Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - POLICY MANAGEMENT REFERENCE 10.3 30-03-2010 Management Manual page 13

In ZENworks Control Center, devices and users can be organized by using containers and
groups. A device or user can be a member of multiple groups. The containers can be nested
within other containers. If a policy is associated to a group of users, it applies to all users in that
group. If a policy is associated to a user container, it applies to all users in the entire subtree
rooted at that container. The same behavior applies to device groups and containers.
A policy can be associated to query groups.
In ZENworks Control Center, the devices can also be members of query groups. Query groups
are similar to ordinary groups except that the membership is determined by a query defined by
the administrator. All devices that satisfy the query become members of that device group. The
query is evaluated periodically and the membership is updated with the results. An
administrator can configure the periodicity of the evaluation. An administrator can also force
an immediate refresh of a query group. Query groups act just like other groups where policies
are concerned.
Policies are chronologically ordered by default.
When multiple policies are associated to a device, user, group, or container, the associations are
chronologically ordered by default. The administrator can change the ordering.
If a device or user belongs to multiple groups, the groups are ordered. Consequently, the
policies associated to those groups are also ordered. The administrator can change the ordering
of groups for a device or user at any time.
In addition, the policies in a policy group are ordered.
Policies have a precedence configured to determine the policy that is effective for a device or a
user.
Many policies of the same type can be applied to a user or a device through direct association
and inheritance. For example, if a Browser Bookmark policy is associated to a user and another
Browser Bookmark policy is associated to a container containing that user, the policy directly
associated to that user overrides the policy associated to the container.
Policies support management by exception.
You can define a global policy for your enterprise and associate it to the top-level container
containing all your user objects. You can then override configuration items in the global policy
by defining a new policy and associating it to specific users or user groups. These users receive
their configuration from the new policy. All other users receive their configuration from the
global policy.
Policies support system requirements.
You can specify the system requirements of a device or user in a policy. The policy is applied to
a device or user only if the device or user meets the system requirements.
For example, the SNMP policy is applied by default on all devices having the SNMP service
installed.
ZENworks Configuration Management supports singular and plural policies.
Singular Policy: If multiple policies of the same policy type are assigned to a device or a user
and the policy type is a Singular policy, then only the nearest associated policy meeting the
system requirements is applied. If the policy type is associated to both user and device, then
two different policies can be assigned to user and device.
The SNMP policy, Dynamic Local User policy, Remote Management policy, Roaming Profile
policy, and ZENworks Explorer Configuration policy are singular policies.
Overview 13