Novell ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER, User Manual

Page 1: ...User Guide ZENworks Patch Management 6 4 SP2 ...

Page 2: ...r respective owners Feedback Your feedback lets us know if we are meeting your documentation needs E mail the Novell Technical Publications department at techpubs novell com to tell us what you like best what you like least and to report any inaccuracies LIMIT OF LIABILITY DISCLAIMER OF WARRANTY NOVELL INC MAKES NO REPRESENTATIONS OR WARRANTIES IN REGARDS TO THE ACCURACY OR COMPLETENESS OF THE INF...

Page 3: ...works Patch Management 9 Accessing ZENworks Patch Management 10 Logging on to ZENworks Patch Management 10 Logging Out of ZENworks Patch Managemen 11 Common Functions within Patch Management Server 11 Defining Browser Conventions 12 Using Search 12 Using Filters 13 Using Tabbed Pages 14 Expanding and Collapsing Folders and Outlines 15 Advancing Through Pages 16 Using the Action Menu 16 Using Help ...

Page 4: ...scriptions 35 Package Icons and Descriptions 35 Vulnerability Name 36 Vulnerability Impacts 36 Vulnerability Statistics 37 Searching Filtering and Saving Views 37 Working with Vulnerabilities 38 Vulnerability Status Tabs 38 Column Definitions 39 Device Status 39 Deploying Vulnerabilities 40 Disabling and Enabling Vulnerabilities 40 Disabling a Vulnerability 41 Enabling a Vulnerability 41 Using the...

Page 5: ... With Deployments 69 About Deployments 69 Viewing Deployments 69 Viewing All Deployments 70 Viewing Deployments within Devices 70 Viewing Deployments within Groups 71 Deployment Types 72 Vulnerability based Deployments 72 Package based Deployments 73 Mandatory Baseline Deployments 73 Standard and Chained Deployments 73 Standard Deployments 73 Chained Deployments 73 Reboot and Chained State 74 Usin...

Page 6: ... the Deployment Start and End Functions 100 Package Deployment Order and Behavior Page 101 Behavior Icon Definitions 103 Reboot Icon Definitions 105 Package Deployment Behavior Options Page 106 Modifying Behavior Options 107 Behavior Icon Definitions 107 Optional Package Flags 109 Package Display Options 111 Notification Options Page 112 Deployment Permissions 113 Reboot Notification Options 115 D...

Page 7: ...ntory 140 Viewing Inventory 141 Using the Inventory Tab 141 Inventory Types 142 Scanning Inventory 143 Manually Scheduling the DAU Task 143 Using Custom Inventory 143 Guidelines for Microsoft Windows based Operating Systems 144 Guidelines for Linux Unix Mac based Operating Systems 147 Using Groups 149 To View Groups 150 To Search for a Group 150 Groups and the Directory Tree 151 Parent and Child G...

Page 8: ... Deployment for Specific Devices 177 Device Group Vulnerabilities 178 Enabling Vulnerabilities within a Group 179 Disabling Vulnerabilities within a Group 180 Device Group Inventory 181 Device Group Deployments 182 Deploying to a Group 183 Device Group Policies 184 Adding a Policy to a Group 184 Removing a Policy from a Group 185 Device Group Roles 185 Adding a Role to a Group 186 Removing a Role ...

Page 9: ...ail Report 212 Mandatory Baseline Summary Report 213 Operating System Inventory Detail Report 214 Operating System Inventory Summary Report 214 Package Compliance Detail Report 214 Package Compliance Summary Report 215 Services Inventory Detail Report 216 Services Inventory Summary Report 217 Software Inventory Detail Report 217 Software Inventory Summary Report 218 Vulnerability Analysis Report 2...

Page 10: ...istory 250 Subscription Service Configuration 250 Accessing the Configuration Page 252 Subscription Service Status 253 Subscription Service Proxy Configuration 253 Subscription Service Communication Settings 254 Setting the Vulnerability and Package Languages 254 Configuring Enhanced Content 255 Enabling Enhanced Content 256 Disabling Enhanced Content 257 Exporting Enhanced Content Data 257 Verify...

Page 11: ...flict Resolution Rules 283 Using E Mail Notification 285 Defining E Mail Notification 286 Defining E Mail Alert Thresholds 287 Sending a Test E Mail 288 Technical Support Information 288 Server Information 289 Component Version Information 290 Support Information 291 Using the Agent 293 About the Agent for Pre Windows Vista 293 Viewing the Pre Windows Vista Agent 293 Deployment Tab 294 Server Info...

Page 12: ...310 Starting the Agent 310 Stopping the Agent 311 Restarting the Agent 311 User Interaction During a Deployment 312 Beginning the Deployment 312 Delaying a Deployment 312 Canceling a Deployment 313 User Interaction During a Reboot 313 Rebooting Immediately 313 Delaying a Reboot 314 Canceling the Reboot 314 About the Patch Management Agent for Linux Unix 314 About Patch Management Agent for Windows...

Page 13: ...d TCP and UDP Ports 333 Locking Unused Ports 333 Apply All Security Patches 337 Working With the Content Update Tool 339 Content Update Tool System Requirements 339 Supported Operating Systems 339 Hardware Requirements 339 Other Requirements 339 Installing the Content Update Tool 340 Downloading the Content Update Tool 340 Installing the Content Update Tool 342 Using the Content Update Tool 343 Th...

Page 14: ...n Point 367 Distribution Point System Requirements 367 Supported Operating Systems 367 Hardware Requirements 367 Installing the Distribution Point 367 Downloading the Distribution Point 368 Installing the Distribution Point 370 Configuring the Distribution Point 371 ...

Page 15: ...bilities and Packages Chapter 4 Working With Deployments Chapter 5 Using Devices and Inventory Chapter 6 Using Groups Chapter 7 Reporting Chapter 8 Managing Users and Roles Chapter 9 Configuring Default Behavior Chapter 10 Using the Agent Appendix A Patch Management Server Reference Appendix B Securing Your Patch Management Server Appendix C Working With the Content Update Tool Appendix D Creating...

Page 16: ...entify various information types Convention Usage bold Buttons menu items window and screen objects bold italics Wizard names window names and page names italics New terms options and variables UPPERCASE SQL Commands and keyboard keys monospace File names path names programs executables command syntax and property names ...

Page 17: ...s for the devices This identification process uses prerequisite profiles to determine if a patch is applicable to a computer If the prerequisite profile matches then the agent will use detailed patch identifiers called fingerprints to verify the device is fully patched and protected Product Overview ZENworks Patch Management is an agent based patch vulnerability and compliance management system th...

Page 18: ...cable for each device 3 The results of the scan are returned to the Patch Management Server and can be viewed at any time in the Inventory section of the product If applicable the Agent performs another scan using the patch fingerprints incorporated into each vulnerability to determine the device s patch status in relation to that vulnerability 4 Once patch status is established the ZENworks Patch...

Page 19: ...e 5 Supported Operating Systems ZENworks Patch Management 6 4 SP2 is supported on the following Operating Systems Microsoft Windows Server 2003 Web Edition with SP1 or later Windows Server 2003 Standard Edition with SP1 or later Windows Server 2003 Enterprise Edition with SP1or later Windows Server 2003 R2 Standard Edition SP2 optional but recommended Windows Server 2003 R2 Enterprise Edition SP2 ...

Page 20: ... not be installed unless installed by a previous version of ZENworks Patch Management Supported Database Servers ZENworks Patch Management 6 4 SP2 is supported on the following database servers SQL Server 2005 Express Edition with SP2 SQL Server 2005 Standard Edition with SP2 SQL Server 2005 Enterprise Edition with SP2 NOTE ZENworks Patch Management installs SQL Server 2005 Express Edition with SP...

Page 21: ...ndations Number of Nodes 1 000 2 500 5 000 10 000 10 000 Operating System Windows Server 2003 Web Edition with SP2 Windows Server 2003 Web Edition with SP2 Windows Server 2003 Web Edition with SP2 Windows Server 2003 Standard Edition with SP2 Contact Novell Professional Services Database Server SQL 2005 Express SQL 2005 Express SQL 2005 Express SQL 2005 Standard Processor 1 2 4 GHz 1 Pentium 4 1 D...

Page 22: ... 32 64 bit x86 Intel PowerPC 32 64 bit 1 4 0 HP UX 11 00 11 31 All 64 bit PA RISC 64 bit 1 4 0 IBM AIX 5 1 6 1 All 32 64 bit PowerPC 32 64 bit 1 4 0 Microsoft Windows 9x 98Second Edition All 32 bit x86 32 64 bit N A Microsoft Windows NT 4 0 SP6A 2003 R2 All 1 32 64 bit x86 32 64 bit N A Microsoft Windows XP All Profession al 2 32 64 bit x86 32 64 bit N A Microsoft Windows Vista 3 All All 4 32 64 b...

Page 23: ...er edition is not supported 2 Home Media Center and Tablet PC editions are not supported 3 Windows Vista and Windows 2008 support requires NET 3 0 4 Windows Vista Home and Windows Vista Starter edition are not supported OS OS Version s OS Edition OS Data Width Process or Family Process or Data Width Min JRE ...

Page 24: ...ica en NZ English New Zealand en ZA English South Africa en GB English United Kingdom en US English United States es ES Spanish Spain fi FI Finnish Finland fr FR French France de DE German Germany it IT Italian Italy ja JP Japanese Japan ko KR Korean Korea nl NL Dutch Netherlands pt BE Portuguese Brazil sv SE Swedish Sweden zh CN Chinese Simplified zh CHS Chinese Simplified zh TW Chinese Tradition...

Page 25: ...tion on installing and configuring your initial usage After installing the Patch Management Server the agent can be installed In order to install the agent the devices must be able to download it from the Patch Management Server Refer to the Agent Installation Guide for more information Groups are created in preparation for deployment A group associates similar devices for the purpose of deploying...

Page 26: ...your web browser s Location field 3 Press Enter STEP RESULT The system displays the Connect to Server dialog box Figure 2 1 Log on dialog box 4 Type your user name in the Username field 5 Type your password in the Password field 6 Click OK STEP RESULT The Home page opens After the initial vulnerabilities are resolved a mandatory baseline can be set This is a user defined range of required patches ...

Page 27: ...t to the system click the here link Figure 2 3 Patch Management Server Logout Screen Common Functions within Patch Management Server The following section describes standard browser conventions used and the navigational functions specific to ZENworks Patch Management From the main screen you can access all features of the Patch Management Server for which you are authorized The screen is organized...

Page 28: ...s A check box is selected or cleared to enable or disable a feature Lists also include a Select All check box that lets you select all the available listed items on that page Radio Buttons Select the button to select an item Display Screens Show areas that are part of a window or an entire window The data on display screens can be viewed but not changed Sort Data presented in tables can be sorted ...

Page 29: ... using the filter functionality that appears on the top of most of the Patch Management Server s pages The filter parameters differ within each function in ZENworks Patch Management Use the drop down lists to select the parameters you need for your search To toggle the filter fields click Show Filters or Hide Filters NOTE Your search and filter criteria will remain applicable even after browsing t...

Page 30: ...ed Page Example Select To Save as Default View Save the active search and filter criteria as the default view for the page The default view displays each time the page is accessed You can change this setting at any time Show results automatically Automatically retrieves and displays results from the database when the module is selected from the Navigation menu Show Hide Group By Row Toggles the vi...

Page 31: ...anding and Collapsing Folders and Outlines ZENworks Patch Management allows you to expand and collapse folders outlines and other data sources on the page The information is refreshed each time it is displayed Figure 2 6 Expanded Row Option ...

Page 32: ...des access to all actions available for each page The available commands vary depending where you are in the application and depend on the role assigned to the user Figure 2 8 Action Menu Using Help Online Help is designed to provide users with the information they need to properly patch and manage a network Function Use To Next Advance to the next page of entries or to the last page of entries by...

Page 33: ...h Management Server can be exported into a comma separated value csv file You may elect to save the file in a different file format after opening it from the download option NOTE All data results will export not just the selected results However some data may not import or translate into comma separated value csv format in a readable format 1 If necessary populate the page by clicking Update View ...

Page 34: ...save to a variety of file formats including csv xml txt and numerous spreadsheet applications Save Creates the file and saves it to a local folder The file is saved to your My Documents folder in comma separated value csv format Cancel Does not create or save the report Figure 2 10 Exported Inventory Data The file is named filename Export csv with the exported file containing data based on each ty...

Page 35: ...m status reports From the Home page you can access all features of the Patch Management for which you are authorized The Home page provides links to documentation support resources status information patch related news and charts Figure 2 11 Patch Management Server Home Page The page is divided into four areas Using the Navigation Menu Viewing Latest News Viewing the Documentation Links Viewing Se...

Page 36: ...al Menu Menu Item Descriptions Home Provides an overview of patch management activities agent status server information and documentation links Vulnerabilities Manages the vulnerabilities and packages used in deployments Deployments Displays all current deployments Devices Manges the devices registered to Patch Management Server and displays a comprehensive inventory of all registered devices User...

Page 37: ...the news window When a link is selected a new window opens to display the news item in more detail Figure 2 13 Latest News Window Log Out Disconnects from ZENworks Patch Management ServerS NOTE Certain installations may include additional modules that provide additional functionality such as enhanced reporting Once installed the component is included in the main navigation menu Menu Item Descripti...

Page 38: ...a Server Information area at the bottom of the page providing the serial number number of licenses available number of licenses in use and information about current license usage and availability Documentation Link Description Online Documentation Provides a direct link to the latest ZENworks Patch Management documentation Support Forum Provides a location where the latest information and technica...

Page 39: ...e of un remediated devices vs applicable devices grouped by vulnerability severity Scheduled Remediation This chart displays the percentage of un remediated devices with a scheduled remediation vs un remediated devices grouped by vulnerability severity Mandatory Baseline Compliance This chart displays the percentage of devices grouped by mandatory baseline compliance Incomplete Deployments This ch...

Page 40: ...shboard settings window Opens a printable version of the currently displayed charts Refresh all of the displayed charts Display the chart descriptions on the dashboard Do not display the chart descriptions on the dashboard View the charts in one column View the charts in two columns Move the selected chart up one level Move the selected chart down one level Refresh the selected chart Minimize the ...

Page 41: ...your priorities 4 Select the number of columns for display Select a one or two column width view from Columns Click the View as One Column icon to display charts in one column Click the View as Two Columns icon to display charts in two columns 5 Display or hide the chart descriptions Click the Show the Chart Descriptions icon to display chart descriptions Click the Hide the Chart Descriptions icon...

Page 42: ...ense Expiration When the balance of licenses for your Patch Management Server expire the agent associated with an expired license is disabled and is not recognized by ZENworks Patch Management As a result the agent ceases to communicate and cannot perform any tasks NOTE You can view the Subscription Service History and license checking by clicking Subscription Service in the Options page The Licen...

Page 43: ...e Global Subscription Server retrieving updated license information The page refreshes to the home page once your updated licenses have been saved Figure 2 16 License Expiration Page NOTE If you need to renew licenses or add new licenses visit http www novell com company contacts offices to contact your Novell Sales representative ...

Page 44: ...USING ZENWORKS PATCH MANAGEMENT 28 ...

Page 45: ...updates and executable code used to correct or patch security issues The following graphic illustrates the relationship between vulnerabilities and packages Typically a single vulnerability is shared by multiple products on multiple operating system platforms There may be a series of separate patches to mediate the same vulnerability in different environments The separate patches are grouped in pa...

Page 46: ...llows the ability to create one patch applicable for many different operating systems and software versions This allows for different packages and signatures capable of identifying the presence of patch files within a device As depicted in the following diagram for each vulnerability you can have more than one signature For each signature you can have multiple fingerprints and pre requisites Howev...

Page 47: ...gnature can contain one or more fingerprints detecting if a patch is present in the system Pre requisites A pre requisite is a signature belonging to another vulnerability with its own fingerprints Adding a pre requisite to a signature requires the pre requisite be met before analyzing the signature for the current patch If that signature s pre requisite is met the agent will analyze the fingerpri...

Page 48: ...The total number of vulnerabilities displays below the table in the bottom left corner Figure 3 4 The Vulnerabilities Page To Access The Vulnerabilities Page 1 From the toolbar select Vulnerabilities 2 If needed select the desired filter criteria 3 Click Update View RESULT The system displays the existing vulnerabilities in the Vulnerabilities page ...

Page 49: ...Vulnerabilities list select a vulnerability You can only view the details of one vulnerability at a time 2 Click the Vulnerability name STEP RESULT The Vulnerability Details page for the selected vulnerability opens Figure 3 5 Vulnerability Details Viewing Vulnerability Details Selecting the Expand icon next to a vulnerability will display detailed information about the vulnerability You can view ...

Page 50: ...sociated with it A package contains the patch to fix the vulnerability Each package may be cached downloaded from the Global Subscription Server The downloading of packages can occur automatically if the vulnerability impact is rated as critical or if a deployment has been created for a particular package or vulnerability Selecting the Package Cache Status icon displays a list of the individual pa...

Page 51: ... from the Global Subscription Server since the last session Current Present vulnerabilities residing on Patch Management Server Tasks System task package Local Locally created package Beta Released to the Novell BETA community New Current Tasks Local Description N A The package is not cached N A The package has been scheduled to be cached or is in the process of being cached N A An error occurred ...

Page 52: ... as possible These patches have been superceded Critical Intl An international patch where Novell or the product manufacturer has determined that this patch is critical and should be installed as soon as possible Most of the recent international security updates fall in to this category After 30 days international patches in this category will be moved to Critical 01 Detection These vulnerabilitie...

Page 53: ...nd Saving Views ZENworks Patch Management offers options that allow you to search for specific items and filter result sets Searching and filtering can be performed independent of each other or can be combined to provide drill down capabilities Search and filter settings can be saved as the default view displayed on subsequent visits to the page For additional information refer to Using Search on ...

Page 54: ... The results of the vulnerability analysis are detailed and separated into four tabs representing the status of devices applicable to the displayed vulnerability Table 3 6 Tabs and Descriptions Status Description Not Patched Devices detected as requiring the vulnerability patch Patched Devices detected as being patched for that particular vulnerability Error Devices that generated an error during ...

Page 55: ...on Device Name The name of the device IP Address The IP address of the device DNS Name The DNS name for the device or its IP address if it does not have an assigned DNS name Operating System The operating system abbreviated running the device OS Service Pack Additional operating system version information Analysis Date The date the agent on the device last ran the Discover Applicable Updates syste...

Page 56: ... vulnerability is disabled it is not included in the list for the DAU system task This agent has been disabled The agent is offline and is in a Chain status can accept chained deployments only after reboot The agent is offline and is in a Reboot status can accept no more deployments until after it reboots The agent is in a Chain status the agent can accept chained deployments only until after a re...

Page 57: ... in the status column Enabling a Vulnerability 1 In the Vulnerabilities list select a disabled vulnerability 2 In the action menu click Enable STEP RESULT The vulnerability displays with the enabled icon in the status column Using the Scan Now Feature The Scan Now feature will start a Discover Applicable Updates DAU task for the selected devices or device groups Complete the following steps to use...

Page 58: ...e next time the agent checks in 4 Click Close STEP RESULT The window closes Updating the Cache Updating the cache initiates a process that gathers the packages associated with the selected vulnerability and copies those packages to your ZENworks Patch Management Server 1 On the Vulnerabilities page click Update View to display the vulnerabilities that match your filter criteria 2 Select the vulner...

Page 59: ...ment Packages can run tasks scripts install software applications send files to a specified location and change the configuration of an application or service 1 From the toolbar select Vulnerabilities 2 in the Vulnerabilities page select the Packages tab 3 If needed select filter criteria from the available fields 4 Select Update View STEP RESULT The system displays the existing package list in th...

Page 60: ...tatus Description Package Name Title of the package Origin Point of origin of the package An origin of Novell or System refers to packages created by Novell Status The current status of the package stating if the package is enabled and ready to be requested from the Global Subscription Server Cache Status The current cache status of the package A package is considered cached when it has been downl...

Page 61: ...kage More Information If available presents a link to detailed package information This might be an article or other resource from a third party License Information If available presents a link to detailed license information Description Narrative description of the distribution package Also includes links to any relevant Novell knowledge base articles Version The package version Total Directories...

Page 62: ...f Dependencies The number of dependencies associated with the distribution package Total Idle Deployments The number of idle deployments Total Running Deployments The number of running deployments Total Failed Deployments The number of failed deployments Total Successful Deployments The number of successful deployments Status Description ...

Page 63: ...tatus Description Package Information Package Name Title of the package Status The current status of the package stating if the package is enabled and ready to be requested from the Global Subscription Server Origin The origin of the task or which company created the package Operating Systems The operating systems and platforms that the package supports and may be deployed to Created By The user w...

Page 64: ...ackage License Information If available presents a link to detailed license information Deployment Information Total Deployments The total number of deployments Total Scheduled The number of scheduled deployments Total In Progress The number of running deployments Total Success The number of successful deployments Package Contents Files The number of files contained in the package Disk Space The f...

Page 65: ...atus Package Status and Descriptions The following table describes the status of the package and the description Table 3 11 Package Status and Description Status Description New Downloaded from the Global Subscription Server since the last session Current Present vulnerabilities residing on Patch Management Server Tasks System task package Local Locally created package Beta Released to the Novell ...

Page 66: ...ed N A The package has been scheduled to be cached or is in the process of being cached N A An error occurred while trying to cache the package The package is cached and ready for deployment The package is currently deploying animated icon The package is disabled Name Definition Package Name Name includes vendor application and version information Package Origin The origin of the task or which com...

Page 67: ...oyment of packages These are available from commands located in the Action menu at the bottom on the Packages page These tasks include Deploying a Package on page 51 Creating a Package on page 53 Editing a Package on page 52 Deleting a Package on page 52 Updating the Package Cache on page 52 Deploying a Package Deploying a package is performed similarly to deploying a vulnerability Deployments are...

Page 68: ...ime for the action 3 Confirm the request to delete the package s STEP RESULT The package s is deleted from the packages list Updating the Package Cache Updating the system cache initiates the process to cache or re cache the selected packages 1 In the Packages list select one or multiple packages 2 In the action menu click Update Cache STEP RESULT The Warning dialog box opens informing you of the ...

Page 69: ...EP RESULT The Welcome to the Package Editor page opens 2 Refer to the Using the Package Editor on page 53 for details on changing packages through the Package Editor wizard Using the Package Editor Creating distribution packages is performed using the Package Editor wizard NOTE The Package Editor requires the installation of an ActiveX control 1 In the Packages list click Create STEP RESULT The We...

Page 70: ...kage The information URL will be displayed when viewing package information and allows the user to link to extended package information NOTE Deployment options for manual installations of a patch can be included in the Description field See Including Deployment Options in a Package on page 60 for more information about using deployment options 4 Click Next 5 In the Operating Systems page select th...

Page 71: ... Next 7 In the Add Files page include any files to be included in the package Figure 3 15 Package Editor Add Files Refer to Adding File and Directories to a Package on page 62 for additional details regarding adding files to a package 8 Click Next ...

Page 72: ...ripts page add a script to run on the target device during the deployment process if needed Figure 3 16 Package Editor Create Script Refer to Creating Scripts for a Package on page 67 for additional details regarding Package scripts Figure 3 17 Script Editor ...

Page 73: ...Package Editor License URL The License Agreement page allows you to enter in an optional License URL which can link to licensing information for the contents of the package This option primarily is for packages containing items such as operating system service packs device drivers etc The License URL will display when viewing package information and will allow the user to link to the license infor...

Page 74: ...nables the package to display in the list of available packages You may wish to deselect this option if you are creating a package that will have additional files or details added at a later date or do not want to deploy the package at this time 14 Click Next 15 The Upload Status page verifies that the data is unpacking and uploading Once all files are uploaded click Next STEP RESULT The Upload Su...

Page 75: ...USING VULNERABILITIES AND PACKAGES 59 16 Click Finish STEP RESULT The page refreshes and the Package page opens with the custom package Figure 3 20 Package Editor Upload Summary RESULT ...

Page 76: ... type manual install in the description field NOTE If you are creating multiple packages requiring custom tags each package has to be customized with its own set of tags A number of additional deployment options are available by including them in with the flags delimiter To add these enter PLFlags Your Flags to the Description field The following table describes the flag behavior and their descrip...

Page 77: ...r installation UNIX Linux only dnoresta rt norestar t Reconfigure after installation UNIX Linux only dreconfi g reconfig Do not reconfigure after installation UNIX Linux only dnorecon fig noreconf ig This package is chainable and will run Qchain exe Windows or UNIX Linux dc c Suppress the final chained reboot dc sc Repair permissions dr r Deploy only PLD1 PLD0 No Pop up PLN1 PLNP Debug PLDG PLDEBU...

Page 78: ...g a Directory to a Package on page 64 Creating a Drive for a Package on page 65 Adding a New Macro to a Package on page 63 Creating a Folder for a Package on page 65 Adding a File to a Package on page 65 Deleting a File from a Package on page 66 Renaming a File within a Package on page 66 Reboot may occur Not applicable 3 Reboot is required and may occur Not applicable 4 Description flag behavior ...

Page 79: ...all operating systems Choose only the macros that are compatible with the operating systems and configurations you are using TEMP The operating system temp directory location Expands to C Windows Temp C Temp C WinNT Temp or tmp depending on operating system and configuration WINDIR The operating system windows directory location WINDIR typically expands to C Windows BOOTDIR The operating system bo...

Page 80: ...Editor Adding a Directory to a Package Once a folder directory or macro has been created a directory can be added A file system window is opened where you can locate and select an existing directory to add to the Package 1 Right click the directory folder or macro associated with the target computer STEP RESULT The Add pop up window opens 2 Select Add Directory STEP RESULT The Browse for Folder wi...

Page 81: ... Editor Creating a Folder for a Package The Create Folder window allows for creating a folder within the Package Content directory 1 Right click inside the Target Computer window 2 Select Create Folder STEP RESULT The Create Folder window opens 3 In the Folder Name field type the name of the new folder 4 Click OK STEP RESULT The folder is added to the Target Computer window 5 Click Next to continu...

Page 82: ...ssociated with the Target Computer that you want to delete STEP RESULT The Add pop up window opens 2 Select Delete STEP RESULT The file is deleted fro the package 3 Click Next to continue with the Package Editor Renaming a File within a Package The Rename option allows for renaming of a previously created drive or macro within the Package 1 In the Target Computer directory tree select the director...

Page 83: ...erties STEP RESULT The Properties window opens 5 In the Attribute field select or deselect the Overwritable check box NOTE Removing the check mark from the Overwritable attribute will prevent subsequent patches that contain the same file from overwriting that file 6 Click Apply STEP RESULT The folder properties are changed Creating Scripts for a Package There are three types of scripts These scrip...

Page 84: ...the Execution Directory option is selected and a valid directory is defined all scripts run in the ROOT directory 1 Select the type of script to execute from the Type of Script drop down list 2 Select the scripting type from the Script Language drop down list 3 Click Edit STEP RESULT The Script Editor window opens 4 Type or copy the script to be added in the Script field 5 Click Run STEP RESULT Th...

Page 85: ...yments on page 69 Using the Deployment Pages on page 75 Working With Deployments on page 79 Using the Deployment Wizard on page 88 About Deployments Several key concepts and status indicators are associated with a deployment These concepts are used to define deployment behavior The following sections include some of the key concepts and indicators that give definition to a deployment Explaining De...

Page 86: ...eria 3 Click Update View 4 Click the expand icon to view the Deployment details Viewing Deployments within Devices 1 Select the Devices tab 2 Select your filter options 3 Click Update View STEP RESULT The applicable devices display in the Devices page 4 Select the hyperlink for a device with at least one deployment to view it s details STEP RESULT The Details by Device page opens ...

Page 87: ...loyment details display Figure 4 3 Device Deployments Tab Expanded Viewing Deployments within Groups The Groups page displays the deployments assigned to the selected group This view is the same as the Deployment Summary view but displays only deployments for the selected group 1 In the Groups page select Deployments from the View drop down list STEP RESULT The Deployments page displays next to th...

Page 88: ... device group See Mandatory Baseline on page 167 for more information on the mandatory baseline feature Vulnerability based Deployments A vulnerability contains multiple associated packages and the target packages to be deployed As a device goes through the Discover Applicable Updates process it is assigned vulnerabilities to scan as the ZENworks Patch Management Server determines they are applica...

Page 89: ...us checking to verify and validate that the patch identified by the baseline is installed If the correct patch is not installed the patch is deployed and installed Standard and Chained Deployments Deployments come in two varieties Standard Deployments and Chained Deployments The following sections describe the differences between the two deployment types Standard Deployments A standard deployment ...

Page 90: ... its own State Description Reboot State Indicates that the device received a standard deployment requiring a reboot yet the reboot was suppressed While in this state the agent will only accept a deployment A reboot deployment or a manual reboot will clear this state Chained State Indicates that the agent received a chained deployment in which the reboot was suppressed While in the chained state th...

Page 91: ... deployments without having to delete the entire deployment job Figure 4 5 Deployments Page The following table describes the key columns of the main Deployments page Table 4 3 Deployments Page Column Descriptions Column Description Name The name of the main unit containing a group of deployments Created Date The date the initial deployment job was created Created by The user who created the packa...

Page 92: ... status column The icons vary dependent upon the deployment type and status The deployment types are classified in the following table Table 4 4 Deployment Status Options Scheduled Date The date the deployment was scheduled to occur Deployment Statistics Refer to Deployment Statistics on page 77 for details regarding the Deployment Statistics icons Column Description Status Description New Downloa...

Page 93: ...table defines the status icons Table 4 5 Column Icon Definitions System Task A deployment that contains a system task package Mandatory Baseline A deployment is created through the mandatory baseline for a group This deployment is automatically created and managed through the mandatory baseline process Status Description Icon Icon Name Definition Number of Successful Devices Total number of device...

Page 94: ...cheduled to deploy based upon the UTC time this will add all of the devices at once However if the deployment was scheduled to deploy based upon the agent s local time the devices will not be added until 5 minutes prior to their local time Deployment Details Summary Expanding by clicking the expand icon a deployment will display the deployment details as described in the following table Table 4 6 ...

Page 95: ...nts on page 87 Deploy Manner The manner in which this deployment occurred Options include Sequential Parallel or Distribute to of devices at a time Schedule Type The frequency of the deployment Options include Recurring or One time Start Date The date and time this deployment was started Deployment Notes Additional information about the deployment entered by the deployment s creator in the Deploym...

Page 96: ...atus of the deployment for each Figure 4 7 Deployments Page The following functions can be performed from the Deployments page Table 4 7 Deployment Functions Menu Item Function Enable Enables the selected disabled deployment Disable Disables the selected enabled deployment Abort Cancels the deployment for any devices which have not already received the deployment package Delete Removes the deploym...

Page 97: ...olumn Definitions Deploy Re deploys the selected packages Export The Export button allows you to export subscription data to a comma separated value csv file Menu Item Function Column Description Device Status icon The status of the device or device group Name Displays the name of the device or device group The device group name is a link and clicking the link will display the group membership and...

Page 98: ...ment Button Function Enable Enables the selected disabled deployment assignments For additional information refer to Enabling Deployments on page 86 Disable Disables the selected enabled deployment assignments For additional information refer to Disabling Deployments on page 86 Export The Export button allows you to export subscription data to a comma separated value CSV file For additional inform...

Page 99: ...displays only deployments for the selected group Figure 4 9 Deployments Page Groups The following functions are available on the Group Deployments page Table 4 11 Deployment Functions Menu Item Function Enable Enables the selected disabled deployment Disable Disables the selected enabled deployment Abort Cancels the deployment for any devices which have not already received the deployment package ...

Page 100: ...ts Fields Deploy Re deploys the selected packages Export The Export button allows you to export subscription data to a comma separated value csv file Menu Item Function Field Description Package Name Displays the name of the package that was deployed Deployment Name Displays the deployment type Associated Impact Displays the impact of the associated vulnerability if the package is associated to on...

Page 101: ... 4 Task Reboot System 5 Discover Applicable Updates DAU Although no deployment occurs before its scheduled time a chained deployment whose time has elapsed will always precede a standard deployment whose time has also elapsed If multiple chained deployments are scheduled and some devices have the final reboot suppressed while others do not the determination of a reboot override is based on the las...

Page 102: ...system task or mandatory baseline deployments Disabling Deployments Disabling a deployment will pause the deployment and stop the distribution of the package s to devices when they have not already received a deployment NOTE You cannot disable deployments of System Task Packages 1 Select the deployment you need to disable 2 Click Disable STEP RESULT The selected deployment is disabled Enabling Dep...

Page 103: ...rmation Deleting Deployments Deleting a deployment will remove the deployment from the ZENworks Patch Management Server NOTE Deleting a deployment will have no effect on devices that have already received the deployment You cannot delete System Task deployments 1 Select the disabled deployment you wish to delete 2 Click Delete Explaining Deployment Deadlines Deadlines allow you to define when a de...

Page 104: ...a large number of disabled devices to deploy to only the enabled devices filter by status and manually select the devices to which you need to deploy Introduction Page The Introduction page of the Deployment Wizard describes the purpose and capabilities of the wizard This page can be hidden during future deployments by selecting the Do not display this page in the future checkbox Deployment Select...

Page 105: ...rst opened this page displays the devices grouped by operating system and the groups in a directory tree format by user groups system groups or directory service groups To Create a Device Deployment 1 From the Available Devices list select the Device OS Name required STEP RESULT The list of devices within that operating system display 2 Select the device from the list STEP RESULT The device s are ...

Page 106: ...nt at the same time without having to create individual deployments for each individual group When selecting a group from the Available Groups directory tree the following will occur When a parent group is first selected all children groups will also be selected and the group selection is represented by a green checkmark If any of the children groups are deselected the green checkmark will change ...

Page 107: ...2 Deployment Wizard Packages Selection Page 2 Select the packages needed Click the arrows to page through the available packages if needed STEP RESULT The package is selected and highlighted NOTE Checking the Package Name check box selects all of the packages available in the list 3 Click the Package Name link to open the Associated Vulnerability Analysis page 4 Click Next to proceed to the Licens...

Page 108: ...ed with this package and whether their status is Patched Not Patched or Not Applicable in relation to the selected package Figure 4 13 Deployment Wizard Associated Vulnerability Analysis Page The Results column of the resulting grid will display either Patched Not Patched or N A dependent upon the devices patch status Click Back to return to the Packages Selection Page ...

Page 109: ...eed to prior to continuing the deployment Figure 4 14 Deployment Wizard Licenses Page 1 Review the agreement 2 If you accept the agreement select the I ACCEPT the terms and conditions of this end user license agreement option 3 If there are multiple agreements repeat steps 1 and 2 NOTE All agreements must be accepted before the deployment wizard can be continued 4 Click Next to proceed to the Depl...

Page 110: ... deploying to an agent at its UTC time if the agent s time zone is before the server s time zone the local time of the server will be read resulting in a possible later deployment to that agent When using UTC the time when the agent retrieves the deployment is dependent upon the agent s DAU Communication Interval If the time zone of the server is before the UTC time the deployment may be delayed u...

Page 111: ...n UTC is used the deployment will be scheduled for all devices at the same time regardless of time zone differences Manner Concurrent Simultaneous distribution to a specified number of devices New deployments are distributed as agents report back as having completed the previous deployment If a computer takes longer than four hours to complete the deployment it is no longer counted against the Con...

Page 112: ...age from the Deployment Wizard Deployment Options page click the Change button located in the Start Time option 2 Select One Time STEP RESULT The deployment will start on the selected day at the defined time If a one time deployment is scheduled for a date and time in the past the agents will start the deployment the next time they contact the ZENworks Patch Management Server 3 Select 12 hour or 2...

Page 113: ...saved and the Deployment Options page opens To Schedule a Recurring Deployment A recurring schedule will start deployments on the selected day at the selected time and repeat the deployment every day week or month and if defined end on a specific date Figure 4 17 Deployment Wizard Schedule Configuration Page ...

Page 114: ...n Occurs every the valid options are 1 through 60 if minutes are selected and 1 through 24 if hours are selected 5 Continue to Selecting the Deployment Start and End Functions To Set Up a Weekly Recurring Deployment 1 Select Recurring 2 In the Occurs field select Weekly STEP RESULT The Deployment Wizard displays the Weekly Deployment Options field Figure 4 19 Weekly Options 3 From the Every X week...

Page 115: ...ecific date every X months Valid date options are 1 through 31 with the ability to choose 1 through 99 months The Xth Weekday of every X month s allows the deployment to be run on a specific day every X months The valid day options are 1st 2nd 3rd 4th or Last weekday options are Sunday through Saturday Day Week day or Weekend day and monthly recurrence options are 1 through 99 months Figure 4 21 C...

Page 116: ...t Allow the deployment to occur once daily at the time defined here NOTE Agent Communication Interval and HOP settings modify the actual deployment time Occurs every Allow the deployment to occur multiple times on the scheduled day between the hours defined in the starting at and ending at fields with a delay of the defined hours or minutes Start Date Schedule a recurring deployment to begin at a ...

Page 117: ...dual package deployments Figure 4 22 Deployment Wizard Package Deployment Order and Behavior Page The following tasks can be completed while using the Package Deployment Order and Behavior page Table 4 16 Deployment Order Functions Icon Action Use To Edit Open the Package Deployment Behavior Options page and change the behavior options for that package Delete Remove the package from the deployment...

Page 118: ...ned deployments this will place it immediately after the chained deployments Move up one line Move the package up one Move down one line Move the package down one Move to bottom Move the package to the bottom of the listing Restore defaults Restore the package order and behavior back to their default settings NOTE Chained packages cannot be moved without first removing their chained status When a ...

Page 119: ...rfaces during the deployment Unattended Setup Set up packages in unattended mode List Hot Fixes Return a listing of hot fixes installed on the target devices Force Reboot Force a reboot regardless of package requirements Reboot is Required Indicate a reboot is required prior to completing the installation Chain Packages Set the package as chainable package must support chaining Suppress Chained Re...

Page 120: ...le User Mode Perform the installation in Single User mode Restart Service Restart the service following the deployment Do Not Restart Service Do not restart the service following the deployment Reconfigure Perform the system reconfigure task following deployment Do Not Reconfigure Do not perform the system reconfigure task following deployment NOTE When using a chained deployment reboots are suppr...

Page 121: ...booted dependent upon the package installer requirements at the time of install Reboot may occur chained The device may be rebooted dependent upon the package requirements However if a reboot is required and the device is not rebooted the device will enter a reboot state Reboot required No other chainable or non chainable packages will be installed until the device reboots Reboot required chained ...

Page 122: ...et the behavior options for each of the packages associated with this deployment The Package Options are active or inactive depending on the patch selected Figure 4 23 Behavior Options NOTE Modification of a package s behavior options will cause the package order to be reevaluated by the Deployment Wizard which may result in a change in the package order ...

Page 123: ...ibes the deployment behavior icons and their descriptions Table 4 19 Behavior Icon Definitions Icon Action Use to Uninstall Uninstall the packages Force Shutdown Force all applications to close if the package causes a reboot Do Not Backup Do not backup files for uninstall Suppress Reboot Prevent a reboot after installation Quiet Mode Suppress any user interfaces during the deployment Unattended Se...

Page 124: ...lation script Suppress Notification Suppress any user notifications during installation Debug Mode Run the package installation in debug mode Do Not Repair Permissions Suppress the repair of file name permissions after the reboot May Reboot Allow the package to force a reboot if required Multi User Mode Perform the installation in Multi User mode Single User Mode Perform the installation in Single...

Page 125: ...eboot because Patch Management Server determines if the agent is in a dirty state If so a System Task Reboot deployment is sent before deploying the remaining packages Icon Action Use to Description flag behavior Display Flag Select Flag Perform an uninstall can be used with m or q yd y Force other applications to close at shutdown fd f Do not back up files for uninstall nd n Do not restart the co...

Page 126: ...chain exe Windows or UNIX Linux dc c Suppress the final chained reboot dc sc Repair permissions dr r Deploy only PLD1 PLD0 No Pop up PLN1 PLNP Debug PLDG PLDEBUG Suppress Repair dsr sr Force the script to reboot when the installation is done 1d 1 Reboot is required Not applicable 2 Reboot may occur Not applicable 3 Reboot is required and may occur Not applicable 4 Description flag behavior Display...

Page 127: ...Options Table 4 21 Package Display Options Click Save to save the changes and return to the Package Deployment Order and Behavior page Option Description Notes Displays the expected deployment behavior Description Displays the package description ...

Page 128: ...ese deployments and or reboots and if so what the notification will contain NOTE When an agent is installed on a server where multiple users are logged in simultaneously the deployment manager will provide each logged in user with the ability to snooze or reject the deployment and or reboot if snooze or reject is enabled Figure 4 24 Deployment Wizard Notification Options Page ...

Page 129: ...is deployment There will be no user notification of this deployment and the deployment will occur automatically Selection of this option disables all other except Use Policies deployment notification options Notify users of this deployment The user will be notified prior to the installation of this deployment Message This field contains the message the user will see when notified about this deploy...

Page 130: ...other applications Deadline Offset Allows you to set a custom deadline offset or custom deadline date for the deployment From Deployment Start Sets the deployment deadline to be X Minutes Hours or Days from deployment start date time Specific Date Sets the deployment deadline to a specific date and time Option Use To ...

Page 131: ...ther reboot notification options Do not notify users of the reboot There will be no user notification prior to rebooting the computer Notify users of the reboot The user will be notified prior to the reboot of their computer Message This field contains the message the user will see when notified about the reboot The Package_Name variable will be replaced with the Package Name allowing you to enter...

Page 132: ...rior to creating the deployment Figure 4 25 Deployment Confirmation Page Deployment Confirmation Summary Lists the parameters of the deployment defined in the Deployment and Notification Options Table 4 25 Deployment Confirmation Summary Options Summary Item Description Job Name The name given the deployment job defined in the Deployment Options page Schedule The schedule for the deployment define...

Page 133: ...ers will receive a reboot notification as defined under the Notification Options page Total Selected Packages The total number of packages selected for deployment Total Selected Devices Groups If the deployment is a group deployment the number of groups selected If the deployment is for individual devices the total number of devices selected Notes Who created the deployments and when they were cre...

Page 134: ...Wizard allows you to view the devices targeted for the deployment and if they are patched for the selected vulnerabilities Figure 4 26 Deployment Wizard Associated Vulnerability Analysis Page Reboot Displays the reboot settings of each package defined in the Package Deployment Behavior Options page Devices Groups Displays the number of selected devices and or groups applicable to each package Colu...

Page 135: ...mation page Deployment Summary Page The Deployment Summary page of the Deployment Wizard displays the result of the wizard Figure 4 27 Deployment Wizard Deployment Summary Page Name Description Name Name of device receiving the deployment Platform Info Applicable Operating Systems Results Displays either Yes or N A depending on whether the selected package applies to that particular device ...

Page 136: ...ge and if Sequential how many deployments will be distributed at once Deployment Notification Whether or not the users will receive a deployment notification Reboot Notification If the deployments must reboot whether or not the users will receive a reboot notification Total Selected Packages The total number of packages selected for deployment Total Selected Computers Groups If the deployment is a...

Page 137: ...ptions Displays the behavior of each package defined in the Package Deployment Behavior Options page Reboot Displays the reboot settings of each package defined in the Package Deployment Behavior Options page Devices Groups Displays the number of selected devices and or groups applicable to each package Column Description ...

Page 138: ...WORKING WITH DEPLOYMENTS 122 ...

Page 139: ...ployment history The Inventory page provides a means to pinpoint all the operating systems software applications hardware devices and services installed and running on the devices registered to the Patch Management Server About Devices The Devices page contains a listing of all devices registered to the Patch Management Server The page displays general information about the device including Device...

Page 140: ...ices page displays the devices which match the selected filter options NOTE To view all devices select the Include Child Groups checkbox Using the Devices Page To display additional information about the device click on the name of the actual device Figure 5 2 Devices page ...

Page 141: ... initial communication with the agent installed on the device Status The status of the device Status values include Detecting Disabled Idle Offline Sleeping Working and Unknown OS Info Additional information about the operating system the device is running Version The version number of the agent installed on the device Menu Item Description Install Select this option to install an agent to a devic...

Page 142: ...w Feature on page 41 Reboot Now Prompts the selected device to reboot For additional information refer to Rebooting Devices on page 139 Menu Item Description Active Pending Description N A The agent is currently working on a deployment animated icon The agent is idle and has pending deployments The agent is offline The agent is sleeping due to its Hours of Operation settings This agent has been di...

Page 143: ...Chain status the agent can accept chained deployments only until after a reboot and is sleeping due to its Hours of Operation settings The agent is in a Reboot status the agent can accept no more deployments until after it reboots and is sleeping due to its Hours of Operation settings Unable to identify the agent status Active Pending Description ...

Page 144: ...ic information associated vulnerabilities inventory information and deployment history The tabs access specific details about the endpoint Figure 5 3 Endpoint Details page Device Information Tab The Device Information tab displays important information about the device The page displays general information organized in five main categories device agent group policy and notification settings ...

Page 145: ...rmation refer to Exporting Data on page 17 Scan Now Prompts the DAU to immediately check the device For additional information refer to Using the Scan Now Feature on page 41 Reboot Now Prompts the selected device to reboot For additional information refer to Rebooting Devices on page 139 Field Description Name The name of the device Operating System The abbreviated name of the operating system det...

Page 146: ...g system running on the device IP Address The IP Address of the device Field Description Field Description Agent Installation Date The date the agent registered with Patch Management Server This is typically the date the agent was installed on the device Agent Version The agent version number Agent Status The status of the agent Also shown on the Devices page Last Connected Date The date the agent...

Page 147: ...nformation page Originating Group The name of the parent group that the device is a member Click the name to go to the Group Assessment page Type The group type Can be a system created groups OS directory service or custom group Deployments Applicable Indicates if there are applicable deployments available for this device Added By The ZENworks Patch Management user who added the device to the grou...

Page 148: ...olicy Information Table 5 8 Policy Information Field Descriptions Field Description Name The name of the policy assigned to the device Because a device must have all policy values defined every policy is listed here Value The assigned value of the policy as determined by applying each of the policies defined by the device s group membership applying conflict resolution when applicable and filling ...

Page 149: ...option to enabled a disabled device Disable Select this option to inactivate an agent on a device Update Cache Downloads packages and vulnerabilities required by the device Deploy Select this option to deploy to a selected device Scan Now Prompts the Discover Applicable Updates task to immediately check the device For additional information refer to Using the Scan Now Feature on page 41 Reboot Now...

Page 150: ...Inventory on page 140 Figure 5 9 Device Inventory The following table describes the Action menu functions used in the Inventory page Table 5 10 Action Menu Menu Item Description Export Retrieves all device information and allows for saving to a csv file For additional information refer to Exporting Data on page 17 Scan Now Prompts the DAU to immediately check the device For additional information ...

Page 151: ... Device Deployments Action Menu Working with Devices There are several tasks associated with devices designed to assist you in managing devices and installing an Agent to a device These are available from commands located in the Action menu on the Devices page Installing an Agent Viewing Device Details Enabling a Device Disabling a Device Deleting a Device Deploying a Vulnerability Exporting Devic...

Page 152: ...to register devices to Patch Management Server When launching the Agent Installers dialog box the behavior is the same whether a device is selected or not Refer to the ZENworks Patch Management Server 6 4 SP2 Agent Install Guide for complete instructions regarding the installation of agents Figure 5 11 Agent Installer Page ...

Page 153: ...Viewing Device Details View details of a specific device by selecting the desired device and clicking the device name The Device Details page is described in Using the Details by Device Page on page 128 Figure 5 12 Device Details page ...

Page 154: ...in the status column RESULT After disabling a device the device can be deleted from Patch Management Server NOTE Once disabled the device may not appear in the devices list based on the Status filter settings To include disabled devices in the list ensure you select Disabled or All in the Status filter Deleting a Device 1 In the Devices list select one or multiple disabled devices 2 In the Action ...

Page 155: ...vice Information The export utility lets you export device information to a comma separated value csv file format For additional information refer to Exporting Data on page 17 Scanning Devices The Scan Now utility lets you scan a device immediately via the Discover Applicable Updates DAU task For additional information refer to Using the Scan Now Feature on page 41 Rebooting Devices The Reboot Now...

Page 156: ... STEP RESULT The system schedules the reboot and the Reboot Success window opens Figure 5 15 Reboot Device Success Screen 6 Click Close STEP RESULT The window closes About Inventory Inventory captures a comprehensive view of the functional components of each agent An inventory list of software hardware operating systems and services installed on a device can be retrieved The inventory list display...

Page 157: ...g Inventory 1 Select Devices STEP RESULT The Devices page displays 2 Select the Inventory tab 3 Select your filter options 4 Click Update View STEP RESULT The inventory results display 5 Click the expand icon to view the details of a particular Inventory class Using the Inventory Tab The Inventory Tab displays a list of each inventory type and the associated devices The devices that have the selec...

Page 158: ...ber of instances the operating system was detected Instances refer to the number of times the operating system platform was detected This value is always one if the display is based on a single device Software Displays the software applications detected on agents This view displays the name of the software application and the number of instances detected NOTE Windows NT reports some software as ha...

Page 159: ...ices caption class Monitors Plug and Play Monitor caption devices software package ZENworks Patch Management Agent package software systemprofile The Discover Applicable Updates task occurs at least once daily and following successful deployments Manually Scheduling the DAU Task The Discover Applicable Updates DAU task can be scheduled for immediate execution by selecting the Scan Now option For a...

Page 160: ... name Example Name type Literal ZENworks Patch Management 6 4 SP2 Custom Inventory item Returns Example Name ZENworks Patch Management 6 4 SP2 Custom Inventory Registry Allows the user to retrieve the registry key value The string added will be of the form name value where name is the tag name and value is the value stored under the identified registry key Example XML This example will return from...

Page 161: ...e will return the Serial Number property from the Operating System item name Windows SN type wmi query SELECT FROM Win32_OperatingSystem SerialNumber item Returns Windows SN ABCD EFGH IJKL Example XML This example will retrieve the Manufacturer property of the device item name Device Manufacturer type wmi query SELECT FROM Win32_OperatingSystem Manufacturer item Returns Device Manufacturer Compute...

Page 162: ...ocation WINDIR SampleXML xml item Returns Building Scottsdale Main Where the SampleXML xml file is as follows xml version 1 0 encoding utf 8 Top Inventory AssetNumber PLA001 AssetNumber Location Scottsdale Main Location Inventory Top An example XML file using the valid Windows agent inventory options is provided below xml version 1 0 encoding utf 8 customInventory items item name l1 class User Def...

Page 163: ...ess a specific device class item class is defined Literal Allows the user to assign an actual text value type into XML The string added will be of the form name value where name is the tag name and value is the literal typed between the open and close tags Example XML This example will return the string value defined between the open and close tags item class User Defined name Example Name type Li...

Page 164: ...ntory dtd customInventory xmlns xs http www w3 org 2001 XMLSchema xsi schemaLocation file custominventory xsd items item class custom name Location type literal Hardware Lab II item item class custom name Asset Tag type literal ASDS3452 4545 item item class custom name All users accounts type dynamic command shell CDATA bin sh shell dir CDATA tmp dir envs env EnvName CDATA JAVA_HOME EnvName EnvVal...

Page 165: ... each custom parent group the child groups system groups and custom groups From this page you can access group information by expanding the group in the directory tree or proceed to the Group Information page by clicking a group name The Groups page displays information about a specific group This information is classified into the following views Group Information on page 153 Group Membership on ...

Page 166: ...lect a group type from the directory tree STEP RESULT The selected group s information displays in the Groups window 3 Select the function you need from the View drop down list RESULT The applicable function displays on the Groups page To Search for a Group The Group Browser search field can be used to search for groups by name using a Contains search condition Wildcards are not supported 1 Select...

Page 167: ...ationships that can be used to define inherited group membership Using the policy inheritance feature you can use parent groups to apply the same policies to multiple child groups A Parent and Child group relationship refers to a group that contains one or more group hierarchies underneath it Each group must have one and only one parent however a parent group can have multiple children groups As a...

Page 168: ...ng systems AD Groups or IP Ranges may be shown This is because Patch Management Server creates system groups based upon those devices present in your network You cannot modify System Groups or their hierarchies System Groups Parent Directory Service Groups Created when an Agent submits a Directory Service Hierarchy that does not already exist in the Patch Management Server You cannot modify Direct...

Page 169: ...olicies roles mandatory baselines and other settings Figure 6 2 Group Information The following table describes the button functions in the Information view Table 6 2 Group Information Button Action Description Export Retrieves all page information and allows for saving to a csv file For additional information refer to Exporting Data on page 17 ...

Page 170: ...o last modified the group Directly Assigned Devices Number of devices assigned to the group Does not include inherited devices Source Group Assigned Devices The number of devices assigned to the source group See Assign a Source Group to a Custom Group on page 194 for more information on Source Groups Derived Devices from Child Hierarchy The number of devices inherited from child groups Deployment ...

Page 171: ... Information view lists the group s direct children groups Table 6 4 Group Section Policy Inheritance When set to True policy sets are inherited from the group s parent Policy Enabled When set to True policy sets can be assigned to the group Field Description Field Description Type Indicates whether the group is a custom group or a system group Group Name The name of the child group Distinguished ...

Page 172: ... Mandatory Baseline Items are shown under the Groups page Mandatory Baseline view Assigned Policy Sets The Assigned Policy Sets section lists the policy sets assigned or inherited by the group Table 6 6 Assigned Policy Sets Field Description Name The name of the vulnerability Impact The vulnerability impact OS List The list of applicable operating systems Field Description Policy Set Name The name...

Page 173: ...le 6 8 The Assigned Roles section Field Description Name The name of the policy Value Indicates the policy value When determining the policy value inherited policies are overridden by the directly assigned policies and conflict resolution rules are applied to the directly assigned and conflicting policies Description The description of the policy Field Description Role Name The name of the User Ro...

Page 174: ...USING GROUPS 158 Group Membership The Group Membership view allows the user to see the group s direct child groups The number of direct child groups display in the window Figure 6 3 Group Membership ...

Page 175: ...lete the associated group Type Monitor Icon Displays an icon that indicates the group type For details regarding the different group types refer to Defining Groups on page 152 Name The name of the child group Description Description of the group Distinguished Name System created name based upon the group s parent hierarchy Devices The number of devices assigned to this group Button Use to Create C...

Page 176: ...ve a group to a new parent group NOTE When moving a group if the group is configured to inherit its policies roles or baseline settings the group will inherit those values from the new parent group 1 In the Device Groups page select Group Membership from the drop down list STEP RESULT The Group Membership page displays in the Groups window 2 Select a group from the group tree Scan Now Prompts the ...

Page 177: ...USING GROUPS 161 3 Click Move STEP RESULT The Move Groups window opens Figure 6 4 Move Groups Window 4 Select a new parent group ...

Page 178: ...te the following steps to delete a single or multiple groups NOTE Deleting a group does not prevent a device within that group from deploying rebooting or scanning due to these tasks working at the device level 1 In the Device Groups page select Group Membership from the drop down list STEP RESULT The Group Membership page displays in the Groups window 2 Select a group from the directory tree ...

Page 179: ...the Groups window 2 Select a group from the group tree 3 Click the Edit icon associated with the group you want to edit 4 Edit the Name and Description fields as desired 5 Click the Save icon RESULT The changes are saved to the group NOTE You can only edit the group name and description within the Group Membership view You must go to the Roles Policies Membership Settings or Mandatory Baseline vie...

Page 180: ...ls Table 6 11 Device Membership view Column Description Device Name The name of the device as extracted from system data and inventory IP Address The IP address of the device Status The status of the device Status values include Detecting Disabled Idle Offline Sleeping Working and Unknown OS Info Information about the operating system the device is running Version The version number of the agent i...

Page 181: ... Adding or Removing Device Members on page 165 and Enabling or Disabling Devices within a Group on page 167 Deploy Deploy vulnerabilities to a device For additional information refer to Using the Deployment Wizard on page 88 Disable Disables a device within a group For additional information refer to Enabling or Disabling Devices within a Group on page 167 Export Retrieves all page information and...

Page 182: ... of the following methods Select the check box associated with the device s to include in the group from the Devices table and click Assign Page to the next screen if needed Click Assign All To remove devices use one of the following methods Select the check box associated with the device s to remove from the group from the Selected Devices table and click Remove Page to the next screen if needed ...

Page 183: ...ory baseline will automatically send out the patches necessary to keep the device secure NOTE Unless stringent Hours of Operation policies are in effect do not apply mandatory baselines to groups of mission critical servers or other devices where unscheduled reboots would disrupt daily operations It is important to consider the following when working with mandatory baselines Mandatory baseline inh...

Page 184: ...edules a Discover Applicable Updates DAU task for all machines in that group The ZENworks Patch Management Server determines which devices are out of compliance following the DAU task Necessary packages are deployed as soon as possible for each machine NOTE Some patches require both reboots and an Administrator level log in to complete If these or similar patches are added to a baseline the deploy...

Page 185: ...lumn displays the compliance status of each vulnerability assigned to the baseline For additional information refer to Mandatory Baseline Item Compliance Icons on page 171 NOTE If the mandatory baseline fails to deploy more than twice ZENworks Patch Management Server will record it as an error in the status column However this notification will only show in the Mandatory Baseline view Mandatory Ba...

Page 186: ...Click Update View RESULT The mandatory baselines associated with the group are displayed Vulnerability Status Icons The following table includes descriptions of the Vulnerability status icons Button Function Manage Add or remove vulnerabilities from the mandatory baseline Export Retrieves all page information and allows for saving to a csv file For additional information refer to Exporting Data on...

Page 187: ...ups window 2 From the group tree select the desired group Status Description At least one member of this group is either detecting obtaining the package waiting on detection or in a deployment not started state At least one member of this group is deploying the package All of the applicable members of this group are disabled All of the members of this group are either not applicable or in complian...

Page 188: ...aseline The Groups page reflects your changes Task Methods To add vulnerabilities use one of the following methods Select the check box associated with the vulnerabilities to include from the Vulnerabilities table and click Assign Page to the next screen if needed Click Assign All To remove vulnerabilities use one of the following methods Select the check box associated with the vulnerabilities to...

Page 189: ...lnerabilities 1 Click Filter STEP RESULT The Needed Detection Vulnerabilities window opens 2 Select the check boxes associated with vulnerabilities as needed NOTE Only patch vulnerabilities that are both applicable and un patched based upon the current group membership display in the Needed Detection Vulnerabilities window However the Mandatory Baseline Management window displays all vulnerabiliti...

Page 190: ...gure 6 10 Package Deployment Options 5 In the Deployment Options For field confirm the operating system selection NOTE If the Deployment Options For field has multiple Operating System groupings you must set the package Deployment Options for each OS grouping 6 In Distribution Options select Concurrent and the device amount or Consecutive 7 If needed type additional Deployment Flags ...

Page 191: ...ons become active Message Display a message to notify the users regarding the deployment Use Policies Selecting this option indicates that deployments will use the agent policies to define deployment notification settings Allow user to cancel Permits the recipient of the deployment to cancel Allow user to snooze Permits the recipient of the deployment to delay the deployment Notification on top Di...

Page 192: ...tory baseline package and notify the users of the reboot When this option is selected the remaining options in Deployment Options become active Message Display a message to notify the users regarding the reboot Use Policies Selecting this option indicates that deployments will use the agent policies to define reboot notification settings Allow user to cancel Permits the recipient of the deployment...

Page 193: ...applied the deployment s will be recreated Stopping Deployment for Specific Devices The following procure halts mandatory baseline deployments to specific devices 1 In the Device Groups page select Mandatory Baseline from the drop down list STEP RESULT The Mandatory Baseline page displays in the Groups window 2 From the directory select the group to disable 3 In the Groups page select the group to...

Page 194: ...ities View The Vulnerabilities view displays the following group details Table 6 18 Vulnerabilities View Columns Column Description Vulnerability Status and Type Icons Indicate vulnerability status and type For additional information refer to Vulnerability Status and Types on page 34 Vulnerability Package Cache Status and Type Icon Indicate the package cache status and type For additional informat...

Page 195: ...nal information refer to Vulnerability Impacts on page 36 Vulnerability Statistics Icons Indicate vulnerability statistics For additional information refer to Vulnerability Statistics on page 37 Button Function Enable Enables a vulnerability For additional information refer to Enabling a Vulnerability on page 41 Disable Disables a vulnerability For additional information refer to Disabling a Vulne...

Page 196: ...the list and are noted with the disabled status icon 1 In the Groups page select Vulnerabilities from the drop down list STEP RESULT The Vulnerabilities page displays in the Groups window 2 Select a group from the directory tree 3 If necessary filter the page a Enter the desired criteria in the filter field and lists b Click Update View 4 Select the check box associated with a vulnerability you wa...

Page 197: ...me as the Inventory Summary view but only displays the inventory of the selected group Figure 6 12 Device Group Inventory View The following table describes the Inventory view toolbar functions Table 6 20 Group Inventory Toolbar Button Function Export Retrieves all page information and allows for saving to a csv file For additional information refer to Exporting Data on page 17 ...

Page 198: ...Deployments NOTE This view does not display the deployments for each member only the deployments that the group has been assigned The following table describes the Deployments view toolbar functions Table 6 21 The Deployments View Toolbar Button Function Abort Cancels the deployment for any devices which have not already received the deployment package For additional information refer to Aborting ...

Page 199: ...mation refer to Using the Deployment Wizard on page 88 Disable Disables the selected enabled deployment For additional information refer to Disabling Deployments on page 86 Delete Removes the deployment from ZENworks Patch Management Server For additional information refer to Deleting Deployments on page 87 Deploy Re deploys the selected packages For additional information refer to Using the Deplo...

Page 200: ... 6 14 Device Group Policies View Adding a Policy to a Group Complete the following steps to add an already established policy set to a group 1 In the Groups page select Policies from the drop down list STEP RESULT The Policies page displays in the Groups window 2 Select a group from the directory tree 3 Click Add 4 Select a policy from the Policy Set Name list 5 Click the Save icon RESULT The poli...

Page 201: ...e displays in the Groups window 2 Select a group from the directory tree STEP RESULT The selected group is highlighted and displays any associated policies 3 Select and remove one or more policies To remove one policy click the Remove icon associated with the policy To remove multiple policies select the check boxes associated with the policies you want to delete and then click the Remove button 4...

Page 202: ...wn list STEP RESULT The Roles page displays in the Groups window 2 Select a group from the directory tree Column Description Role Name The name of the user role Source Group The name of the group assigned to the user role Action Use To Add Adds an already established role to the group Remove Removes a role from the group Create Creates a new role For additional information refer to Creating User R...

Page 203: ...e from a Group Complete the following steps to remove an established role from a group 1 In the Groups page select Roles from the drop down list STEP RESULT The Roles page displays in the Groups window Figure 6 17 Roles Page 2 Select a group from the directory tree 3 Select the check box associated with the role you want to remove 4 Click Remove 5 Acknowledge the removal by clicking OK RESULT The ...

Page 204: ... data available and include only those devices that are members of the current group its child hierarchy and their applicable vulnerabilities and packages Figure 6 18 Device Group Dashboard View NOTE The charts displayed in the Group Dashboard view include data from the selected group s child hierarchy Modifications to the visible charts and their display settings will apply to all groups ...

Page 205: ...rcentage of un remediated devices with a scheduled remediation vs un remediated devices grouped by vulnerability severity Mandatory Baseline Compliance This chart displays the percentage of devices grouped by mandatory baseline compliance Incomplete Deployments This chart displays the percentage of incomplete deployments grouped by the deployments percentage complete Agent Status This chart displa...

Page 206: ...settings window Opens a printable version of the currently displayed charts Refresh all of the displayed charts Display the chart descriptions on the dashboard Do not display the chart descriptions on the dashboard View the charts in one column View the charts in two columns Move the selected chart up one level Move the selected chart down one level Refresh the selected chart Minimize the chart Hi...

Page 207: ...r two column width view from Columns Click the View as One Column icon to display charts in one column Click the View as Two Columns icon to display charts in two columns 5 Display or hide the chart descriptions Click the Show the Chart Descriptions icon to display chart descriptions Click the Hide the Chart Descriptions icon to hide chart descriptions 6 Click Save RESULT Your graph setting select...

Page 208: ...ce Group Settings The Settings view displays the default group settings Figure 6 20 The Settings View The following table describes Settings view toolbar functions Table 6 26 Settings View Toolbar Button Function Save Saves the settings defined in the page Export Retrieves all page information and allows for saving to a csv file For additional information refer to Exporting Data on page 17 ...

Page 209: ...hat represents the group s parent hierarchy NOTE The Distinguished Name cannot be edited Group Description The group description Chain Mode list Defines chain behavior during mandatory baseline deployments Select from the following options Standard Set Individually Auto QChain with Manual Reboots Auto QChain with Automatic Reboots Deployments Enabled list Defines whether deployments may be created...

Page 210: ...age displays in the Groups window 2 Select a custom group from the directory tree List Use To Policy Inheritance Defines whether the group inherits the policies assigned to the group s parent hierarchy A True value will set the group to inherit it s parent hierarchy s policy settings Policies Enabled Defines whether policies may be assigned to the group A True value will allow users to assign poli...

Page 211: ...urce NOTE A Source Group s inherited devices will always be included regardless of whether you select the Source Group s child groups Additionally if the Source Group or any of it s child groups has a Source Group those devices will also be included 6 Click OK RESULT The custom group now will use the selected groups as its source As new agents are added to or removed from the source group they wil...

Page 212: ...USING GROUPS 196 ...

Page 213: ...tomized to cover a general category devices packages or focus on specific elements of your network for example vulnerabilities specific to a particular vendor Targeted reporting is done through selecting an appropriate report type defining the parameters of a report and by customizing report criteria through the Search feature Available Reports Page The main page from which you select which report...

Page 214: ... the Available Reports List selecting Device Status Report displays the Application Reporting Device Status Report Parameters page The report definition page where you define the data to include in the report Figure 7 2 Report Parameters Page ...

Page 215: ...that you have permission to view All groups are shown in the Available Groups list and all of the devices belonging to the selected group and it s child groups are included in the report Click a single group or use the CTRL and SHIFT keys to select multiple groups NOTE All access is limited to users with access to all Groups or with the Enable Administrative Reports access rights Deployments Choos...

Page 216: ...ulnerabilities identified by Patch Management Server All vulnerabilities are shown in the Available Vulnerabilities list Click a vulnerability name or use the CTRL and SHIFT keys to select multiple vulnerabilities Date Range Choose from a list of all deployments that occur within the selected dates You can also display the time in 12 or 24 hour format and as Patch Management Server local time or U...

Page 217: ...eral pre defined reports designed to provide a comprehensive view of your computing environment in respect to patch management activities 1 In the Main Menu select Reports STEP RESULT The Available Reports page opens in a new browser window Figure 7 4 Available Reports ...

Page 218: ...ns box select from the list of available parameters to include Devices Groups Vulnerabilities by selecting with your cursor Select multiple items using the CTRL or SHIFT keys You may choose not to define any parameters in this case all applicable data for the report parameters will be returned 4 With the desired items selected click the Include arrow 5 To include all available items click the Incl...

Page 219: ...same results To show all results remove any content from the Search text box leave blank To search enter the search term in the Search text box and click Update List To return to the pre search results click from the list of available options in the Parameters list box Displaying Time and Date in Reports For reports that generate date range data you have two options for displaying date time inform...

Page 220: ...TEP RESULT The file is sent to your installed printer NOTE If you have not established printer connectivity click Yes when the Print dialog box appears and use the Add Printer Wizard to select and connect your printer Available Reports ZENworks Patch Management provides several pre defined reports designed to provide a comprehensive view of the application environment in respect to patch managemen...

Page 221: ... a selected list of deployments In the report each deployment name is listed in the Deployment Name column The report provides information as to the status of the particular deployment activity Detection Results Not Found Report Services Inventory Detail Report Device Duplicate Report Services Inventory Summary Report Device Status Report Software Inventory Detail Report Hardware Inventory Detail ...

Page 222: ... Status The deployment status or stage Deployment Date The date the deployment was sent Install Date The date the agent was installed on the device Vulnerability Status The vulnerabilities patch status Date Last Verified The date of the last Discover Applicable Updates DAU scan NOTE If a selected vulnerability does not have an associated deployment it will not appear in the report Column Definitio...

Page 223: ...lumn Definition Deployment Name The name of the deployment Package Name The name of the package Total Deployed The total number of the devices that were assigned the deployment Already Patched The number or percentage of devices that are already patched Not Applicable The number or percentage of devices where the deployment does not apply Not Successful The number of devices patched successfully T...

Page 224: ...tage of devices on which the deployment has failed Column Definition Column Definition Deployment Name The name of the deployment Package Name The name of the package Total Deployed The total number of the devices that were assigned the deployment Already Patched The number or percentage of devices that are already patched Not Applicable The number or percentage of devices where the deployment doe...

Page 225: ...sabled and cannot receive the deployment Total Patched The total number of devices that have been patched by this deployment Percent Success The percentage of devices that have successfully received the deployment Percent Failure The percentage of devices on which the deployment has failed NOTE If a selected vulnerability does not have an associated deployment it will not appear in the report Colu...

Page 226: ... or devices in the selected groups In the report each device is listed in the Device Name column The report then provides information about the particular device Available Parameters Device Group Table 7 9 Device Status Report Column Definitions DNS Name The name used by the Domain Name System DNS to identify the device OS Info A description of the operating system Column Description Column Defini...

Page 227: ...rating system name OS Build No The operating system s build number OS Service Pack The latest service pack applied to the operating system if applicable Agent Version The version of the agent Last Contact Date The last date that the server had contact with the agent Patchable Status The reboot chained status of the agent Group List A listing of the groups by Distinguished Name to which the device ...

Page 228: ...s device occurs Within the parameters of the report Column Definition Device Name The name of the device Assigned By Group The distinguished name of the group that assigned the mandatory baseline Package Name The name of the package Mandatory Baseline Enabled Indicates whether the Assigned By group has mandatory baselines enabled Package Enabled Indicates whether the package is enabled If the pack...

Page 229: ...ry baseline has been assigned to the device 1 Assigned 0 Not Assigned Column Definition Column Definition Mandatory Baseline Item Name Name of the mandatory baseline vulnerability Total Devices The total number of devices Total Patched The total number of devices that have been patched by this deployment Total Not Applicable The total number of devices for which the deployment does not apply Total...

Page 230: ...ry Detail Report Column Definitions Package Compliance Detail Report The Package Compliance Detail Report provides information about patch and deployment status for a specific package or device The report lists each package associated with the selected device s or group s In the report each package is listed in the Package Name column The report then provides details for the vulnerability status f...

Page 231: ...Run The date of the last Discover Applicable Updates DAU scan Last DAU Status The status of the last Discover Applicable Updates DAU scan Date Last Verified The date of the last Discover Applicable Updates DAU scan Deployment Name The name of the deployment Deployment Status The deployment status or stage Package Release Date The date the package was released Date Deployed The date the package was...

Page 232: ...ing a Discover Applicable Updates DAU task Devices Patched The number of devices that are already patched Not Patched Not Scheduled The number of devices that are not patched and do not have a deployment scheduled Not Patched Scheduled The number of devices that are not patched and do have a deployment scheduled Deployments Completed The number of deployments that have completed successfully Deplo...

Page 233: ...es information about the software associated with a device and the device status Available Parameters Devices Groups Table 7 19 Software Inventory Detail Report Column Definitions Column Definition Service Name The name of the service Device Name The name of the device Service Startup State The state the service should enter upon device boot Service Current State The current state of the device Co...

Page 234: ...Name column The report then provides patch status details for each vulnerability and if a deployment is required Available Parameters Devices Groups Vulnerabilities Table 7 21 Vulnerability Analysis Report Column Definitions Column Definition Software Program The name of the software installed on the device Instances The number of times this software program occurs Within the parameters of the rep...

Page 235: ...PORTING 219 Percent Patched The percentage of applicable devices that are patched NOTE If a selected vulnerability does not have an associated deployment it will not appear in the report Column Definition ...

Page 236: ...REPORTING 220 ...

Page 237: ...ystem Roles define the permissions and access rights for each user Figure 8 1 User Management View Viewing Users 1 From the Main menu select the Users tab STEP RESULT The users display in the Users window 2 If desired type a user name or select a role on which to filter 3 Click Update View STEP RESULT The Users table is populated based upon your filter criteria Defining User Access ZENworks Patch ...

Page 238: ...gned to a certain role There are two methods of bringing users into the system creating users and adding users Creating New Users When a user is created the user is added to both Patch Management Server and Windows NOTE If the user is given permission to manage other users within Patch Management Server they will be added to the Windows Administrators group Adding Existing Windows Users An existin...

Page 239: ...sist you in defining the roles that newly created users inherit The ZENworks Patch Management administrator can assign these roles to the user or may use a predefined role as a model in defining a custom role NOTE System roles provide access to all groups and devices A user assigned a system role has access to all devices and groups There are four system roles Administrator Manager Operator and Gu...

Page 240: ... system roles have a default set of access rights assigned to each role Users inherit the access rights of the role they are assigned Access rights begin at permitting read only view access to system data followed by offering the ability to export data At the administration level users can be assigned rights to fully manage the various system components and to initiate deployments NOTE If addition...

Page 241: ... Access the Devices section X X X X Export Device Data Enable the export of device data X X X Install Agents Access to the Agent Installers page X X Manage Devices Ability to enable disable and delete devices X X View Deployments Access to the Deployments section X X X X Manage Deployments Ability to enable disable abort change and delete deployments X X X Export Deployment Data Enable the export ...

Page 242: ...t Support Data Enable the export of support data X X View Agent Policies Access to the Options Policies tab X X X X Export Agent Policy Data Enable the export of agent policy data X X View Default Configuration Access the Options Configuration tab X X X X Export Configuration Data Enable the export of configuration data X X View E mail Notifications Access the Options E Mail Notifications tab X X ...

Page 243: ...a X X View Packages Access the Packages section X X X X Create Deployments Ability to create deployments X X X Export Package Data Enable the export of package data X X X Manage Packages Ability to add change disable enable and delete packages X X Enable Reboot Now Button Ability to reboot devices using the Reboot Now button X View Vulnerabilities Access the Vulnerability section X X X X View Vuln...

Page 244: ...gnments X Export Reports Ability to export application reports X X X Enable User Reports Ability to run reports returning data for only the devices and device groups to which the user has access X X X X Enable Scan Now Button Ability to deploy the Discover Applicable Updates DAU Task using the Scan Now button X X X View Users Access to the Users tabs X X X X Change Password Ability to change the p...

Page 245: ...individual devices associated with a particular role This option works in the same manner as the accessible groups option by allowing you to achieve a level of granularity in the assignment of roles to system users The accessible devices option allows you to limit a user s permissions to specified devices For example a user assigned access rights to manage devices can be limited to managing only a...

Page 246: ...nd or domain password policies Note that although a Password Strength Indicator is provided to display the strength or weakness of your password the actual password policy is defined by Windows The Full Name Office Phone Cell Phone Pager E mail and Description fields are not validated and apply no formatting rules other than maximum length of 25 characters 1 In the User Management page click Creat...

Page 247: ...Figure 8 3 Create User Wizard Create a New User 4 Enter the user credentials and contact information for the new user User Name Password Confirm Password and Role are required fields 5 Select a Role Administrator Manager Operator or Guest for the user from the pull down window list ...

Page 248: ...MANAGING USERS AND ROLES 232 6 Click Next STEP RESULT The Confirm User page opens Figure 8 4 Create User Wizard Creation Confirmation Page ...

Page 249: ...d to Windows and granted the appropriate access to the Patch Management Server Adding Existing Users Adding a user imports an existing Windows user into the ZENworks Patch Management database and access group and can import a user from an existing domain by logging into that domain as a domain user 1 In the User Management page click Create STEP RESULT The Create User Wizard opens 2 Select the Add...

Page 250: ...ers of one or more user names Use semicolons to separate user names To search for users within a specific domain prefix the user name with the domain DOMAINNAME UserName If searching using the domain select Log into the domain as Enter the User name Password and Domain name NOTE There must a secure connection between the domain and the Patch Management servers domain or the users will be unable to...

Page 251: ... found STEP RESULT The No Action value indicates that the user will not be added to the Patch Management Server or if the user already exists as a Patch Management user no changes are made to the user 7 Confirm the user information and click Finish STEP RESULT The Summary page opens 8 Verify the summary data and click Close STEP RESULT The Create User Wizard closes ...

Page 252: ... can edit other user s passwords using the procedure defined under Changing a User s Password on page 238 1 From the Users grid located under Action click the Edit user details icon associated with the user profile STEP RESULT The Edit User Wizard opens Figure 8 8 Edit User Wizard User Information page 2 Make the necessary modifications as defined in Creating New Users on page 230 3 Click Finish t...

Page 253: ...e select the checkbox for the users to remove 3 Click Remove STEP RESULT A Remove User warning displays 4 Acknowledge the warning by clicking OK STEP RESULT The user is removed Deleting Users Deleting a user from ZENworks Patch Management disables their access to the Patch Management Server and deletes the Windows account for that particular user NOTE Deleting a user not only removes the users acc...

Page 254: ...assword change 3 Click Change Password STEP RESULT The Change Password Wizard opens Figure 8 9 Change Password Wizard Weak Password 4 Type the new password in the New Password field STEP RESULT The Password Strength indicator displays the effectiveness of the password you select and displays the Weak indicator when the first character is typed in the New Password field 5 When the Password Strength...

Page 255: ...SULT The password is changed Working with User Roles The Patch Management Server includes both system and custom roles System roles are roles native to every installation and cannot be edited or disabled They allow control over all device groups and devices Custom roles are created by the administrator and allow for combining access rights and selected devices or groups for a particular user Figur...

Page 256: ...er Roles on page 243 Assigning a User Role to an Existing User on page 244 Disabling User Roles on page 245 Enabling User Roles on page 245 Deleting User Roles on page 246 NOTE When sorting user roles regardless of the requested sort column or order the system defined user roles Administrator Manager Operator and Guest will remain as the first four items ...

Page 257: ... Roles tab 2 Click Create STEP RESULT The Create a Role wizard opens Figure 8 12 User Role Wizard Role Information tab 3 On the Role Information tab a Type a name for the role in the Name field b Type a description for the role in the Description field c Select a role template in the Role Template drop down list Any existing role can be used as a template and as such will determine what access rig...

Page 258: ...le or click Assign All to move all of the groups to the Selected Groups table c To remove group access select the checkbox to the left of each of the desired groups d Click Remove to remove the selected groups from the Selected Groups table or click Remove All to remove all of the groups from the Selected Groups table Granting access to a Device Group gives permission to all devices within that gr...

Page 259: ...elect the checkbox to the left of each of the desired access rights d Click Remove to remove the selected access rights from the Selected Access Rights table or click Remove All to remove all of the access rights from the Selected Access Rights table 5 Select the Accessible Groups tab to define which groups the users assigned this role will be able to access a To assign group access select the che...

Page 260: ...esired devices d Click Remove to remove the selected devices from the Selected Devices table or click Remove All to remove all of the devices from the Selected Devices table 7 Click OK STEP RESULT The wizard saves your changes and closes Assigning a User Role to an Existing User User roles are assigned to users when you create or add a user NOTE At any given time ZENworks Patch Management must hav...

Page 261: ... the page filter Status is not set to Disabled 3 Click Update View to populate the tab 4 Select the role or roles to disable 5 Click Disable RESULT The role is disabled NOTE If you disable a role that is assigned to a user the user will be able to log on to the Patch Management Server but will be unable to view any pages Enabling User Roles You can enable edit and delete disabled roles Disabled us...

Page 262: ...tab 2 Ensure the Status filter is set to All or Disabled 3 Click Update View to populate the tab 4 Select the role or roles to delete NOTE You cannot delete Enabled User Roles or the system defined User Roles Administrator Manager Operator and Guest 5 Click Delete RESULT The disabled User Role is deleted CAUTION If you delete a role that is assigned to a user the user will be able to log on to the...

Page 263: ...ut the Options Page The Options page is available by clicking Options on the main toolbar The page comprises six management and configuration views as individual tabs Viewing Configuration Options Configuration options are viewable from the Options page 1 From the Main menu select Options STEP RESULT The Options page displays with the Subscription Service tab as the default view Figure 9 1 Configu...

Page 264: ... network With this detailed information the Patch Management Server generates a complete analysis of your network to identify the patches hot fixes service packs and updates of importance to your network The Patch Management Server connects to the Global Subscription Server GSS once daily to download a series of vulnerability definitions and packages Table 9 1 Subscription Service Tab Page Functio...

Page 265: ...a separated value csv file For additional information refer to Exporting Data on page 17 Button Function Information Description Last Subscription Poll Date and time of the last successful contact with Patch Management Server Subscription Replication Status Current replication status Replication ensures that the Patch Management Server remains current with the latest vulnerability package and lice...

Page 266: ...h Management Server license Vulnerabilities Downloads the current vulnerabilities according to the subscription type defined for the account Packages Downloads the current packages based upon the vulnerabilities selected for deployment Status The status of the task While the task is active the process begins with a status of Initializing Replication followed by downloads When the task is finished ...

Page 267: ...ription Service Configuration Functions Button Function Restart Stops and restarts the Global Subscription Server This button is located on the Service tab Save Saves any changes to the database then closes the Subscription Service Configuration window Cancel Closes the Subscription Service Configuration window without saving changes Apply Saves changes to the database without closing the Subscrip...

Page 268: ...and define your Patch Management Server communication settings 1 Select the Options tab STEP RESULT The Configuration Options window opens with the Subscription Service tab displaying as the default 2 Click Configure STEP RESULT The Subscription Service Configuration window opens Figure 9 4 Subscription Service Configuration Page ...

Page 269: ...unication with the Global Subscription Server Last Checked The last date and time the local Subscription Service contacted the Global Subscription Server Next Check The next scheduled date and time for the local Subscription Service to contact the Global Subscription Server Field Description Address Uses the defined proxy address when connecting to the Global Subscription Server Port Uses the defi...

Page 270: ...detail recorded to the Subscription Service Log Options include Debug Info Warn Error and Fatal Use SSL Enable SSL for use when communicating with the Global Subscription Server Enable Bandwidth Throttling Enables the Kilobytes per second field allowing you to set the maximum bandwidth used when communicating with the Global Subscription Server __ Kbytes per second The maximum Kbytes per second us...

Page 271: ...uage Tab 4 Select the check box corresponding to the language that you want to display 5 Click Apply 6 Click Save Configuring Enhanced Content The Subscription Service Configuration window allows you to enable disable and export enhanced content Enhanced content streamlines the manner in which applicable updates are detected by applying vendor tools to detect available and applicable updates ...

Page 272: ... The Configuration Options window opens with the Subscription Service tab displaying as the default 2 Click Configure STEP RESULT The Subscription Service Configuration window opens 3 Select the Content tab STEP RESULT The Subscription Service Configuration window s Content tab displays Figure 9 6 Subscription Service Configuration Content Tab 4 Select the Enable Enhanced Content option 5 Click Ap...

Page 273: ...ced Content option 5 Click Apply 6 Click Save Exporting Enhanced Content Data Enhanced Content data can be exported to a csv file using the following procedure 1 Select the Options tab STEP RESULT The Configuration Options window opens with the Subscription Service tab displaying as the default 2 Click Configure STEP RESULT The Subscription Service Configuration window opens 3 Select the Content t...

Page 274: ...at are part of your patch management activities This information is updated as part of the daily replication with the Global Subscription Server Figure 9 7 Products Tab Table 9 6 Products Tab Page Functions Button Function Validate Initiates a license replication that searches for any changes to your license data Export Exports license data to a comma separated value CSV file For additional inform...

Page 275: ...le 9 8 License Group Information License Description License In Use The total number of licenses in use by registered agents License Available The total number of licenses available for use Total Non Expired Licenses The total number of licenses active and available for use This number represents a sum of available licenses Field Description Description The license name or description Purchase Dat...

Page 276: ...ult Configuration The Patch Management Server Configuration page lets you establish modify and export the Deployment Defaults Agent Defaults Default Agent Policy ISAPI Communication and User Interface settings Figure 9 8 Configuration Tab ...

Page 277: ...t saved settings when you navigate away from the Configuration page Export Allows you to export the configuration information to a comma separated value csv file For additional information refer to Exporting Data on page 17 Deployment Setting Description Concurrent Maximum number of Deployments that can run simultaneously Deployment Limit The maximum amount of agents that can receive simultaneous ...

Page 278: ...f Simultaneous mandatory baseline deployments The maximum number of agents that can receive simultaneous mandator baseline deployments Consecutive Maximum number of times a deployment will be consecutively attempted The number of failed deployment attempts permitted before Update Server disables the deployment However this does not apply to mandatory baseline deployments Deployment Setting Descrip...

Page 279: ...or the defined period of time If an agent is disabled or uninstalled it does not appear as offline When disabled an agent is considered offline after failing to connect to the Patch Management Server after two of its communication intervals Agent Uniqueness Based On Defines the Agent Uniqueness method used to identify agents Options are Instance Validates using instanced validation Instanced valid...

Page 280: ...256 characters Legacy Agents have a Notification Timeout Time allotment for the notification window to display for pre 6 3 agents Legacy Agents have a Snooze Duration Maximum time allotment the agent can be set to snooze for pre 6 3 agents Field Description Field Description Should be run after Subscription Replication Select this option if you want the Discover Applicable Updates DAU task to run ...

Page 281: ...n users will start receiving warnings regarding when their password will expire Cache Timeout Allows you to define the maximum amount of time in minutes before the data grid will refresh updated from the database How should Deployment Wizard Start Times be displayed Agent Local Time Sets the deployment wizard to default to the agent local time Agent UTC Time Sets the deployment wizard to default t...

Page 282: ... Customize Row Values 2 If needed type a new row value in the Value field 3 Set the default value by selecting the desired Set Default radio button 4 Click OK RESULT The custom row values and default setting is saved and the Customize Row Values window closes Configuring ISAPI Communication Settings Patch Management Server supports the Internet Server API ISAPI communication settings for the Inter...

Page 283: ...ommand Timeout Field Description SQL Default 64 threads Select to enable the recommended thread count for a SQL Server implementation Custom Setting Select to define a custom between 5 and 256 thread count Field Description Default Select to set the Connection timeout to the default value of 30 seconds Custom Setting Select to define a custom between 5 and 300 seconds timeout setting Field Descrip...

Page 284: ...ng Agent Policy Sets to Device Groups The policy values are then assigned to the agents based upon their group membership When agents or groups are assigned conflicting policies the conflict resolution rules found under Defining Agent Policy Conflict Resolution on page 282 are applied Any agent that does not have all of the policies defined by it s various group memberships will have any missing p...

Page 285: ...sting displays information regarding each policy as illustrated in the following figure Figure 9 15 Agent Policies Button Function Create Creates a new Agent Policy Set Delete Deletes an existing Agent Policy Set Export Exports policy data to a comma separated value csv file For additional information refer to Exporting Data on page 17 Icon Name Function Edit Edits the associated Agent Policy Set ...

Page 286: ... Set The Create a Policy Wizard allows you to create and add a policy set to the Patch Management Server 1 Open the Agent Policy Sets page Options Policies 2 Click Create STEP RESULT The Create a Policy Set window opens Figure 9 16 Create a Policy Set ...

Page 287: ... information Detailed Captures all errors and the major system actions Debug Captures all errors and system actions Agent Scan Mode The mode in which the Discover Applicable Updates task runs Levels include Fast Scan Always run in Fast mode performs the discovery faster but uses more resources Initial Only Performs the first discovery scan in Fast mode and subsequent scans in Normal mode Normal Al...

Page 288: ...Download packages using HTTP regardless of whether HTTPS is used for agent to server communication Legacy Agent Start Time Relates to Hours of Operation settings Identifies when the agent can begin communication Legacy Agent End Time Relates to Hours of Operation settings Identifies when the agent must suspend communication Deployment Notification Defaults User May Cancel User can cancel the deplo...

Page 289: ...plicable Updates DAU The value here indicates the maximum amount of time between scans FastPath Servers FastPath Interval The time interval between agent and server communication The interval can be defined in minutes hours or days Servers Provides a listing of the Fastpath servers the agents can use when communicating with server Bandwidth Throttling Maximum Transfer Rate Defines the maximum amou...

Page 290: ...havior 1 Select the Agent Policy Set you wish to edit 2 Select the Edit icon to the left of the policy STEP RESULT The Edit a Policy Set window opens Figure 9 17 Edit a Policy Set 3 Edit the policy set as desired Refer to Creating a Policy Set on page 270 for details regarding the available policy options 4 Click Save to save your changes ...

Page 291: ...tomatically associated to the default policy 1 Click Options 2 In the Options page click Policies STEP RESULT The Policies tab is displayed Figure 9 18 Agent Policy Sets 3 Select the policy to remove by selecting the checkbox to the left of the policy 4 Click Delete STEP RESULT A Delete Confirmation dialog opens 5 Click Yes to acknowledge the deletion RESULT The policy is deleted from the system ...

Page 292: ...ollection Options The following procedure will walk you through setting the inventory collection options 1 Open Create Edit Policy Set STEP RESULT The Create Edit a Policy Set window opens 2 Scroll to the Inventory Collection area and click Define STEP RESULT The Select Inventory Collection window opens Button Function Reset Resets the window returning to the previous settings OK Closes the window...

Page 293: ... Controllers Scan for data regarding USB Device inventory from Enum USB IDE ATA ATAPI Controllers Scan for data regarding IDE ATA ATAPI controllers Other Hardware Devices Scan for system device data Processors Scan for processor data USB Storage Devices Scan for data regarding USB device inventory from Enum USBSTOR Network Adapters and MAC Addresses may use WMI Scan for data regarding network adap...

Page 294: ...ial number Device Manufacturer and Model may use WMI Scan for the device manufacturer and model Device Asset Tag requires WMI Scan for the device s asset tag User Last Logged On Scan for last logged in user and time System Uptime may use WMI Scan for and return the time since last reboot system uptime Custom import from file may use WMI Scan for a file containing custom inventory data For addition...

Page 295: ...ommunication with the Patch Management Server to a specific time range only NOTE Hours of Operation is based on the Agent s local time Figure 9 20 Agent Hours of Operation Table 9 23 Hours of Operations Page Functions Setting An Hours of Operation Policy 1 Open Create Edit Policy Set STEP RESULT The Create Edit a Policy Set window opens Button Function Reset Resets the previous Hours of Operations...

Page 296: ...be saved until you have selected Save on the originating page Defining FastPath Servers The Fastpath functionality will allow for the redirection of an agent from the Patch Management Server to a Fastpath Server or any caching proxy server based upon the fastest route Table 9 24 FastPath Server Fields Adding and Editing FastPath Servers 1 Open Create Edit Policy Set STEP RESULT The Create Edit a P...

Page 297: ...astPath Servers area and click Modify STEP RESULT The Edit FastPath Servers window opens Figure 9 21 Edit FastPath Servers Window 3 Click the Add link or Edit icon STEP RESULT The Add FastPath Server dialog opens Figure 9 22 Add FastPath Server Dialog ...

Page 298: ...gent Policy Conflict Resolution When a group is assigned conflicting policies those policies must be validated and any conflicting policies resolved The policies are resolved in the following order 1 Group Policies The conflicting policy sets assigned to a group are resolved prior to attempting to resolve the agent policies The following rules apply a Any directly assigned policies with conflictin...

Page 299: ...ct Resolution Policy Setting Resolution Logging Level The agent will use the most verbose Logging Level Debug Detailed Basic Information None Agent Scan Mode The agent will use the fastest Agent Scan Mode Fast Scan Initial Scan Normal Scan Communication Interval The agent will use the shortest Communication Interval Agent Listener Port If any group has an Agent Listener port defined not zero the a...

Page 300: ...l use True Reboot Within n Minutes The agent will use the smallest Reboot Within value Discover Applicable Updates DAU Scheduling Frequency The agent will use the longest possible DAU frequency FastPath Interval The agent will use the shortest FastPath interval FastPath Servers The agent will use all of the defined FastPath servers Maximum Transfer Rate The agent will use the smallest transfer rat...

Page 301: ...l alerts Figure 9 23 E Mail Notification Tab The following table describes the functions available on the E Mail Notification tab Table 9 26 E Mail Notification Page Functionality Button Function Create Creates a new e mail notification Save Saves the changes made to e mail notification NOTE Be sure to click Save after making any changes If you do not click Save the system will revert to the last ...

Page 302: ...me Description New Vulnerabilities Alerts when a new vulnerability becomes available for deployment New Agent Registrations Alerts when an agent registers with the Patch Management Server Subscription Failure Alerts when any subscription task download fails Deployment Failure Alerts when a deployment fails Low System Disk Space Alerts when the free disk space on the Patch Management Server falls b...

Page 303: ...defined level The level is measured in Megabytes MB and must be a whole number between 1 and 9 999 MB 9 765 GB Low Storage Disk Space Alert is generated if the storage drive disk space on the Update Server drops below the defined level The level is measured in Megabytes MB and must be a whole number between 1 and 9 999 MB 9 765 GB Check Disk Space Every __ Interval Represents the schedule that the...

Page 304: ...est RESULT A confirmation message informs you that the test message was sent Technical Support Information Clicking on the Support tab causes the Technical Support page to be displayed The Technical Support page is a view only page that provides a variety of system data pertaining to the Patch Management Server environment It also provides links to contacting support Figure 9 24 Technical Support ...

Page 305: ...information refer to Exporting Data on page 17 Field Description Name The name of the computer on which Patch Management Server is installed Serial Number The serial number used by this server Operating System The operating system installed and running on the Patch Management Server machine Last Connected with Novell ZENworks The date and time the system last made a connection with the Global Subs...

Page 306: ...atch Management Server was installed Storage Volume Free Space The amount of free disk space on your storage volume System Root Free Space The amount of free disk space on your system volume Total Agents Registered The total number of agents registered with this Patch Management Server Replication Service Version The version of the local Global Subscription Server Field Description Field Descripti...

Page 307: ...ormation Field Description Link Description Contact Technical Support Sends an e mail to the Novell technical support team Access Product Knowledge Base Accesses the Novell Knowledge Base Access Product Web Site Accesses the Novell Web site Ask a Question Sends a support question to the Novell technical support team via e mail Request a Patch Sends a patch request to the Novell technical support t...

Page 308: ...CONFIGURING DEFAULT BEHAVIOR 292 ...

Page 309: ... display the device as Not Patched After installing the Patch Management Agent there is generally no additional user interaction required at the device About the Agent for Pre Windows Vista The agent is responsible for retrieving device data uploading the device data to Patch Management Server and deploying vulnerabilities to the device Viewing the Pre Windows Vista Agent 1 Go to Start Settings Co...

Page 310: ... Patch Management Server location and the communication status Table 10 1 Server Information Deployment Tab Field Description Patch Management Server The URL of the ZENworks Patch Management Server the agent is registered against Deployment Agent Status Indicates the current status started stopped working waiting or restarting of the ZENworks Patch Management service on the local device ...

Page 311: ...ion Last Checked Time When the agent last communicated with the Patch Management Server Next Checked Time Next scheduled time when the agent will contact the ZENworks Patch Management Server Logging Level The agent s current logging level As defined in Customizing and Administering Agent Policy Sets on page 257 Agent Listener Port The port on which the agent will listen for communication 0 Disable...

Page 312: ...STEP RESULT The clear confirmation message dialog box opens Figure 10 3 Clear Agent Log Message 2 Click Yes RESULT The system clears the Agent Log Agent Operations The following table describes the Agent Operations area Table 10 4 Agent Operations on the Deployment tab Use To Check Now Cause the Agent to contact the Patch Management Server Restart Agent Restarts the ZENworks Patch Management servi...

Page 313: ... Patch Management Server and checks for any pending tasks or deployments and the Last Checked Time is updated to reflect the current time Restarting the Agent Complete the following procedure to restart the Agent 1 Click Restart Agent 2 The Agent restarts RESULT The Deployment Agent Status field confirms that the Agent is restarting by displaying Restarting and then Started when complete Detection...

Page 314: ...e describes the Log Operations area Table 10 7 Log Operations Detection Tab Field Description Patch Management Server The URL of the ZENworks Patch Management Server the agent is registered against Deployment Agent Status Indicates the current status started stopped working waiting or restarting of the ZENworks Patch Management service on the local device Field Description Last Detection Time The ...

Page 315: ...og RESULT The Detection Log opens Figure 10 5 View Detection Log Clearing the Detection Log Complete the following procedure to clear the Detection Log 1 Click Clear Detection Log STEP RESULT The Clear confirmation message dialog box opens Figure 10 6 Clear Agent Log Message 2 Click Yes RESULT The system clears the Detection Log ...

Page 316: ... Agent to detect vulnerabilities immediately 1 Click Detect ASAP RESULT The Agent starts the Discover Applicable Updates task The Last Detection Time field reflects the current time Proxies Tab The Proxies tab allows you to configure proxy settings for communication with the Patch Management Server Figure 10 7 Proxies Tab Use To Detect ASAP Causes the agent to start a Discoverable Applicable Updat...

Page 317: ... Type the server s URL address in the Server field 3 Type the port in the Port field 4 If you are using an Authenticated proxy select Authenticated STEP RESULT The Username and Password fields become active Figure 10 8 Proxy Tab 5 Type the username in the Username field Field Description Patch Management Server The URL of the ZENworks Patch Management Server the agent is registered against Deploym...

Page 318: ... STEP RESULT The confirmation dialog box opens Figure 10 9 Proxy Change Confirmation 8 Click Yes RESULT The proxy information is saved About Tab The About Tab displays information regarding the Agent and its associated ZENworks Patch Management Server Figure 10 10 About Tab ...

Page 319: ...e URL of the ZENworks Patch Management Server the agent is registered against Deployment Agent Status Indicates the current status started stopped working waiting or restarting of the ZENworks Patch Management service on the local device Field Description Client Agent Version number of the Patch Management Agent Detection Agent Version number of the Detection Agent Patch Management Server Version ...

Page 320: ...lays on the Device screen Figure 10 11 Novell ZENworks Desktop Deployment Manager Pending Deployment An icon is also visible in the taskbar Figure 10 12 Novell ZENworks Desktop Deployment Manager Icon Beginning the Deployment Complete the following procedure to begin a deployment 1 Click Install RESULT The Agent starts the deployment Delaying a Deployment Complete the following procedure to delay ...

Page 321: ...e deployment is part of a mandatory baseline the Patch Management Server will redeploy the patch until it is installed on the device User Interaction During a Reboot If the agent must reboot the device a user is logged into the device and reboot notification was enabled the Novell ZENworks Desktop Deployment Manager will displays on the Device screen Figure 10 13 Novell ZENworks Desktop Deployment...

Page 322: ...ancel reboot 1 Click Cancel if Cancel is not available your Administrator has disabled your ability to cancel reboots STEP RESULT A confirmation dialog box displays confirming your choice 2 Click Yes RESULT The reboot is cancelled About the Patch Management Agent for Mac The Patch Management Agent for Mac is a graphical user interface application for Apple OS X The agent is responsible for uploadi...

Page 323: ...b Server Information The following table displays server information Table 10 12 Server Information Displayed in the Mac Agent Field Description Patch Management Server The URL of the ZENworks Patch Management Server the agent is registered against Proxy Server The URL of the proxy server if a proxy server is configured Proxy Port The port used by the proxy server if a proxy server is configured ...

Page 324: ...h Management Server Next Checked The next scheduled time when the agent will contact the ZENworks Patch Management Server Field Description Field Description Logging Level The logging level performed by the Patch Management Agent Valid values for this field are None Basic Info Detailed and Debug Agent Listener Port The port that the Patch Management Agent uses to connect to the ZENworks Patch Mana...

Page 325: ...tection operations and view the detection log The Detection tab is comprised of two areas Figure 10 16 Agent Detection Tab View Error Log Opens a text file containing the agent error log Clear Error Log Clears the agent error log More Information Displays agent configuration information usage information and excerpts of the agent activity and error logs in the Results field Field Description ...

Page 326: ...anel STEP RESULT The Novell Agent Control Panel opens 3 Click Refresh Starting the Agent Starting the Patch Management Agent activates the agent and initiates a connection attempt between the Patch Management Agent and the configured ZENworks Patch Management Server 1 Click System Preferences 2 Click Patch Management Agent Control Panel STEP RESULT The Novell Agent Control Panel opens The Deployme...

Page 327: ...Control Panel STEP RESULT The Novell Agent Control Panel opens The Deployment tab is the default 3 Click Stop Agent Restarting the Agent Restarting the Patch Management Agent stops and then restarts the Patch Management Agent then initiates a connection attempt between the Patch Management Agent and ZENworks Patch Management Server 1 Click System Preferences 2 Click Patch Management Agent Control ...

Page 328: ...o the device the Novell ZENworks Desktop Deployment Manager displays on the Device screen Figure 10 17 Novell ZENworks Desktop Manager Pending Deployment Beginning the Deployment Complete the following procedure to begin a deployment 1 Click Install RESULT The Agent starts the deployment Delaying a Deployment Complete the following procedure to delay a deployment 1 Select a time frame from the dro...

Page 329: ...yment is part of a mandatory baseline the Patch Management Server will redeploy the patch until it is installed on the device User Interaction During a Reboot If the agent must reboot the device a user is logged into the device and reboot notification was enabled the Novell ZENworks Desktop Deployment Manager will displays on the Device screen Figure 10 18 Novell ZENworks Desktop Deployment Manage...

Page 330: ...ays confirming your choice 2 Click Yes RESULT The reboot is cancelled About the Patch Management Agent for Linux Unix The Linux Unix Agent is a command line based application that does not have a user interface While you are in the root directory inside the Patch Service program type user local patchagent readme Refer to the following commands to complete tasks within these agents Table 10 15 LUMN...

Page 331: ... Agent RESULT restart Stop and start the Agent process patchdirectory Sets the directory where patches will be temporarily downloaded setmacro Specifies the macro definitions that should be used by the agent archivelogs Archives the Agent logs so that they can be sent to Novell proxysetup Set p your proxy server clearAgentLog Clears the Patch Management Agent error log file clearErrLog Clears the ...

Page 332: ...USING THE AGENT 316 The Agent Control Panel opens Figure 10 19 Agent Control Panel ...

Page 333: ...ction Page Compliance Displays whether your computer is compliant with corporate policies The available values are as follow Table 10 16 Computer Compliance Status Status Description Displays Compliant Green Service is running and the Patch Management Agent is idle Unable to Determine Compliance Red Service is not running ...

Page 334: ...and the Agent Version Tools and Settings The Tools and Settings page is comprised of links to the following Proxy Settings The Proxy Settings link opens the Proxy Settings page allowing you to view or modify the agent s current proxy configuration Logging The Logging link opens the Log Files page allowing you to view or clear the Agent log files Notification Manager The Notification Manager link o...

Page 335: ...ing procedure to configure proxy settings 1 Select Override the Server Provided Proxy Settings STEP RESULT The Proxy Server Address Proxy Server Port and SSL Enabled fields become active 2 Type the proxy server s address in the Proxy Server Address field 3 Type the port in the Proxy Server Port field 4 If your proxy uses https select the SSL Enabled field 5 If you are using an Authenticated proxy ...

Page 336: ...Password fields 6 Click Save RESULT The proxy information is saved Logging The Log Files page provides buttons to view and clear the Agent log files Figure 10 22 Log Files Page Viewing a Log File Complete the following procedure to view a log file 1 If desired click the Name Date Modified or Size column heading to sort the log files 2 Click the View button to open the Log Detail page ...

Page 337: ...ENT 321 Clearing a Log File Complete the following procedure to clear the log file 1 If desired click the Name Date Modified or Size column heading to sort the log files 2 Click the Truncate button to clear the log ...

Page 338: ...n Manager page is comprised of the Notification Settings area which provides the following information Figure 10 23 Vista Agent Notification Manager Page Table 10 17 Notification Manager Page Field Descriptions Field Description Notification Manager Version Displays the version of the Notification Manager For use by Technical Support Always Show Icon in System Tray When selected will force the Not...

Page 339: ...s Page Table 10 18 Server Settings Page Field Descriptions Field Description Patch Management Server Version Provides the version of the Patch Management Server that this agent is registered against Open Patch Management Server A link that when clicked will open the Patch Management Server in a web browser Agent Center Version Provides the associated Agent Center version For use by Technical Suppo...

Page 340: ...ice the Novell ZENworks Desktop Deployment Manager displays on the Device screen Figure 10 25 Novell ZENworks Desktop Deployment Manager Pending Deployment Beginning the Deployment Complete the following procedure to begin a deployment 1 Click Install Now RESULT The Agent starts the deployment Delaying a Deployment Complete the following procedure to delay a deployment 1 Select a time frame from t...

Page 341: ...part of a mandatory baseline the Patch Management Server will redeploy the patch until it is installed on the device User Interaction During a Reboot If the agent must reboot the device a user is logged into the device and reboot notification was enabled the Novell ZENworks Desktop Deployment Manager will displays on the Device screen Figure 10 26 Novell ZENworks Desktop Deployment Manager Pending...

Page 342: ...st RESULT The reboot is delayed for the selected duration Canceling the Reboot Complete the following procedure to cancel reboot 1 Click Cancel if Cancel is not available your Administrator has disabled your ability to cancel reboots STEP RESULT A confirmation dialog box displays confirming your choice 2 Click Yes RESULT The reboot is cancelled ...

Page 343: ...also contain a list of devices and device groups Regardless of how a user is authenticated the access and permissions are defined solely by the ZENworks Patch Management Administrator NOTE ZENworks Patch Management default security settings prohibit the use of any browser other than Internet Explorer 6 SP 1 and above If you need to remove this restriction and disable the enhanced security settings...

Page 344: ...s Usually the result of an extended period of inactivity Unsupported Browser Version This page is displayed whenever a user attempts to open the Patch Management Server with an unsupported browser WinInet Error Codes ZENworks Patch Management uses Microsoft s WinInet API for communication between the Agents and Server When this communication fails the error codes returned are WinInet error codes T...

Page 345: ...lid user name or password NOTE ZENworks Patch Management will display a custom error page as defined under Server Error Pages on page 327 instead of the default HTTP 401 1 Logon failed error page HTTP 403 4 SSL required You must use HTTPS instead of HTTP when access this page HTTP 403 9 Too many users The number of connected users exceeds the defined connection limit HTTP 404 Not found The request...

Page 346: ...nt is in a Chain status the agent can accept chained deployments only until after a reboot The agent is in a Reboot status the agent can accept no more deployments until after it reboots The agent is in a Chain status the agent can accept chained deployments only until after a reboot and is sleeping due to its Hours of Operation settings The agent is in a Reboot status the agent can accept no more...

Page 347: ...during the installation of ZENworks Patch Management This process involves obtaining a SSL certificate CER and installing the certificate during the installation Refer to the ZENworks Patch Management 6 4 SP2 Server Installation Guide for details regarding installing with SSL enabled Use Secure Passwords Worm attacks frequently try to log in with weak and commonly used passwords For secure passwor...

Page 348: ...se it is required by both Microsoft SQL Server and Internet Information Server 5 Click Uninstall 6 Click OK RESULT File and Printer Sharing for Microsoft Networks is no longer enabled Put Your Server Behind a Firewall Since the ZENworks Patch Management Server receives its patch updates from the Global Subscription Server GSS there is no need to allow access from the Internet into the Patch Manage...

Page 349: ...The following services are required to run ZENworks Patch Management World Wide Web Publishing Service IIS Admin Service MSSQLSERVER ZENworks Patch Management Lock Down Unused TCP and UDP Ports Preventing network traffic on various unused and vulnerable TCP and UDP ports should be completed through the use of a firewall However if a firewall is not available or additional machine level locking is ...

Page 350: ... SERVER 334 3 On the Local Area Connection Status General tab click Properties STEP RESULT The Local Area Connection Properties window opens Figure B 2 Local Area Connection Properties 4 Select the Internet Protocol TCP IP protocol ...

Page 351: ...ties STEP RESULT The Internet Protocol TCP IP Properties window opens Figure B 3 Internet Protocol TCP IP Properties 6 In the General tab click Advanced STEP RESULT The Advanced TCP IP Settings window opens 7 Select the Options tab 8 Select TCP IP Filtering ...

Page 352: ...n the TCP Port field c Click OK STEP RESULT The Add Filter window closes d Repeat steps a b and c to add port 80 NOTE No other ports are required although you may want to enable additional ports to allow DNS TS or VNC 13 Select the Permit Only UDP Ports option leaving the UPP Ports window blank since no UDP ports are required 14 Close the open windows AFTER COMPLETING THIS TASK With all ports lock...

Page 353: ...37 Apply All Security Patches Apply all applicable Microsoft Security Patches to ensure that the server remains protected against all known security threats Be sure to apply the most recent patches for IIS SQL Server and Windows Server 2003 ...

Page 354: ...SECURING YOUR PATCH MANAGEMENT SERVER 338 ...

Page 355: ...ontent Update Tool System Requirements Supported Operating Systems The Content Update Tool is supported on the following operating systems Microsoft Windows Server 2003 Standard Edition with SP1 or higher Windows Server 2003 Enterprise Edition with SP1 or higher Hardware Requirements The computer on which the Content Update Tool is run must meet the following minimum hardware requirements 512 MB o...

Page 356: ...tent Update Tool you must download the tool from your ZENworks Patch Management Server Agent Installers page 1 Log on to the target computer as the local administrator or a member of the LOCAL_ADMINS group 2 Launch your web browser 3 Type your Update Server URL in your web browser s Address field and press Enter 4 Type your user name in the User name field 5 Type your password in the Password fiel...

Page 357: ...gent Installers window select the Content Update Tool download link STEP RESULT The File Download dialog box opens 10 In the File Download dialog box click Save STEP RESULT The Save As window opens 11 Specify the location to save the ContentUpdateTool msi file and click Save RESULT The ContentUpdateTool msi file is saved to the specified location ...

Page 358: ...e opens 3 If you agree with the license agreement select the I Agree option 4 Click Next STEP RESULT The Select Installation Folder page opens Figure C 2 Content Update Tool Select Installation Folder Page 5 If a different installation folder is required a Click Browse b Select a new folder and click Save STEP RESULT The Select Folder window closes returning to the Select Installation Folder page ...

Page 359: ...Tab Proxy Server Tab and Options Tab before you can continue The following table defines the Update Server tab configuration options Table C 1 Content Update Tool Server Tab Configuration Options The following table defines the Proxy Server tab configuration options Table C 2 Content Update Tool Proxy Server Tab Configuration Options Field Description Server Name The name of your Patch Management ...

Page 360: ...ovell ZENworks ZENworks Content Update Tool 6 4 SP 2 to start the Content Update Tool STEP RESULT The Welcome page opens Authenticated Proxy Select if the defined proxy requires a user name and password Selecting this option will enable the Username and Password fields Username The user name used when connecting via the defined proxy Password The password associated with the defined user name Fiel...

Page 361: ...e configuration options Table C 5 Content Update Tool Proxy Server Tab Configuration Options Field Description Server Name The name of your Patch Management Server Serial Number The Patch Management Server serial number Field Description Use Proxy Select if a proxy is required during the communication between the Content Update Tool and your Patch Management Server Selecting this option will enabl...

Page 362: ...s to only those vulnerabilities that have not already been cached select the Only show vulnerabilities not cached option Port The proxy server s port Authenticated Proxy Select if the defined proxy requires a user name and password Selecting this option will enable the Username and Password fields Username The user name used when connecting via the defined proxy Password The password associated wi...

Page 363: ...de selecting the checkboxes in the Selected column When selecting vulnerabilities the following reference fields are available Manufacturer The manufacturer of the currently selected vulnerability Website The manufacturer s website Vulnerabilities The total number vulnerabilities from the selected manufacturer Signatures The total number of signatures from the selected manufacturer Description A d...

Page 364: ...age components a Type or browse to using the ellipsis button the target search directory b If desired select the Search Subdirectories option to include any sub folders in the search c Click Search STEP RESULT Files that are an exact match to the vulnerabilities metadata including filename file size checksum etc will be automatically selected NOTE When you perform an automatic selection the Conten...

Page 365: ...name column c Click Open to select the file and return to the Package Selection page 16 Click Import to begin the package import CAUTION Although the Content Update Tool will allow you to force an import when the package is not an exact match to the vulnerability definition this practice is discouraged Possible reasons for the package not matching include file corruption and tampering Additionally...

Page 366: ... failed to match will be added to the beginning of the vulnerability description STEP RESULT The package components are uploaded to your Patch Management Server and the Summary Report page will open when complete Figure C 6 Content Update Tool Summary Report Page 17 Click Close to exit the wizard ...

Page 367: ...2005 Standard or Enterprise or as a download from the Microsoft Download Center Preparing Your Database The installation of ZENworks Patch Management sets your database to a recovery model of Simple To use Transaction Logs and thus increase the quality of your disaster recovery solution you should change the recovery model to Full Changing the Database Recovery Model 1 Open the Microsoft SQL Serve...

Page 368: ... In the Recovery model field select Full 8 Click OK STEP RESULT The changes are saved and the Database Properties window closes 9 Repeat for the PLUS_Staging database and the PLAMS and PLUS_Reports databases if they exist AFTER COMPLETING THIS TASK You must create a backup of each database before any Transaction logs will be created Refer to Creating a Database Backup on page 353 to create a one t...

Page 369: ...SQL Server Management Studio Creating a Database Backup The most important part of an effective disaster recovery technique is having a current and valid backup 1 Open the Microsoft SQL Server Management Studio Start Programs Microsoft SQL Server 2005 SQL Server Management Studio 2 Log into your database server 3 Expand your server group server and database folder until you see the PLUS database 4...

Page 370: ...ack Up Database 6 Ensure that the Source values are set as follows Database PLUS Recovery model Full NOTE If the Recovery model is not set to Full refer to Changing the Database Recovery Model on page 351 Backup Type Full Backup Component Database 7 Define the backup set Name Description and when the Backup set will expire ...

Page 371: ... drive as your database 9 Select Options within the Select a page field STEP RESULT The Options page displays Figure D 3 Back Up Database Options 10 Select whether to Backup up to the existing media set or Back up to a new media set and erase all existing backup sets as is appropriate for your organization 11 Select the Verify backup when finished option to ensure a valid backup 12 Click OK 13 Rep...

Page 372: ... and right click the ZENworks Patch Management service 3 Select Stop to stop the ZENworks Patch Managementservice 4 Select and right click the World Wide Web Publishing Service 5 Select Stop to stop the World Wide Web Publishing Service 6 Open the Microsoft SQL Server Management Studio Start Programs Microsoft SQL Server 2005 SQL Server Management Studio 7 Log into your database server 8 Expand yo...

Page 373: ...ame for the database automatically defines the database files restored from the database backup 12 Select From device and click the ellipses button STEP RESULT The Specify Backup window opens 13 Click Add STEP RESULT The Locate Backup File window opens 14 Locate and select your backup bak file 15 Click OK 16 Click OK to return to the Restore Database window 17 Select your backup within the Select ...

Page 374: ...rwrite the existing database option is selected 20 Verify and correct if necessary the directory path within the Restore the database files as field 21 Ensure the Leave the database ready to use option is selected 22 Click OK to begin the database restoration 23 Repeat for the PLUS_Staging database 24 Restart the ZENworks Patch Management and World Wide Web Publishing Service services ...

Page 375: ...ing a Maintenance Plan The following procedure will walk you through the process of creating an automated Database Maintenance Plan for your PLUS and PLUS_Staging databases PREREQUISITE Prior to creating a Maintenance Plan you must upgrade your database server to Microsoft SQL Server 2005 Standard or Microsoft SQL Server 2005 Enterprise install SSIS SQL Server Integration Services and set the SQL ...

Page 376: ...lect a Target Server page opens 7 Define the maintenance plan Name Description optional target Server and Authentication method 8 Click Next STEP RESULT The Select Maintenance Tasks page opens 9 Select the following maintenance tasks Check Database Integrity Clean Up History optional Back Up Database Full Back Up Database Transaction Log 10 Click Next STEP RESULT The Select Maintenance Task Order ...

Page 377: ...Database Full Back Up Database Transaction Log Clean Up History optional 12 Click Next STEP RESULT The Define Database Check Integrity Task page opens 13 Click the Database drop down a Select the These databases option b Select the PLUS and PLUS_Staging databases c Click OK 14 Ensure that the Include indexes option is selected ...

Page 378: ...15 Click Next STEP RESULT The Define Back Up Database Full Task page opens Figure D 7 Define Back Up Database Full Task 16 Click the Database drop down a Select the These databases option b Select the PLUS and PLUS_Staging databases c Click OK ...

Page 379: ...backup integrity 18 Click Next STEP RESULT The Define Back Up Database Transaction Log Task page opens 19 Click the Database drop down a Select the These databases option b Select the PLUS and PLUS_Staging databases c Click OK 20 Define your Back up Destination settings a Select either the Disk or Tape option b Select to Create a backup file for every database c Select to Create a sub directory fo...

Page 380: ... Cleanup History Task 22 If the Clean Up History option was selected define the Cleanup History Task options a Ensure that Backup and restore history is selected b Ensure that SQL Server Agent job history is selected c Ensure that Maintenance plan history is selected d Define the Remove historical data older than setting as appropriate for your organization e Click Next STEP RESULT The Select Plan...

Page 381: ...Name for the schedule b Select a Schedule type c Ensure that Enabled is selected d Define the Occurrence frequency Daily Weekly or Monthly and options e Define the Daily frequency f Define the Duration g Click OK STEP RESULT The changes are saved and the New Job Schedule page closes 24 Click Next STEP RESULT The Select Report Options page opens 25 Set your desired reporting options ...

Page 382: ...ens 27 Click Finish to complete the wizard AFTER COMPLETING THIS TASK You must now establish a backup procedure which will archive all of your backup files and the contents of the Patch Management Server Storage directory on a regular basis This can be done through the use of any file backup utility ...

Page 383: ...stribution Point is supported on the following operating systems Microsoft Windows Server 2003 Standard Edition Windows Server 2003 Enterprise Edition Windows Server 2003 R2 Standard Edition Windows Server 2003 R2 Enterprise Edition NOTE For additional operating system support details refer to http httpd apache org Hardware Requirements The computer on which the Distribution Point is installed mus...

Page 384: ...rs page 1 Log on to the target computer as the local administrator or a member of the LOCAL_ADMINS group 2 Launch your web browser 3 Type your Patch Management Server URL in your web browser s Address field and press Enter 4 Type your user name in the User name field 5 Type your password in the Password field 6 Click OK STEP RESULT The ZENworks Patch Management Server Home page opens 7 Select Devi...

Page 385: ...gent Installers window select the Distribution Point download link STEP RESULT The File Download dialog box opens 10 In the File Download dialog box click Save STEP RESULT The Save As window opens 11 Specify the location to save the DistributionPoint msi file and click Save RESULT The DistributionPoint msi file is saved to the specified location ...

Page 386: ...ed a Click Change STEP RESULT The Save As window opens b Browse to and select a new path c Click Save STEP RESULT The Save As window closes returning to the Destination Folder window with the new path selected 6 Click Next STEP RESULT The Cache Folder page opens 7 If a different cache location is required a Click Change STEP RESULT The Save As window opens b Browse to and select a new path c Click...

Page 387: ...g so may disable your Distribution Point and could require re installation CAUTION Reinstallation of the Distribution Point will not overwrite any of the configuration files in the conf subdirectory The new file is appended with a default extension The Field Description Network Domain The DNS domain in which your Distribution Point is registered MyDomain com Server Name The full DNS name of the se...

Page 388: ...nstallation path Defined during installation Program Files Apache Software Foundation Apache2 2 Listen value The ports on which the Distribution Point monitors incoming traffic Defined during installation 80 ServerAdmin value The Distribution Point Administrator s e mail address Defined during installation ServerName value The Distribution Point s Hostname includes port if the Distribution Point w...

Page 389: ...Apache Software Foundation Apache2 2 cache CacheMaxFileSize value The maximum file size in bytes that will be cached 100000000000 CacheMinFileSize value The minimum file size in bytes that will be cached 1 CacheEnable type URL The storage type and URLs to cache disk disk1 http patchlink 1 CacheDirLevels value The number of subdirectory levels in the cache 3 CacheDirLength value The number of chara...

Page 390: ...02_012N ZENWORKS PATCH MANAGEMENT USER GUIDE NOVELL INC 1800 SOUTH NOVELL PLACE PROVO UT 84606 UNITED STATES OF AMERICA PHONE 1 800 858 4000 E MAIL INFO NOVELL COM ...