsDuration: Specify the maximum time to retain deleted logs.
• -p --logCleanupPolicy: Specify the default cleanup policy for segments that exceed the maximum permissible retention window. The possible values are Delete and Compact. The default value is Delete. The Delete policy will remove old segments when the retention time or size limit has reached. The Compact policy will enable log compaction on the topic, which ensures that Kafka will always retain at least the last known value for each message key within the log of data for a single topic partition.
• -c, --replication count: Specify the number of copies to be made for each topic.
• -s --schemaregistryport: Specify the port on which the schema registry is running.
• -k, --kafkaport: Specify the port on which Kafka listens.
• -x, --connectport: Specify the port on which Kafka connect listens.

Retrieves the Kafka cluster configuration.

Retrieves the list of Kafka connectors.

Restarts the specified Kafka connectors.

• Accepts the following option:
• -c --connectors: Specify a comma separated list of connectors.

Retrieves the Kafka connector configuration details.

• Accepts the following option:
• -c --connector: Specify the name of the connector to retrieve its configuration details.

Reconfigures the specified Kafka connectors.

• Accepts the following option:
• -c --connectors: Specify a comma separated list of connectors.

Re-creates the Kafka connectors. This command is to be executed if the database is migrated from one RDBMS to another.

• Accepts the following option:
• -f --force: Forces re-creation of Kafka connectors by deleting all existing connectors.
• Examples:
• To set current time as the reset time and force option as true, run
• zman server-role-kafka-recreate-connectors -f true
• To set a custom time as the reset time, run
• zman server-role-kafka-recreate-connectors -f true -r "Fri, 01 Mar 2019 15:00:00 GMT"

Creates a Vertica cluster with one or more nodes. This is the first command that must be run when configuring Vertica.

--servers- A comma separated list of servers. The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

• Accepts the following option:
• -k --replication-factor: Specify the number of replicas of the data that should exist in the database. You need to specify a value based on the number of nodes in the cluster and the minimum number of nodes required are measured as 2k+1. Vertica recommends a K-safety factor of 1.

Adds a server to the Vertica cluster.

--servers - A comma separated list of servers. The GUID, DNS or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Removes a server from the Vertica cluster.

--servers - A comma separated list of servers. The GUID, DNS, or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Lists the servers within the Vertica cluster.

Updates the K-safety factor in the cluster.

• Accepts the following option:
• -k --replication-factor: Modify the replication factor to indicate the total number of replicas to be maintained within a cluster.

Retrieves the Vertica database credentials.

Prepares the server during the backup and restore process.

(server object path) - GUID, DNS, or the path of the server objects (server, server folder or server group) relative to /Devices/Servers.

Sets a server as a non-test device.

Examples

To set server1 as a non-test device:

zman ssan server1

Displays statistics of ZENworks server usage.

Reactivates the selected server at its next refresh and reapplies all policy and bundle assignments that the device previously had.

Accepts the following option:

• -i, --immediate - Forces a device refresh to immediately unretire the device.

Displays the advanced deployment status of bundles assigned to a server.

Accepts the following options:

• --statusfilter=[status type][...] - Filter on the status of Bundle Distribution and Install Events. Valid values are S, R, C, A, F, and P (Success, Partial Success, Completed, Partial Complete, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Examples

To view the deployment status of bundles assigned to server1:

zman svabs server1

To view the deployment status of bundles assigned to server1 having bundle deployment status as success or pending:

zman svabs server1 --statusfilter S,P

Displays the advanced deployment status of policies assigned to a server.

Accepts the following options:

• --statusfilter=[status type][...] - Filters on the status of Policy Apply Event. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Wakes up a server using Wake-On-LAN.

Accepts the following options:

• -f, --folder=[server folder] - The path of a server folder relative to /Devices/Servers. If this option is specified, the path of the server objects is determined relative to this folder. This can be used to specify multiple server objects under the same folder.
• -b, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -s, --server=[Path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the devices. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -t, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.

Copies settings.

(source device or device folder path) - The path of the device or device folder relative to /Devices from which settings have to be copied.

(destination device or device folder path) [...] - The path of the devices or device folders relative to /Devices to which settings must be copied.

Accepts the following option:

• -n, --names=[settings name][...] - Names of the settings to be copied from the source path. If this option is not specified, all settings defined at the source path are copied.

Exports settings data (in XML format) to a file. The XML file is to be used as input for creating or modifying settings.

(XML file path) - The file into which the settings data is stored in XML format. If the file does not exist, a new file is created.

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

Accepts the following options:

• -s, --source=[source device or device folder path] - The path of the device or device folder relative to /Devices from which settings must be exported. If this option is not specified, settings are exported from the Zone.
• -e, --effective - If specified, the effective settings are retrieved; otherwise, only the settings defined or overridden at the source path are retrieved.

Reverts the settings to that of the parent folder.

(source device or device folder path) - The path of the device or device folder relative to /Devices, whose settings must be reverted.

Sets settings at various levels.

(XML file path) - XML file containing exported settings information. Use settings-export-to-file (setf) to export settings information into a XML file.

Accepts the following options:

[settings name] [...] - Names of the settings to be exported. If this option is not specified, all settings are exported.

• -s, --source=[source device or device folder path] - The path of the device or device folder relative to /Devices for which settings have to be set. If this option is not specified, settings are set at the Zone level.

Deletes the Google Cloud Messaging configured values. You need to restart the ZENworks services for the changes to take effect.

Enables or disables the settings that will secure the agent to server communication. By default, this setting will be enabled on the freshly installed ZENworks (2020 Update 2). On upgraded zone, the enhanced security feature will be disabled so that the agents with ZENworks 2020 Update 1 and earlier versions continue to communicate with the upgraded servers. However, if you are upgrading all the devices in the zone, then it is recommended that you enable the enhanced security feature. When the security feature is enabled, any devices at a lower version will not be able to communicate with the Primary Server. After enabling this feature, to register a device, you need to create an authorization key or add the device to the pre-approved devices list. For more information, see ZENworks Discovery, Deployment, and Retirement Reference.

After enabling the security feature,

To enable the security setting, run zman ssassc --option=true

To disable the security setting, run zman ssassc --option=false

After modifying this setting, you need to restart the ZENworks Server Service (microfocus-zenworks-configure -c Start) to apply the changes.

Creates a new subscription.

(subscription XML file) - XML file containing exported subscription information. Use subscription-export (sre) to export an existing subscription's information into an XML file. If you want to reuse files, template XML files can be created from subscriptions that were created through ZENworks Control Center. For a sample XML file, refer to nu.xml located in

On Linux: /opt/microfocus/zenworks/share/zman/samples/subscriptions

On Windows: %ZENSERVER_HOME%\Micro Focus\zenworks\share\zman\samples\subscriptions

Accepts the following options:

• -d, --desc=[description] - Description for the subscription.

• -s, --sysIDpath=[rhel-systemid]

Creates a new subscription folder.

Accepts the following option:

• --desc=[description] - Description for the folder.

Moves a subscription object to a different folder.

Begins a subscription replication.

Accepts the following options:

• -s, --schedule=[XML filename] - The XML file that contains the schedule to begin subscription. The Eventsch.xml file is not applicable for subscriptions.
• -r, --fromRepository - The repository from which to replicate content.

Exports subscription information (in XML format) to a file. The XML file is to be used as input for creating subscriptions.

Deletes one or more subscription objects. The subscriptions that are in InProgress, Suspended, and Assigned status cannot be deleted.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -b, --delete-bundles - Deletes all the bundles that were created by the specified subscription.
• -f, --folder=[subscription folder] - The path of a subscription folder relative to /Subscriptions. If this option is specified, the path of the subscription objects is determined relative to this folder. This option can be used to specify multiple subscription objects under the same folder.

Lists subscription objects.

Accepts the following options:

• -r, --recursive - Lists results recursively, including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards *and ? can be used if they are enclosed in quotation marks.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.
• [folder] - Lists the contents of the specified folder. If you do not specify a folder, the contents of the root folder are listed.

Exports or modifies an existing subscription.

Accepts the following options:

• -d, --desc=[description] - Description for the subscription.
• -s, --sysIDpath=[rhel-systemid]

Returns the subscription’s status.

Accepts the following options:

• -s, --suspend - Suspends the replication and changes the subscription status to Suspended.
• -c, --cancel - Cancels the replication and changes the subscription status to Canceled.

Lists data such as bundles, catalogs, and packages.

Accepts the following options:

• -r, --fromRepository - Bypasses the cache and downloads the metadata from the repository from which to replicate the content.
• -i, --ignoreFilters - List the content, ignoring any filters that might be configured.

Copies a subscription.

Accepts the following option:

• -d, --desc=description - Description for the bundle.

Renames a subscription.

For example, to rename a subscription SLES10Update to SLED10Update, run the command as follows:

zman srrn /Subscription/SLES10Update /Subscription/SLED10Update

Configures the proxy password to be used by any subscription during replication. In this command, the proxy password argument is optional. If you do not enter the proxy password argument, the command prompts you to enter the password.

Unenrolls the Android enterprise account.

Accepts the following arguments:

[enterprise-id] Specify the enterprise ID that you want to unenroll

[NCC-username] Specify the NCC user name.

[password-file-path] Specify the location of the password file. Password file can be saved in any file format.

Example: sueae LC046w6dx5 MFtest C:\password.txt

In this example, LC046w6dx5 is the enterprise ID, MFtest is the NCC username and C:\password.txt is the location where the password is saved.

Deletes data associated with unenrolled Android enterprise subscription such as bundles, apps, users and other related data.

Downloads the latest system updates or PRU.

(system update or PRU name) - System update or PRU name or UID.

Displays a list of all available updates or PRUs published on the update server or in an update file.

Accepts the following options:

• -i, --importFile=[path to import file/directory] - Full path to the import file to query.
• -u, --url=[url to update server] - URL for the system update server to query in the format http://servername:[port]/path.
• -f, --product=[product code] - The product code to check for updates (for example, zcm, pru).
• -v, --version=[product base version] - The base version of the product to check for updates (for example, 10.0, 10.1).

Displays the status of the specified system update or PRU.

(system update or PRU name) - System update or PRU name or UID.

Deletes a specified system update or PRU from the zone.

(system update or PRU name) - System update or PRU name or UID.

Accepts the following option:

• -f, --force - Forces the update to be deleted. The assignment is removed only from the server. If you refresh the device and see the update, then update will be applied on that device. Use with caution, and only if you are sure that the update is not in an active state.

Cancels the download of the system update or PRU.

(system update or PRU name) - System update or PRU name or UID.

Assigns the authorized system update to devices.

(system update name) - System update name or UID.

[device path] [...] - The path of the device relative to /Devices.

Accepts the following option:

• -a, --all - Assign to all devices.

Lists all updates assigned to the specified device or group.

(device path) - The path of the device relative to /Devices.

Authorizes an update or PRU.

(system update or PRU name) - System update or PRU name or UID.

Schedules an attempt to set the specified update as the baseline update.

(system update name) - System update name or UID.

Imports a system update or PRU from a ZIP file or directory into the Zone. After the update or PRU is in the ZENworks system, it can be managed the same way that online updates or PRUs are managed. On a linux server, the ZIP file to be imported should be present within the var/tmp.

(path to update) - The full path to the update or PRU ZIP file or directory.

(system update or PRU name) - System update or PRU name or UID.

(-b, --checkbaseline) - Check for and if applicable, baseline the update. The default is to not baseline the update.

Activates the System Update entitlement for the ZENworks software in the Management Zone to receive the latest version of ZENworks System Updates and Product Recognition Updates (PRUs) from the Micro Focus Customer Center server.

(mail ID) - A valid e-mail address to be used for communication from Micro Focus. We recommended that you specify the e-mail address used to purchase the System Update Maintenance Entitlement.

(activation code) - The System Update entitlement activation code.

Displays the System Update entitlement status.

Rebuilds the deployment packages on this server with the content of the specified update.

(system update name) - System update name or UID.

-f, --force - Force the package to be rebuild, even if there are no new packages included in the update.

Patches an update with new versions of file(s). On a linux server, the ZIP file should be present in the /var/tmp/ location.

(system update name) - System update name or UID.

(path to patch) - Full path of the zip file or the folder where patch files can be found.

Creates the specified standalone update package. This command can be used to create a package for a specific device, using the Update GUID and the device GUID, or to create a package for the platform using the platform and architecture details.

(system update name) - System update name or UID.

[device path] - Path of the device relative to /Devices.

-n, --packagename=<Standalone update package name> - Name of standalone update package. If not specified, name is calculated from the device name or the platform specified.

-p, --platform=<OS Platform> - OS platform for the standalone update package. Valid value is Windows.

-a, --arch=<Architecture> - Device architecture for the standalone update package. Valid values are 32 or 64.

Assigns bundles to a user object.

Accepts the following options:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.
• -I, --icon-location=[application location XML file] - XML file that contains the locations to place the icon for the bundle application. For the XML file format, refer to IconLocation.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\bundles on a Windows server.
• -d, --distribution-schedule=[distribution schedule XML file] - XML file that contains the distribution schedule.
• -l, --launch-schedule=[launch schedule XML file] - XML file that contains the launch schedule.
• -b, --install-schedule=[install schedule XML file] - XML file that contains the install schedule.
• -a, --availability-schedule=[availability schedule XML file] - XML file that contains the availability schedule. For the schedule XML file templates, refer to the XML files located in /opt/microfocus/zenworks/share/zman/samples/schedules on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ schedules on a Windows server.
• -i, --install-immediately - Installs the bundle immediately after distribution. To use this option, you must also specify the distribution schedule. The distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -L, --launch-immediately - Launches the bundle immediately after installation. To use this option, you must also specify the distribution schedule. The distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -n, --distribute-now - Sets the distribution schedule to distribute the bundle immediately. If this option is specified, the --distribution-schedule and --distribute-on-device-refresh options are ignored. The --distribute-now, --distribute-on-device-refresh, and --distribution-schedule options are mutually exclusive and are used to set the distribution schedule. The --distribute-now option is considered first, followed by --distribute-on-device-refresh and --distribution-schedule.
• -r, --distribute-on-device-refresh - Sets the distribution schedule to distribute the bundle on device refresh. If this option is specified, the --distribution-schedule option is ignored.
• -s, --launch-on-device-refresh - Sets the launch schedule to launch the bundle on device refresh. If this option is specified, the --launch-schedule option is ignored.

Assigns policies to a user object.

Accepts the following options:

• -e, --enforce-now - Enforces the policy immediately on all assigned devices.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Adds a user container to a user source configured in ZENworks.

(user container) - The user container to be added in RDN (Relative Distinguished Name) format, relative to the root context of the LDAP Source.

(display name) - Displays the name for the user container.

Adds users to a ZENworks user group.

Accepts the following option:

• -f, --folder=[user folder] - The path of a user folder relative to /Users. If this option is specified, the path of the user objects is determined relative to this folder. This can be used to specify multiple user objects under the same folder.

Creates a ZENworks user group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[user path][...] - The path of the users relative to /Users.
• -f, --folder=[user folder] - The path of a user folder relative to /Users. If this option is specified, the path of the user objects is determined relative to this folder. This can be used to specify multiple user objects under the same folder.

Deletes one or more ZENworks user groups.

(ZENworks user group path) [...] - The path of the ZENworks user group relative to /Users/ZENworks User Groups.

Lists members of a ZENworks user group or LDAP Directory user group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Initiates a refresh on all the user sources.

Removes users from a ZENworks user group.

Accepts the following option:

• -f, --folder=[user folder] - The path of a user folder relative to /Users. If this option is specified, the path of the user objects is determined relative to this folder. This can be used to specify multiple user objects under the same folder.

Lists detailed information about a user.

Lists user objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -t, --typefilter=[type filter][...] - Displays results matching the comma-separated list of object types specified. Valid values are user, group, and folder.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists bundles assigned to a user object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective bundles.
• -e, --effective - Lists only effective bundles.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists groups of which the given user is a member.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists policies assigned to a user object.

• -a, --all - Lists both effective and non-effective policies.
• -e, --effective - Lists only effective policies.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Displays the devices on which a user is logged in.

Lists the user’s primary workstation, number of logins, and number of minutes that the user has been logged in to the primary workstation.

Removes bundles assigned to a user object.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Removes policies assigned to a user object.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Changes the order of policies assigned to a user.

Sets an user as a test user.

Examples

To set user1 as a test user:

zman usat user1

Sets an user as a non-test user.

Examples

To set user1 as a non-test user:

zman usan user1

Configures a user source.

Accepts the following option:

-a, --accept-certificate - Accepts the certificate presented by the user source when SSL mode is chosen. This option is provided to avoid interactive mode for scripting. It is advisable to view the certificate and then accept it.

The xml file should include the following content:

For Active Directory

<UserSourceInformation xmlns="http://novell.com/zenworks/zman/usersource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!--Configuring a user source, allows bundle and policy objects to be assigned to identities contained in an LDAP directory-->

  <!--Please enter the connection information for the LDAP directory.-->
  <ConnectionInformation>    
<!--Specify the IP Address of the LDAP Server. For example, 192.168.1.60-->
    <Address>xxx.xxx.xx.xx</Address>
    <UseSSL>true</UseSSL>
    <IgnoreDynamicGroups>false</IgnoreDynamicGroups>
    <Port>636</Port>
<!--389 is the default non-ssl port -->
    <RootLDAPContext></RootLDAPContext>
  </ConnectionInformation>
  
  <!--Please enter the LDAP credentials that will be used when information is needed from the user source. 
       These credentials need to provide read access to the contexts of your tree where users reside.-->
  <CredentialsInformation>
    <Username>ZENworks@domain.com</Username>
    <Password>Password</Password>
  </CredentialsInformation>
  
  <!--Include the containers of your user source where your users reside. In order to minimize browsing 
        include user containers directly. You may include any number of containers independently and manage them as a set or individually-->
  <UserContainers>
    <UserContainer>
      <Context>cn=Users</Context>
      <DisplayName>Users</DisplayName>
    </UserContainer>
  </UserContainers>
  
  <!-- Optionally include authentication mechanisms to use with your user source. Add zero or more mechanism types. 
       Accepted mechanisms are "Username/Password" and "Kerberos". -->
  <Mechanism><Type>Username/Password</Type></Mechanism>
  <!--Mechanism><Type>Kerberos</Type></Mechanism-->
  
</UserSourceInformation>

For eDirectory

<UserSourceInformation xmlns="http://novell.com/zenworks/zman/usersource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!--Configuring a user source, allows bundle and policy objects to be assigned to identities contained in an LDAP directory-->

  <!--Please enter the connection information for the LDAP directory.-->
  <ConnectionInformation>  
<!--Specify the IP Address of the LDAP Server. For example, 192.168.1.60--> 
    <Address>xxx.xx.xx.xx</Address>
    <UseSSL>true</UseSSL>
    <IgnoreDynamicGroups>false</IgnoreDynamicGroups>
    <Port>636</Port>
<!--389 is the non-ssl port-->
    <RootLDAPContext></RootLDAPContext>
  </ConnectionInformation>
  
  <!--Please enter the LDAP credentials that will be used when information is needed from the user source. 
       These credentials need to provide read access to the contexts of your tree where users reside.-->
  <CredentialsInformation>
    <Username>cn=admin,o=novell</Username>
    <Password>novell</Password>
  </CredentialsInformation>
  
  <!--Include the containers of your user source where your users reside. In order to minimize browsing 
        include user containers directly. You may include any number of containers independently and manage them as a set or individually-->
  <UserContainers>
    <UserContainer>
      <Context>ou=Container1,o=Novell</Context>
      <DisplayName>Container1</DisplayName>
    </UserContainer>
    <UserContainer>
      <Context>ou=Container2,o=Novell</Context>
      <DisplayName>Container2</DisplayName>
    </UserContainer>
  </UserContainers>
  
  <!-- Optionally include authentication mechanisms to use with your user source. Add zero or more mechanism types. 
       Accepted mechanisms are "Username/Password" and "Shared Secret". -->
  <Mechanism><Type>Username/Password</Type></Mechanism>
  <Mechanism><Type>Shared Secret</Type></Mechanism>
  
</UserSourceInformation>

Azure Active Directory

<AzureUserSourceInformation xmlns="http://novell.com/zenworks/zman/usersource" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserSourceName>novel</UserSourceName>
<TenantId>f949220b-6abe-4a3d-b414-62a2cafdc71b</TenantId>
<ApplicationId>8772ff75-f93e-4b0b-a291-9c78a3f89ee7</ApplicationId>
<ClientSecret>SsF8Q~urDfRGMqjYWInlcW.jtiVlr9vxDzLSFcvz</ClientSecret>
<ApplicationName>abc</ApplicationName>
<MdmUId>uyuuu</MdmUId>
</AzureUserSourceInformation>

Lists the configured user sources.

List the server connections for a user source.

Removes a server connection from a user source.

Removes the specified user source server certificates.

• (inputParams): Specify the relevant parameters:
• To remove a single user source server certificate, specify the user source name and the server connection name in the following format: <usersourcename>,<serverconnectionname>
• To remove multiple user source server certificates, specify the path to the CSV file that contains the list of user source names and server connection names in the following format: <usersourcename>,<serverconnectionname>

Adds an additional trusted certificate for another LDAP server that can be referred to during the processing of an LDAP search request when using secure user source connections.

• (certificate alias) - The alias used to identify the certificate in the key store.
• (certificate file path) - The path to the DER format certificate file.

• -c, --ca-cert: Adds a CA certificate. The alias name must either be a user source name or GUID.
• For more information on user source details, see the user-source-list command.

Lists the additional trusted certificates used for secure user source connections.

Removes a trusted certificate used for secure user source connections.

• (certificate alias) - The alias used to identify the certificate in the key store.

Adds a new server connection for a user source.

Accepts the following options:

-a, --accept-certificate - Accepts the certificate presented by the user source when SSL mode is chosen. This option is provided to avoid interactive mode for scripting. It is advisable to view the certificate and then accept it.

-s, --use-ssl - Specifies that SSL should be used when accessing the new server.

Displays the advanced deployment status of bundles assigned to a user.

Accepts the following options:

• --statusfilter=[status type][...] - Filters on the status of Bundle Distribution and Install Events. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Displays the advanced deployment status of policies assigned to a user.

Accepts the following options:

• --statusfilter=[status type][...] - Filters on the status of Policy Apply Event. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Initiates a complete synchronization of users and user groups with Azure Active Directory for the specified user source.

Example: zman uass --usersource=opentext.

This will initiate synchronization of users and user groups with Azure Active Directory associated with the user source opentext.

Assigns bundles to a workstation object.

Accepts the following options:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.
• -I, --icon-location=[application location XML file] - XML file that contains the locations to place the icon for the bundle application. For the XML file format, refer to IconLocation.xml located in /opt/microfocus/zenworks/share/zman/samples/bundles on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\bundles on a Windows server.
• -d, --distribution-schedule=[distribution schedule XML file] - XML file that contains the distribution schedule.
• -l, --launch-schedule=[launch schedule XML file] - XML file that contains the launch schedule.
• -a, --availability-schedule=[availability schedule XML file] - XML file that contains the availability schedule. For the schedule XML file templates, refer to the XML files located in /opt/microfocus/zenworks/share/zman/samples/schedules on a Linux server or Installation_directory:\Micro Focus\Zenworks\share\zman\samples\ schedules on a Windows server.
• -b, --install-schedule=[install schedule XML file] - XML file that contains the install schedule.
• -i, --install-immediately - Installs the bundle immediately after distribution. To use this option, you must also specify the distribution schedule. The distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -L, --launch-immediately - Launches the bundle immediately after installation. To use this option, you must also specify the distribution schedule. The distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -n, --distribute-now - Sets the distribution schedule to distribute the bundle immediately. If this option is specified, the --distribution-schedule and --distribute-on-device-refresh options are ignored. The --distribute-now, --distribute-on-device-refresh and --distribution-schedule options are mutually exclusive and are used to set the distribution schedule. The --distribute-now option is considered first, followed by --distribute-on-device-refresh and --distribution-schedule.
• -r, --distribute-on-device-refresh - Sets the distribution schedule to distribute the bundle on device refresh. If this option is specified, the --distribution-schedule option is ignored.
• -s, --launch-on-device-refresh - Sets the launch schedule to launch the bundle on device refresh. If this option is specified, the --launch-schedule option is ignored.
• -w, --wakeup-device-on-distribution - Wakes up the device by using Wake-On-LAN if it is shut down while distributing the bundle. To use this option, you must also specify the Distribution schedule. The Distribution schedule can be specified by using the --distribution-schedule, --distribute-now, or --distribute-on-device-refresh option.
• -D, --dry-run - Tests and displays the requested actions but does not actually perform them.
• -B, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -S, --server=[Path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the device. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -T, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.

Assigns policies to a workstation object.

Accepts the following options:

• -c, --conflicts=[policy conflict resolution order] - Determines how policy conflicts are resolved. Valid values are userlast or 1, devicelast or 2, deviceonly or 3, useronly or 4. For userlast, device-associated policies are applied first, followed by user-associated policies. For devicelast, user-associated policies are applied first, followed by device-associated policies. For deviceonly, user-associated policies are ignored. For useronly, device-associated policies are ignored. If this option is not specified, userlast is taken as the default value.
• -e, --enforce-now - Enforces the policy immediately on all assigned devices.
• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Copies relationships from a selected workstation to other workstations. Workstation relationships include bundle assignments, policy assignments and group memberships if a value is not specified, the assignments are made to the target folders or groups directly.

Accepts the following options:

• -r, --relationship-type: Relationship types to copy. Valid values are bundles, policies and groups. The option bundles will copy all the associated bundle assignments of the source device. The option policies will copy all the associated policy assignments of the source device. The option groups will add target devices as the member of the groups that are associated with the source devices. If a value is not specified, the existing assignments on the target devices are retained.
• -a, --assignment-options: Assignment options. The valid values are assign-to-group-members, assign-to-folder-members and assign-to-folder-members-recursively. The option assign-to-group-members will copy the assignments to members of the target groups. The option assign-to-folder-members will copy the assignments to devices inside the target folder. The option assign-to-folder-members-recursively will copy the assignments to devices inside the target folders and its sub folders.
• -c, --conflict-resolution: Conflict resolution options for existing assignments. The valid values are delete-existing-assignments and replace-existing-assignments. The option delete-existing-assignments will delete all the existing assignments of the target devices. The option replace-existing-assignments will replace the existing assignments of the target devices with the selected assignments. If a value is not specified, the existing assignments on the target devices are retained.
• -g, --group-membership: The group memberships options for the target object type Groups and Folders. The valid values are add-folder-members-recursively, and delete-existing-group-membership. The option add-folder-members-recursively will add devices inside the target objects and their sub folders as members of the groups to which the source device belongs. The option delete-existing-group-membership will delete the existing group memberships of the target devices. If the targets have groups, then all the members of the groups are added as members to the selected group. If the targets have folders, then all the devices present in that folders are added to the selected group, non-recursively.
• -p, --export-path: The complete path of the file to which the Copy Relationships results need to be exported, in CSV format. You can specify a file path along with a file name that has the .csv extension. If the path is not specified, the CSV file will be exported to the default path (Linux: /var/opt/microfocus/zenworks/tmp; Windows: %zenserver_home%\work\tmp).
• -f, --continue-on-failure: This option is not mandatory. If this option is specified, the Copy Relationships operation will continue even when a failure is encountered. If this option is not specified, the Copy Relationships operation will terminate when a failure is encountered.

Examples:

To copy all the relationships of the source workstation to multiple workstations:

zman workstation-copy-relationships workstationfolder/sourceworkstation --relationship-type=bundles,policies,groups workstationfolder/workstation workstationfolder/workstationfolder1 workstationfolder/workstationgroup

To copy policy assignments of the source workstation to the workstations inside target workstation folders recursively:

zman wcr workstationfolder/sourceworkstation --relationship-type=bundlesworkstationfolder1 workstationfolder2 -assignment-options=assign-to-group-member,assign-to-folder-members

To replace conflict bundle assignments of the target workstations while copying the assignments from the source workstation:

zman wcr workstationfolder/sourceworkstation -r=policies workstationfolder/workstation -conflict-resolution=delete-existing-assignments

To add workstations of the target workstation groups to the groups of the source workstation:

zman wcr workstationfolder/sourceworkstation -r=groups workstationgroup group-membership=add-folder-members-recursively

To add workstations of the target workstation groups to the groups of the source workstation with Continue on failure and Export as CSV (to C:\temp\ folder) options specified:

zman wcr workstationfolder/sourceworkstation -r=groups workstationgroup group-membership=add-folder-members-recursively -f -p=C:\temp\

Deletes one or more workstation objects.

(workstation object path) [...] - The path of the workstation objects (workstation, workstation folder or workstation group) relative to /Devices/Workstations. The wildcard * can be used in the object names if it is enclosed in quotations. Exercise caution while using wildcards for deleting objects.

Accepts the following options:

• -r, --recursive - Deletes objects inside a folder recursively.
• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

• -p, --preapprove - Adds the deleted devices to the preapproved list.

• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

Creates a new folder for containing workstations.

Accepts the following option:

• --desc=[description] - Description for the folder.

Adds workstations to a workstation group.

Accepts the following option:

• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

Creates a workstation group and adds members to it.

Accepts the following options:

• --desc=[description] - Description for the group.
• -m, --members=[workstation path][...] - The path of the workstations relative to /Devices/Workstations.
• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

Lists members of a workstation group or a dynamic workstation group.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Removes workstations from a workstation group.

Accepts the following option:

• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

Lists detailed information about a workstation.

Lists workstation objects.

Accepts the following options:

• -r, --recursive - Lists results recursively including subfolders. If this option is not specified, the contents of the subfolders are not listed.
• -n, --namefilter=[filter string] - Displays results matching the specified name. The wildcards * and ? can be used if they are enclosed in quotation marks.
• -t, --typefilter=[type filter][...] - Displays results matching the comma-separated list of object types specified. Valid values are device, group, and folder.
• -c, --count - Displays the count of the results.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.
• -f, --flagfilter=[flag filter][...] - Displays results matching the comma-separated list of flags specified. Valid values are retired, notretired, test, and non-test.

Lists bundles assigned to a workstation object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective bundles.
• -e, --effective - Lists only effective bundles.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists groups of which the given workstation is a member.

Accepts the following option:

• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Lists policies assigned to a workstation object.

Accepts the following options:

• -a, --all - Lists both effective and non-effective policies.
• -e, --effective - Lists only effective policies.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Moves a workstation object to a different folder.

Refreshes the ZENworks Agent in the workstations.

Accepts the following option:

-f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.

--server=<server/server folder/server group object path>[...] - The path of Primary Server objects (server, server folder or server group) relative to /Devices/Servers to send Quick Task notifications.

--notify=<minutes> - Time in minutes to notify all devices.

--expire=<minutes> - Time in minutes for expiry after creation of the quick task. Specify 0 to expire immediately.

--currentserver - Add quick task to the current Primary Server.

--anyserver - Add quick task in any of the Primary Servers.

--expirenever - The quick task never expires in the Primary Server.

Removes bundles assigned to a workstation object.

Accepts the following option:

• -f, --folder=[bundle folder] - The path of a bundle folder relative to /Bundles. If this option is specified, the path of the bundle objects is determined relative to this folder. This can be used to specify multiple bundle objects under the same folder.

Removes policies assigned to a workstation object.

Accepts the following option:

• -f, --folder=[policy folder] - The path of a policy folder relative to /Policies. If this option is specified, the path of the policy objects is determined relative to this folder. This can be used to specify multiple policy objects under the same folder.

Renames a workstation object.

Changes the order of policies assigned to a workstation. Use the workstation-list-policies command to get the order of assigned policies.

Retires the selected workstation from your ZENworks system at its next refresh. Retiring a device is different from deleting a device. When you retire a device, its GUID is retained (as opposed to when you delete a device, which also deletes its GUID). As a result, all inventory information is retained and is accessible but all policy and bundle assignments are removed. If you reactivate the device in the future, its assignments are restored.

Accepts the following option:

• -i, --immediate - Forces a device refresh to immediately retire the device.

Sets a workstation as a test device.

Examples

To set workstation1 as a test device:

zman wsat workstation1

Sets a workstation as a non-test device.

Examples

To set workstation1 as a non-test device:

zman wsan workstation1

Reactivates the selected workstation at its next refresh and reapplies all policy and bundle assignments that the device previously had.

Accepts the following option:

• -i, --immediate - Forces a device refresh to immediately unretire the device.

Displays the advanced deployment status of bundles assigned to a workstation.

Accepts the following options:

• --statusfilter=[status type][...] - Filter on the status of Bundle Distribution and Install Events. Valid values are S, R, C, A, F, and P (Success, Partial Success, Completed, Partial Complete, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Examples

To view the deployment status of bundles assigned to workstation1:

zman wvabs workstation1

To view the deployment status of bundles assigned to workstation1 having bundle deployment status as success or pending:

zman wvabs workstation1 --statusfilter S,P

Displays the advanced deployment status of policies assigned to a workstation.

Accepts the following options:

• --statusfilter=[status type][...] - Filters on the status of Policy Apply Event. Valid values are S, F, and P (Success, Failure, and Pending). A comma-separated list of status types can be given.
• -s, --scrollsize=[scrollsize] - Number of results to be displayed at a time.

Wakes up a workstation by using Wake-On-LAN.

Accepts the following options:

• -f, --folder=[workstation folder] - The path of a workstation folder relative to /Devices/Workstations. If this option is specified, the path of the workstation objects is determined relative to this folder. This can be used to specify multiple workstation objects under the same folder.
• -b, --broadcast=[Broadcast address][...] - A comma-separated list of addresses used to broadcast the Wake-On-LAN magic packets. This option is used only if you choose to wake up the device by using Wake-On-LAN. A valid IP address is a valid value.
• -s, --server=[Path of the Primary or Proxy Server objects relative to /Devices][...] - A comma-separated list of Primary or Proxy Server objects used to wake up the device. This option is used only if you choose to wake up the device by using Wake-On-LAN.
• -C, --retries=[Number of retries] - Number of times the Wake-On-LAN magic packets are sent to the device(s). This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 0 and 5. The default value is 1.
• -t, --timeout=[Time interval between retries] - The time interval between two retries. This option is used only if you choose to wake up the device by using Wake-On-LAN. The value must be between 2 and 10 (in minutes). The default value is 2.

Provides help at various levels. Refer to the Guide to Usage section for more details on using help.

Displays the syntax of the command.

Displays terse output.

Displays debugging output.

Enables verbose output.

Quiets output, printing only error messages.

Provides a username. If it is not provided, you are prompted.

Specifies a password. If it is not provided, you are prompted.

Specifies the host name or IP address to connect to (default: localhost).

Specifies the port that the server is listening on (default: 443).

Redirects the output of the screen to a file. Use this option over the command line redirection operator (>) to save data in UTF-8 format and to preserve non-English characters.

Ignore the global options file specified in zman-config.properties.

Gives the configuration of the last imported ZeUS msi.

Imports the latest ZeUS MSIs into the Zone.

(path to ZeUS Msis) - Provide the full path to the ZeUS directory.

Accepts the following options:

-f, --force - Reimports the MSI even if the versions are the same. This will overwrite the current zeus configuration in the server.

Retrieves the system update when it is assigned to a device.