1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
  6. User manual

Novell ZENWORKS PATCH MANAGEMENT 6.4 SP2 User Manual

Hide thumbs Also See for ZENWORKS PATCH MANAGEMENT 6.4 SP2:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Installation Manual

User Guide

ZENworks Patch Management 6.4 SP2

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ZENWORKS PATCH MANAGEMENT 6.4 SP2 and is the answer not in the manual?

Questions and answers

Related Manuals for Novell ZENWORKS PATCH MANAGEMENT 6.4 SP2

Summary of Contents for Novell ZENWORKS PATCH MANAGEMENT 6.4 SP2

  • Page 1: User Guide

    User Guide ZENworks Patch Management 6.4 SP2...
  • Page 2 Feedback Your feedback lets us know if we are meeting your documentation needs. E-mail the Novell Technical Publications department at techpubs@novell.com to tell us what you like best, what you like least, and to report any inaccuracies. - II -...

  • Page 3: Table Of Contents

    Table of Contents Preface About This Guide ....................xv Typographical Conventions .................. xvi ZENworks Patch Management Overview Product Overview ....................1 Patch Management Server and Agent Process............2 System Requirements ................... 3 Minimum Hardware Requirements............... 3 Supported Operating Systems ................3 Other Software Requirements................
  • Page 4 Adding a Graph to the Dashboard ..............25 Removing a Graph from the Dashboard ..............26 License Expiration....................26 Using Vulnerabilities and Packages About Vulnerabilities ....................29 Defining Vulnerability Structure .................30 Vulnerabilities .....................30 Signatures ....................31 Fingerprints ....................31 Pre-requisites....................31 Packages ....................31 The Vulnerabilities Page..................32 To Access The Vulnerabilities Page ..............32 Viewing Vulnerabilities..................33 Viewing Vulnerability Details ................33 Vulnerability Status and Types ................34...
  • Page 5 Deploying a Package ..................51 Deleting a Package ..................52 Updating the Package Cache ................52 Editing a Package ....................52 Creating a Package ..................53 Using the Package Editor ..................53 Including Deployment Options in a Package ............60 Adding File and Directories to a Package .............62 Adding a New Macro to a Package ..............63 Adding a Directory to a Package ..............64 Creating a Drive for a Package ..............65...
  • Page 6 Aborting Deployments ..................86 Disabling Deployments ..................86 Enabling Deployments ..................86 Modifying Deployments ..................87 Deleting Deployments ..................87 Explaining Deployment Deadlines...............87 Using the Deployment Wizard................88 Introduction Page ....................88 Device / Device Groups Selection Page ...............89 To Create a Device Deployment ..............89 To Create a Group Deployment..............90 Package Selection Page ..................91 Associated Vulnerability Analysis................92 Licenses Page ....................93...
  • Page 7 Device Information Tab ................128 Device Information Section ................. 129 Agent Information Section ................130 Group Information Section ................131 Policy Information Section ................132 Device Vulnerabilities ................. 133 Device Inventory ..................134 Device Deployments .................. 135 Working with Devices ..................135 Installing an Agent..................
  • Page 8 Creating a Group ................... 160 Moving a Group ..................... 160 Deleting Groups .................... 162 Editing Groups ....................163 Device Membership.................... 164 Adding or Removing Device Members ............... 165 Enabling or Disabling Devices within a Group............. 167 Mandatory Baseline.................... 167 Viewing a Group Mandatory Baseline ..............170 Vulnerability Status Icons ................
  • Page 9 Report Results Page ..................200 Viewing Reports .................... 201 Working with Reports ..................203 Searching within Reports ................203 Displaying Time and Date in Reports ..............203 Exporting Reports ..................203 Viewing Printable Data in Reports ..............204 Available Reports....................204 Agent Policy Report..................
  • Page 10 Working with Users .................... 229 Creating New Users ..................230 Adding Existing Users..................233 Editing User Profiles ..................236 Removing Users .................... 237 Deleting Users....................237 Changing a User’s Password ................238 Working with User Roles ..................239 Creating User Roles ..................241 Editing User Roles..................
  • Page 11 Concurrent Agent Limit................267 Connection Timeout ................... 267 Command Timeout ..................267 Working With Agent Policy Sets ................268 Viewing Agent Policy Summary Information ............269 Creating a Policy Set ..................270 Editing a Policy Set ..................274 Deleting a Policy Set ..................275 Defining Inventory Collection Options ...............
  • Page 12 Version Information ................... 303 User Interaction During a Deployment .............. 304 Beginning the Deployment ................304 Delaying a Deployment................304 Canceling a Deployment ................305 User Interaction During a Reboot ..............305 Rebooting Immediately................306 Delaying a Reboot ..................306 Canceling the Reboot .................
  • Page 13 Rebooting Immediately................325 Delaying a Reboot ..................326 Canceling the Reboot ................. 326 Patch Management Server Reference Server Security ....................327 Server Error Pages..................... 327 WinInet Error Codes...................328 HTTP Status Codes .................... 329 Device Status Icons ................... 329 Securing Your Patch Management Server Secure Your Server With SSL ................
  • Page 14 Creating a Maintenance Plan ................359 Working With the Distribution Point Distribution Point System Requirements ............... 367 Supported Operating Systems ................. 367 Hardware Requirements ................. 367 Installing the Distribution Point................367 Downloading the Distribution Point..............368 Installing the Distribution Point................ 370 Configuring the Distribution Point.................

  • Page 15: Preface

    REFACE Preface This User Guide is a resource written for all users of ZENworks Patch Management 6.4 SP2. This document defines the concepts and procedures for installing, configuring, implementing, and using ZENworks Patch Management 6.4 SP2. About This Guide This guide contains the following chapters and appendices: •...

  • Page 16: Typographical Conventions

    REFACE Typographical Conventions The following conventions are used throughout Novell documentation to help you identify various information types. Convention Usage bold Buttons, menu items, window and screen objects. bold italics Wizard names, window names, and page names. italics New terms, options, and variables.

  • Page 17: Zenworks Patch Management Overview

    ZENworks Patch Management is a tool to audit the current state of a network and install updates to the various devices within that company’s network. The Patch Management retrieves available vendor patches collected by Novell and bundled with scripts that use an Agent as a detection and installation tool.

  • Page 18: Patch Management Server And Agent Process

    WORKS ATCH ANAGEMENT VERVIEW Patch Management Server and Agent Process The following process map demonstrates how patch information is communicated between the Patch Management Server and the Agent. 1. The Agent scans the host device and compiles information on operating system, software, hardware, and services on that device via the Discover Applicable Updates (DAU) task.

  • Page 19: System Requirements

    NOTE English locale (en-US, en-UK, en-CA, etc.) in its default configuration and is not a domain controller. Prior to installing ZENworks Patch Management 6.4 SP2, you must also install the NOTE Update for Windows Server 2003 (KB925336) available from Microsoft Knowledge Base Article #925336.

  • Page 20: Other Software Requirements

    Microsoft SQL Server (any version) must not be installed unless installed by a previous version of ZENworks Patch Management Supported Database Servers ZENworks Patch Management 6.4 SP2 is supported on the following database servers: • SQL Server 2005 Express Edition with SP2 •...

  • Page 21: Recommended Configuration

    WORKS ATCH ANAGEMENT VERVIEW Recommended Configuration Novell recommends the following hardware and software configurations for ZENworks Patch Management 6.4 SP2: Table 1-1: ZENworks Patch Management 6.4 SP2 Recommended Configuration Number of Nodes < 1,000 < 2,500 < 5,000 < 10,000 >...

  • Page 22: Agent Supported Operating Systems

    - 2003 R2 Microsoft Profession 32/64 bit 32/64 bit Windows al (2) Microsoft All (4) 32/64 bit 32/64 bit Windows Vista(3) Microsoft 32/64 bit 32/64 bit Windows 2008(3) Novell 9 -10 Enterprise 32/64 bit 32/64 bit 1.4.0+ SUSE Linux - 6 -...
  • Page 23 WORKS ATCH ANAGEMENT VERVIEW Process Process Version OS Data or Data Edition Width Family Width Min JRE 2.6 - 10 32/64 bit SPARC/x8 32/64 bit 1.4.0+ Solaris (1) Datacenter edition is not supported. (2) Home, Media Center, and Tablet PC editions are not supported. (3) Windows Vista and Windows 2008 support requires .NET 3.0.

  • Page 24: Agent Supported Languages

    WORKS ATCH ANAGEMENT VERVIEW Agent Supported Languages ZENworks Patch Management Agent 6.4 SP2 is supported on the following languages: • en-AU: English (Australia) • en-BZ: English (Belize) • en-CA: English (Canada) • en-JM: English (Jamaica) • en-NZ: English (New Zealand) •...

  • Page 25: Using Zenworks Patch Management

    WORKS ATCH ANAGEMENT UIDE Using ZENworks Patch Management ZENworks Patch Management monitors and sends patches to workstations and servers across a network. ZENworks Patch Management consists of a Web-based management console providing direct access to system management, configuration, reporting, and deployment options.

  • Page 26: Accessing Zenworks Patch Management

    SING WORKS ATCH ANAGEMENT After the initial vulnerabilities are resolved, a mandatory baseline can be set. This is a user-defined range of required patches for a group of devices. If a device falls out of compliance, applying the mandatory baseline ensures the device is patched back into compliance. User permissions, credentials and roles can be established for all users of the system.

  • Page 27: Logging Out Of Zenworks Patch Managemen

    SING WORKS ATCH ANAGEMENT Logging Out of ZENworks Patch Management In the Navigation Menu, select Log Out. ZENworks Patch Management logs you out of the system and displays the ZENworks Patch Management Server Log Out confirmation page. Figure 2-2: Log Out Menu Item To reconnect to the system, click the here link.

  • Page 28: Defining Browser Conventions

    SING WORKS ATCH ANAGEMENT Defining Browser Conventions ZENworks Patch Management supports the following browser conventions: Table 2-1: Browser Conventions Screen Feature Function Entry Fields Type data in to these fields, which allow the system to retrieve matching criteria or to enter new information. Drop-Down Menus Displays a list to select pre-configuration values.

  • Page 29: Using Filters

    SING WORKS ATCH ANAGEMENT Use the drop down lists to select the parameters you need for your search. Figure 2-4: Search feature for Vulnerabilities example You can save frequently used search settings as your default. The check boxes allow you to save your search and filter criteria.

  • Page 30: Using Tabbed Pages

    SING WORKS ATCH ANAGEMENT In addition to the filter criteria described above, you can select display options for data from the Options drop-down list. The following table describes these options. Table 2-3: Data Display Options Select Save as Default View Save the active search and filter criteria as the default view for the page.The default view displays each time the page is accessed.

  • Page 31: Expanding And Collapsing Folders And Outlines

    SING WORKS ATCH ANAGEMENT Expanding and Collapsing Folders and Outlines ZENworks Patch Management allows you to expand and collapse folders, outlines, and other data sources on the page. The information is refreshed each time it is displayed. Figure 2-6: Expanded Row Option - 15 -...

  • Page 32: Advancing Through Pages

    SING WORKS ATCH ANAGEMENT Advancing Through Pages Each page in ZENworks Patch Management provides page-through options at the bottom of each tabbed page. The amount of items available for display and the specific page you are viewing determines how the options are presented. Figure 2-7: Pagination Feature Table 2-4: Pagination Controls Function...

  • Page 33: Exporting Data

    SING WORKS ATCH ANAGEMENT Access to context sensitive help is available by clicking Help located in the navigation menu. Figure 2-9: Example Help Screen Exporting Data Information presented in ZENworks Patch Management Server can be exported into a comma-separated value (.csv) file. You may elect to save the file in a different file format after opening it from the download option.
  • Page 34 SING WORKS ATCH ANAGEMENT In the File Download dialog box, select from the available options: Open, Save, Cancel. • Open - Creates the file and opens it in your Web browser. From the browser you can save to a variety of file formats including; .csv, .xml, .txt, and numerous spreadsheet applications.

  • Page 35: Viewing The Patch Management Server Home Page

    SING WORKS ATCH ANAGEMENT Viewing the Patch Management Server Home Page The entry point to ZENworks Patch Management is the Home page. From this page, you can view patch management activity and retrieve system status reports. From the Home page, you can access all features of the Patch Management for which you are authorized.

  • Page 36: Using The Navigation Menu

    SING WORKS ATCH ANAGEMENT Using the Navigation Menu The ZENworks Patch Management Server Navigation menu displays product features based on functionality. Use the menu to navigate through the administrative options within the system. You can access all features of the system from this menu. When a menu item is selected, the system opens a series of tabbed folders.

  • Page 37: Viewing Latest News

    SING WORKS ATCH ANAGEMENT Menu Item Descriptions Log Out Disconnects from ZENworks Patch Management ServerS. Certain installations may include additional modules that provide additional functionality such as NOTE enhanced reporting. Once installed, the component is included in the main navigation menu. Viewing Latest News The Latest News area displays important announcements and other information regarding the Patch Management Server.

  • Page 38: Viewing The Documentation Links

    SING WORKS ATCH ANAGEMENT Viewing the Documentation Links The Documentation links provide access to obtaining information about Patch Management Server. The links provide access to help, user documentation, and support regarding your Patch Management Server status. Figure 2-14: Documentation Links The following table provides a description of the Documentation links.

  • Page 39: Viewing The Graph Dashboard

    SING WORKS ATCH ANAGEMENT Viewing the Graph Dashboard The Dashboard consists of graphs providing a current view of activity on the protected network. These graphs are generated based on the latest data available and include all devices, groups, vulnerabilities, and packages. Dashboard Charts The following table describes all of the available charts.

  • Page 40: Dashboard Settings And Behavior Icons

    SING WORKS ATCH ANAGEMENT Dashboard Settings and Behavior Icons Use the following table to define your settings when viewing the graphs dashboard. Table 2-8: Dashboard Settings and Behavior Icons Icon Function Opens the dashboard settings window. Opens a printable version of the currently displayed charts. Refresh all of the displayed charts.

  • Page 41: Adding A Graph To The Dashboard

    SING WORKS ATCH ANAGEMENT Adding a Graph to the Dashboard Click the Dashboard Settings icon. The Dashboard Settings dialog opens. ESULT Figure 2-15: Dashboard Settings Dialog Select check boxes associated with the charts you want to displays. Move the graphs up or down according to your priorities. Select the number of columns for display: Select a one or two column width view from Columns.

  • Page 42: Removing A Graph From The Dashboard

    SING WORKS ATCH ANAGEMENT Removing a Graph from the Dashboard Click the Dashboard Settings icon. The Dashboard Settings drop-down list opens. ESULT Deselect the checkbox next to the graph(s) you want to remove. Click Save Dashboard Settings. Click Save. The graph(s) is removed from the Dashboard window ESULT License Expiration When the balance of licenses for your Patch Management Server expire, the agent...
  • Page 43 Figure 2-16: License Expiration Page If you need to renew licenses or add new licenses, visit NOTE http://www.novell.com/company/contacts-offices/ to contact your Novell Sales representative. - 27 -...
  • Page 44 SING WORKS ATCH ANAGEMENT - 28 -...

  • Page 45: Using Vulnerabilities And Packages

    WORKS ATCH ANAGEMENT UIDE Using Vulnerabilities and Packages The Vulnerabilities page consists of two tabs where the majority of patch management activities are performed. Vulnerabilities list all patch-related security issues across all devices registered to the ZENworks Patch Management Server. Within ZENworks Patch Management Server, a vulnerability consists of: •...

  • Page 46: Defining Vulnerability Structure

    SING ULNERABILITIES AND ACKAGES The Patch Management Agent installed on each device checks for known vulnerabilities using the Discover Applicable Updates (DAU) task. The DAU runs an inventory scan and sends the results back to Patch Management Server, which compares it with the list of known vulnerabilities.

  • Page 47: Signatures

    SING ULNERABILITIES AND ACKAGES Signatures Signatures recognize specific combinations of installed software in an operating system. Vulnerabilities usually contain multiple signatures to compensate for variances within applications. Frequently, a patch will require different executables, dynamic-link libraries, and switches in order to run or detect the patch within different operating systems. Fingerprints A fingerprint can represent a unique file, folder, registry key, or other data value somewhere within a system.

  • Page 48: The Vulnerabilities Page

    SING ULNERABILITIES AND ACKAGES The Vulnerabilities Page Vulnerabilities display in a table which outlines their impact and deployment status. The total number of vulnerabilities displays below the table in the bottom left corner. Figure 3-4: The Vulnerabilities Page To Access The Vulnerabilities Page From the toolbar, select Vulnerabilities.

  • Page 49: Viewing Vulnerabilities

    SING ULNERABILITIES AND ACKAGES Viewing Vulnerabilities View details of a specific vulnerability by selecting the desired vulnerability and clicking the vulnerability name. The Vulnerability Details page represents the results of the vulnerability analysis and displays detailed data regarding the vulnerability. In the Vulnerabilities list, select a vulnerability.

  • Page 50: Vulnerability Status And Types

    Present vulnerabilities residing on Patch Management Server. Tasks System task package. Local Locally created package. Beta Released to the Novell BETA community. The following table includes descriptions of the Vulnerability status icons. Table 3-2: Vulnerability Status Icons and Descriptions Current Beta Status Description Active vulnerability.

  • Page 51: Package Status And Descriptions

    Present vulnerabilities residing on Patch Management Server. Tasks System task package. Local Locally created package. Beta Released to the Novell BETA community. Package Icons and Descriptions The icons and their status are classified as follows: Table 3-4: Package Status Icons and Descriptions Current Tasks...

  • Page 52: Vulnerability Name

    ZENworks Patch Management Server. • Critical - 01 - Novell or the product manufacturer has determined that this patch is critical and should be installed as soon as possible. This patch is older than 30 days and has not been superseded.

  • Page 53: Vulnerability Statistics

    SING ULNERABILITIES AND ACKAGES • Virus Removal - This category contains packages which administrators may use to run various virus detections across their network. Anti-Virus tools and updates are included in this category. Vulnerability Statistics The right-hand side of the vulnerability table contains columns which illustrate current statistics for the devices which have been scanned or will be scanned for that particular vulnerability.

  • Page 54: Working With Vulnerabilities

    SING ULNERABILITIES AND ACKAGES Working with Vulnerabilities There are several tasks in vulnerabilities designed to assist with management and deployment. These are available from buttons located on the Vulnerabilities page. These tasks include: • Deploying Vulnerabilities • Viewing Vulnerabilities • Disabling and Enabling Vulnerabilities •...

  • Page 55: Column Definitions

    SING ULNERABILITIES AND ACKAGES Column Definitions Each tab in the details page displays basic device (agent) information in five columns. The following table includes descriptions of the Vulnerability column definitions. Table 3-7: Vulnerability Column Definitions Name Definition Device Name The name of the device. IP Address The IP address of the device.

  • Page 56: Deploying Vulnerabilities

    SING ULNERABILITIES AND ACKAGES Active Pending Description This agent has been disabled. The agent is offline and is in a Chain status (can accept chained deployments only after reboot). The agent is offline and is in a Reboot status (can accept no more deployments until after it reboots).

  • Page 57: Disabling A Vulnerability

    SING ULNERABILITIES AND ACKAGES Once disabled, the vulnerability may not appear in the Vulnerabilities list based on your filter settings. To include disabled vulnerabilities in the list, select Disabled Vulnerabilities or All in the Status filter. Disabling a Vulnerability In the Vulnerabilities list, select one or multiple vulnerabilities. In the action menu, click Disable.

  • Page 58: Updating The Cache

    SING ULNERABILITIES AND ACKAGES Select Yes, scan the selected device and click Schedule. The Scan Now - Success dialog box appears informing you that the scan ESULT has been scheduled and providing a link to view the scheduled deployment. Figure 3-8: Scan Group Scheduled As with all deployments, although the DAU is scheduled for immediate execution, NOTE it will not actually occur until the next time the agent checks in.

  • Page 59: About Packages

    SING ULNERABILITIES AND ACKAGES About Packages A package is an archive containing the patch software and executable code required to deploy and install a patch. The process of sending a package to a device is called a package deployment. Packages can run tasks, scripts, install software applications, send files to a specified location, and change the configuration of an application or service.

  • Page 60: Using The Packages Tab

    Description Package Name Title of the package. Origin Point of origin of the package. An origin of Novell or System refers to packages created by Novell. Status The current status of the package, stating if the package is enabled and ready to be requested from the Global Subscription Server.
  • Page 61 License Information If available, presents a link to detailed license information. Description Narrative description of the distribution package. Also includes links to any relevant Novell knowledge base articles. Version The package version. Total Directories in The number of directories contained in the package.
  • Page 62 SING ULNERABILITIES AND ACKAGES Status Description Number of Command-line The number of command-line scripts contained in the Scripts package. Number of Dependencies The number of dependencies associated with the distribution package. Total Idle Deployments The number of idle deployments. Total Running The number of running deployments.

  • Page 63: Package Information Tab

    SING ULNERABILITIES AND ACKAGES Package Information Tab Access similar information in the Package Details page by clicking the package name and selecting the Information tab. Figure 3-11: Package Details - Package Information Tab Table 3-10: Package Information Definitions Status Description Package Information Package Name Title of the package...
  • Page 64 If available, presents a link to detailed package information. This might be an article or other resource from a third-party. Description Narrative description of the distribution package. Also includes links to any relevant Novell knowledge base articles. Version The package version. Created On The date and time the package was created.

  • Page 65: Package Statuses And Types

    Table 3-11: Package Status and Description Status Description Downloaded from the Global Subscription Server since the last session. Current Present vulnerabilities residing on Patch Management Server. Tasks System task package. Local Locally created package. Beta Released to the Novell BETA community. - 49 -...

  • Page 66: Package Icons And Descriptions

    SING ULNERABILITIES AND ACKAGES Package Icons and Descriptions The icons and their status are classified as follows: Table 3-12: Package Status Icons and Descriptions Current Tasks Local Description The package is not cached. The package has been scheduled to be cached or is in the process of being cached.

  • Page 67: Searching, Filtering, And Saving Views

    SING ULNERABILITIES AND ACKAGES Searching, Filtering, and Saving Views ZENworks Patch Management offers options that allow you to search for specific items and filter result sets. Searching and filtering can be performed independent of each other or can be combined to provide drill-down capabilities. Search and filter settings can be saved as the default view displayed on subsequent visits to the page.

  • Page 68: Deleting A Package

    Deleting a package removes the package from the list of available packages and all records of the package from the database (system-task packages cannot be removed). Package metadata for Novell-provided packages that are deleted will be re-downloaded NOTE from the Global Subscription Server. However, the package will not be cached unless it is associated with a critical vulnerability or included in a deployment.

  • Page 69: Creating A Package

    SING ULNERABILITIES AND ACKAGES Make the desired edits and click OK. Refer to the Creating a Package on page 53 for details on changing packages through the Package Editor Wizard. Creating a Package Complete the following steps to create a package. In the Packages list, click Create.
  • Page 70 SING ULNERABILITIES AND ACKAGES In the Package Editor, type the name, description (optional), and an Informational URL (optional). • Name - A name or title for the package. Ensure package names are descriptive and short. Packages of the same name are permitted and names can be changed later. •...
  • Page 71 SING ULNERABILITIES AND ACKAGES Click Next. In the Add Files page, include any files to be included in the package. Figure 3-15: Package Editor - Add Files Refer to Adding File and Directories to a Package on page 62 for additional details regarding adding files to a package.
  • Page 72 SING ULNERABILITIES AND ACKAGES In the Create Scripts page, add a script to run on the target device during the deployment process, if needed. Figure 3-16: Package Editor - Create Script Refer to Creating Scripts for a Package on page 67 for additional details regarding Package scripts.
  • Page 73 SING ULNERABILITIES AND ACKAGES Click Next. In the License Agreement page, select the License Agreement check box and enter the appropriate URL in the destination address of the License URL field. Figure 3-18: Package Editor - License URL The License Agreement page allows you to enter in an optional License URL, which can link to licensing information for the contents of the package.
  • Page 74 SING ULNERABILITIES AND ACKAGES In the Summary page, review the summary of the package to be deployed. Figure 3-19: Package Editor - Summary Selecting the Make this package available for rollout check box enables the NOTE package to display in the list of available packages. You may wish to deselect this option if you are creating a package that will have additional files or details added at a later date or do not want to deploy the package at this time.
  • Page 75 SING ULNERABILITIES AND ACKAGES Click Finish. The page refreshes and the Package page opens with the custom ESULT package. Figure 3-20: Package Editor - Upload Summary ESULT - 59 -...

  • Page 76: Including Deployment Options In A Package

    SING ULNERABILITIES AND ACKAGES Upon refreshing of the Packages page, you can view the package by the name you gave it, and view the operating systems that you chose to deploy to during the patch building process. Figure 3-21: Packages Page - Custom Package Including Deployment Options in a Package The following tags indicate a manual installation of the patch is required.
  • Page 77 SING ULNERABILITIES AND ACKAGES Display Select Description (flag behavior) Flag Flag Do not back up files for uninstall. Do not restart the computer when the installation is done. Use quiet Mode, no user interaction is required. Use unattended Setup mode. -dmu Install in multi-user mode (UNIX, Linux only).

  • Page 78: Adding File And Directories To A Package

    SING ULNERABILITIES AND ACKAGES Display Select Description (flag behavior) Flag Flag Reboot may occur. applicable Reboot is required, and may occur. applicable Adding File and Directories to a Package Files and directories can be added to the package by right-clicking the Package Content window, and selecting one of the following options: •...

  • Page 79: Adding A New Macro To A Package

    SING ULNERABILITIES AND ACKAGES • File Properties for a Package on page 67 Figure 3-22: Package Content Adding a New Macro to a Package Macros access existing system directories. A macro can be either an environment variable, as defined by the operating system, or a macro that only the Agent can expand. The following pre-defined macros are available under the New Macro menu: Not all macros are available on all operating systems.

  • Page 80: Adding A Directory To A Package

    SING ULNERABILITIES AND ACKAGES • %COMMON FILES% - The operating system common files location. Typically expands to Right-click inside the Target Computer window. The Add pop-up window opens. ESULT Select Create Macro and the macro required for the package. The selected macro displays in the Target Computer window. ESULT Figure 3-23: Macro Menu Click Next to continue with the Package Editor.

  • Page 81: Creating A Drive For A Package

    SING ULNERABILITIES AND ACKAGES Creating a Drive for a Package Use the New Drive option to deploy a package to a drive other than the C:\ or %TEMP% drives. Right-click inside the Target Computer window. Select Create Drive from the pop-up menu. The Create Drive window opens.

  • Page 82: Deleting A File From A Package

    SING ULNERABILITIES AND ACKAGES Select Add File. The Open window opens. ESULT Select the file to add to the directory, folder, or macro. Click Open. The file is added to the directory, folder, or macro. ESULT Click Next to continue with the Package Editor. Deleting a File from a Package Deletes the selected directory or file.

  • Page 83: File Properties For A Package

    SING ULNERABILITIES AND ACKAGES File Properties for a Package Brings up the properties page for the selected item. Only available when you right click on a file that has previously been added to the Target Computer window. Figure 3-25: Properties In the Target Computer directory tree, select the directory where the file is located.
  • Page 84 SING ULNERABILITIES AND ACKAGES The following scripts are listed by the order in which they execute within the package: Pre-Script - Used to test for a machine condition or shutdown a service. For example you can stop the package rollout in the pre-script by using the SetReturnCode in the PLCCAgent script object.

  • Page 85: Working With Deployments

    WORKS ATCH ANAGEMENT UIDE Working With Deployments A Deployment initiates the downloading of a patch by the agent to a device for installation. It is the instruction set for a package that supplies the agent the rules and conditions for deployment.

  • Page 86: Viewing All Deployments

    ORKING EPLOYMENTS Viewing All Deployments Select the Deployments tab. The Deployments page opens. ESULT Figure 4-1: Deployments Page Select the desired filter criteria. Click Update View. Click the expand icon to view the Deployment details. Viewing Deployments within Devices Select the Devices tab. Select your filter options.

  • Page 87: Viewing Deployments Within Groups

    ORKING EPLOYMENTS Select the Deployments tab. The Device Deployments page opens. ESULT Figure 4-2: Device Deployments Tab Select the desired deployment, and click the expand icon. The deployment details display. ESULT Figure 4-3: Device Deployments Tab Expanded Viewing Deployments within Groups The Groups page displays the deployments assigned to the selected group.

  • Page 88: Deployment Types

    ORKING EPLOYMENTS Select a group from the directory tree. The selected group is highlighted and displays the assigned deployments. ESULT Figure 4-4: Group Deployments Deployment Types Deployments are created through the Vulnerabilities, Packages, Devices, Deployments, or Groups pages. On each page, the Deploy command is presented in the Action menu. A different deployment type, Mandatory Baseline, is created by establishing a mandatory baseline for a device group.

  • Page 89: Package-Based Deployments

    ORKING EPLOYMENTS Package-based Deployments A package contains all vendor-supplied updates and executable code used to correct or patch security issues for the target devices. The majority of packages are part of specific vulnerabilities, and are deployed to multiple devices within the network. See About Packages on page 43 for more information.

  • Page 90: Reboot And Chained State

    ORKING EPLOYMENTS Reboot and Chained State The reboot and chained states are the result of a device not performing the required reboot following a deployment. Table 4-1: Reboot and Chained State State Description Reboot State Indicates that the device received a standard deployment requiring a reboot, yet the reboot was suppressed.

  • Page 91: Using The Deployment Pages

    ORKING EPLOYMENTS Using the Deployment Pages Deployments can be viewed on the Deployments page. The main page displays each Deployment Job and the individual deployments assigned to it. With a deployment job, you can schedule multiple deployments with separate instructions. With deployment jobs, you are able to edit and delete individual deployments without having to delete the entire deployment job.

  • Page 92: Deployment Status And Type

    ORKING EPLOYMENTS Column Description Scheduled Date The date the deployment was scheduled to occur. Deployment Statistics Refer to Deployment Statistics on page 77 for details regarding the Deployment Statistics icons. Deployments also can be viewed based on an association to a specific package, or by association to a group or individual device.

  • Page 93: Deployment Statistics

    ORKING EPLOYMENTS Status Description System Task A deployment that contains a system task package. Mandatory Baseline A deployment is created through the mandatory baseline for a group. This deployment is automatically created and managed through the mandatory baseline process. Deployment Statistics The right-hand side of the deployment entry contains columns which illustrate the current result statistics for the deployment by package.

  • Page 94: Deployment Details Summary

    ORKING EPLOYMENTS Icon Icon Name Definition Number of Devices Total number of devices or groups that finished That Have the deployment. Completed the Deployment The Percentage of Percentage of the devices or groups that Completed Devices finished the deployment. = [Total Finished devices / Total Assigned devices] All group deployments will initially show only the number of groups included within that deployment.

  • Page 95: Working With Deployments

    ORKING EPLOYMENTS Field Description Deploy Manner The manner in which this deployment occurred. Options include: Sequential, Parallel, or Distribute to # of devices at a time. Schedule Type The frequency of the deployment. Options include: Recurring, or One time. Start Date The date and time this deployment was started.

  • Page 96: Deployments Page

    ORKING EPLOYMENTS Deployments Page The Deployments page illustrates the overall information about all deployment jobs and their associated deployments. This page includes information regarding the assigned devices and groups and the status of the deployment for each. Figure 4-7: Deployments Page The following functions can be performed from the Deployments page: Table 4-7: Deployment Functions Menu Item...

  • Page 97: Viewing The Deployment Details

    ORKING EPLOYMENTS Menu Item Function Deploy Re-deploys the selected packages. Export The Export button allows you to export subscription data to a comma separated value (.csv) file. Viewing the Deployment Details To open the Deployment Details page, click the deployment name link within any Deployments view.

  • Page 98: Viewing Deployment Details By Device

    ORKING EPLOYMENTS Column Description Last Run Complete Date The Date/Time the deployment completed. Next Run Date The next scheduled start Date/Time for this deployment. The following page functions are available on the Deployment Details page: Table 4-9: Deployment Details Page Functions Button Function Enable...

  • Page 99: Viewing Deployment Details By Device Group

    ORKING EPLOYMENTS Viewing Deployment Details by Device Group Another view of deployments is available through the Groups page. This view displays the deployments that the selected group has been assigned. This view is the same as the Deployment Summary view, but displays only deployments for the selected group. Figure 4-9: Deployments Page - Groups The following functions are available on the Group Deployments page.

  • Page 100: Viewing Deployment Results

    ORKING EPLOYMENTS Menu Item Function Deploy Re-deploys the selected packages. Export The Export button allows you to export subscription data to a comma separated value (.csv) file. Viewing Deployment Results Once the deployment has been performed, the specific results of the deployment for that device can be displayed by clicking on the status text (of the Last Run Status column).

  • Page 101: Explaining Deployment Distribution Order

    ORKING EPLOYMENTS Field Description Next Run Date Displays the date when the device is to perform the deployment again, if the deployment is recurring. Last Run Date Displays the status of the last time the device performed the deployment. Last Run Start Date Displays the date when the device last started the deployment.

  • Page 102: Aborting Deployments

    ORKING EPLOYMENTS Aborting Deployments Aborting a deployment will cancel the deployment for any devices which have not already received the deployment. The devices that have already received the deployment will not be affected, only the NOTE devices which have not yet received the deployment will have the deployment aborted. Select the deployment you wish to abort.

  • Page 103: Modifying Deployments

    ORKING EPLOYMENTS Modifying Deployments Modifying a deployment will launch the Deployment Wizard, allowing you to make modifications as needed. System Task Packages are automatically assigned to devices, so removing a device from NOTE a deployment of a System Task Package will have no effect (the device will be re-assigned to the deployment by the ZENworks Patch Management Server).

  • Page 104: Using The Deployment Wizard

    ORKING EPLOYMENTS Using the Deployment Wizard The Deployment Wizard provides an interface to create or edit deployment schedules for multiple recipients and multiple packages. The wizard assists in device selection, scheduling the deployment, and if needed, setting recurrences. The following table describes the scenarios for a deployment. These options are selected prior to starting the Deployment Wizard.

  • Page 105: Device / Device Groups Selection Page

    ORKING EPLOYMENTS Device / Device Groups Selection Page The Available Devices/Groups page of the Deployment Wizard allows for selecting devices and groups to receive a deployment. Figure 4-11: Deployment Wizard - Available Devices/Groups Selection Page When first opened, this page displays the devices grouped by operating system, and the groups in a directory tree format by user groups, system groups, or directory service groups.

  • Page 106: To Create A Group Deployment

    ORKING EPLOYMENTS To Create a Group Deployment From the Available Groups directory tree, select the group or groups requiring the deployment. The Available Groups directory tree allows for selecting single groups, multiple groups, and group hierarchies (groups cascading down from a parent). This method enables you to select multiple groups for a deployment at the same time without having to create individual deployments for each individual group.

  • Page 107: Package Selection Page

    ORKING EPLOYMENTS Package Selection Page The Packages Selection page of the Deployment Wizard allows you to select the packages to be deployed. This page displays the packages, grouped by manufacturer, that apply to the devices selected on the Devices/Device Groups Selection page. Select the vendor required for the deployment.

  • Page 108: Associated Vulnerability Analysis

    ORKING EPLOYMENTS Associated Vulnerability Analysis The Associated Vulnerability Analysis page of the Deployment Wizard allows you to view the devices associated with this package and whether their status is Patched, Not-Patched, or Not-Applicable in relation to the selected package. Figure 4-13: Deployment Wizard - Associated Vulnerability Analysis Page The Results column of the resulting grid, will display either Patched, Not-Patched or N/A dependent upon the devices patch status.

  • Page 109: Licenses Page

    ORKING EPLOYMENTS Licenses Page The Licenses page of the Deployment Wizard displays the end user license agreements associated with the vendor packages. Any license agreements displayed on the page must be agreed to prior to continuing the deployment. Figure 4-14: Deployment Wizard - Licenses Page Review the agreement.

  • Page 110: Deployment Options Page

    ORKING EPLOYMENTS Deployment Options Page The Deployment Options page of the Deployment Wizard, allows you to set the deployment Job Name, Start Time, Manner, and add Notes. Figure 4-15: Deployment Wizard - Deployment Options Page When deploying to an agent at its UTC time, if the agent’s time zone is before the server’s NOTE time zone, the local time of the server will be read, resulting in a possible later deployment to that agent.
  • Page 111 ORKING EPLOYMENTS Table 4-14: Deployment Options Fields Field Description Job Name The display name of the deployment job. (Note: This field must not be blank.) Task Name The editable display name of the deployment task. The {Package Name} variable will be replaced with the name of the Package included in the task.

  • Page 112: Schedule Configuration Page

    ORKING EPLOYMENTS Schedule Configuration Page The Schedule Configuration page of the Deployment Wizard, allows you to define whether a deployment is one-time or recurring, and the appropriate options for each. Figure 4-16: Deployment Wizard - Schedule Configuration Page To Schedule a One Time Deployment To navigate to the Deployment Wizard Schedule Configuration page, from the Deployment Wizard Deployment Options page, click the Change button located in the Start Time option.

  • Page 113: To Schedule A Recurring Deployment

    ORKING EPLOYMENTS Select AM or PM using the drop-down list. Click Next. ESULT The changes are saved and the Deployment Options page opens. To Schedule a Recurring Deployment A recurring schedule will start deployments on the selected day at the selected time and repeat the deployment every day, week, or month and if defined, end on a specific date.
  • Page 114 ORKING EPLOYMENTS To Set Up a Daily Recurring Deployment Select Recurring. In the Occurs field, select Daily. The Deployment Wizard displays the Daily Deployment Options field. ESULT Figure 4-18: Daily Option From the Daily Every X Days drop down list, select the frequency. The valid options are: 1 through 365.
  • Page 115 ORKING EPLOYMENTS In the Occurs field, select Monthly. The Deployment Wizard displays the Monthly Deployment Options ESULT fields. Figure 4-20: Monthly Options Select the frequency of the deployment: • Day X of every X month(s) - allows the deployment to be scheduled on a specific date every X months.

  • Page 116: Selecting The Deployment Start And End Functions

    ORKING EPLOYMENTS Selecting the Deployment Start and End Functions The frequency fields allow for specific date and time deployments. Review the table to determine scheduling needs. Table 4-15: Deployment Start and End Functions Select 12 hour, 24 hour Set the schedule to either a standard 12 hour format or a military 24 hour format.

  • Page 117: Package Deployment Order And Behavior Page

    ORKING EPLOYMENTS Package Deployment Order and Behavior Page The Package Deployment Order and Behavior page of the Deployment Wizard, allows you to set the order and behavior for the individual package deployments. Figure 4-22: Deployment Wizard - Package Deployment Order and Behavior Page The following tasks can be completed while using the Package Deployment Order and Behavior page.
  • Page 118 ORKING EPLOYMENTS Icon Action Use To Selected Options View the behavior of each package. For additional information refer to Behavior Icon Definitions on page 103.. Reboot View the reboot settings of each package. For additional information refer to Reboot Icon Definitions on page 105..

  • Page 119: Behavior Icon Definitions

    ORKING EPLOYMENTS Behavior Icon Definitions The following table describes the deployment behavior icons and their descriptions: Table 4-17: Behavior Icon Definitions Icon Action Use to Uninstall Uninstall the packages. Force Shutdown Force all applications to close if the package causes a reboot. Do Not Backup Do not backup files for uninstall.
  • Page 120 ORKING EPLOYMENTS Icon Action Use to Download Only Distribute the package without running the package installation script. Suppress Notification Suppress any user notifications during installation. Debug Mode Run the package installation in debug mode. Do Not Repair Suppress the repair of file name permissions Permissions after the reboot.

  • Page 121: Reboot Icon Definitions

    ORKING EPLOYMENTS Reboot Icon Definitions The following table describes the Reboot icons and their descriptions: Table 4-18: Reboot Icon Definitions Icon Name Reboot Status Reboot may occur The device may be rebooted, dependent upon the package installer requirements (at the time of install).

  • Page 122: Package Deployment Behavior Options Page

    ORKING EPLOYMENTS Package Deployment Behavior Options Page The Package Deployment Behavior Options page of the Deployment Wizard, allows you to set the behavior options for each of the packages associated with this deployment. The Package Options are active or inactive, depending on the patch selected. Figure 4-23: Behavior Options Modification of a package’s behavior options will cause the package order to be NOTE...

  • Page 123: Modifying Behavior Options

    ORKING EPLOYMENTS Modifying Behavior Options To modify the package behavior options. In the Behavior Options page, review the pre-selected options. Not all packages support all of the available behavior options. NOTE Select or deselect the checkbox next to the option to enable or disable the behavior. Click Next.
  • Page 124 ORKING EPLOYMENTS Icon Action Use to Chain Packages Set the package as chainable (package must support chaining) Suppress Chained Suppress the reboot, allowing other chained Reboot packages to be sent following this package. When creating multiple deployment jobs, this option is recommended. Repair File Repair file permissions following the package Permissions...

  • Page 125: Optional Package Flags

    ORKING EPLOYMENTS Icon Action Use to Do Not Reconfigure Do not perform the system reconfigure task following deployment. When using a chained deployment, reboots are suppressed whenever possible. The final NOTE deployment is represented as May Reboot because Patch Management Server determines if the agent is in a dirty state.
  • Page 126 ORKING EPLOYMENTS Display Select Description (flag behavior) Flag Flag Reconfigure after installation (UNIX, Linux only). -dreconfi -reconfig Do not reconfigure after installation (UNIX, Linux only). -dnorecon -noreconf This package is chainable and will run Qchain.exe (Windows) or (UNIX/Linux). Suppress the final chained reboot. Repair permissions.

  • Page 127: Package Display Options

    ORKING EPLOYMENTS Package Display Options Table 4-21: Package Display Options Option Description Notes Displays the expected deployment behavior. Description Displays the package description Click Save to save the changes and return to the Package Deployment Order and Behavior page. - 111 -...

  • Page 128: Notification Options Page

    ORKING EPLOYMENTS Notification Options Page The Notification Options page of the Deployment Wizard, allows you to define whether users will receive notification of these deployments and/or reboots, and if so, what the notification will contain. When an agent is installed on a server where multiple users are logged in simultaneously, NOTE the deployment manager will provide each logged in user with the ability to snooze or reject the deployment and/or reboot if snooze or reject is enabled.

  • Page 129: Deployment Permissions

    ORKING EPLOYMENTS Allows you to determine what the deice users can do once they receive a deployment. Table 4-22: Use Policies - Deployment Option When Used Use Policies The defined Agent Policies for each agent will be used. Selection of this option disables all other deployment notification options.
  • Page 130 ORKING EPLOYMENTS Option Use To Notification on Top Define if the Desktop Deployment Manager will display on top of all other applications. Deadline Offset Allows you to set a custom deadline offset, or custom deadline date for the deployment. • From Deployment Start - Sets the deployment deadline to be X Minutes, Hours, or Days from deployment start date/time.

  • Page 131: Reboot Notification Options

    ORKING EPLOYMENTS Reboot Notification Options Allows you to determine what the device users can do once they receive a reboot notification. When a deployment does not require a reboot, the following Reboot Notification Options NOTE are disabled. Table 4-24: Use Policies - Reboot Option When Used Use Policies...

  • Page 132: Deployment Confirmation Page

    ORKING EPLOYMENTS Deployment Confirmation Page The Deployment Confirmation page of the Deployment Wizard displays a summary of the options selected for this deployment. This information is provided for your verification prior to creating the deployment. Figure 4-25: Deployment Confirmation Page Deployment Confirmation Summary Lists the parameters of the deployment defined in the Deployment and Notification Options.

  • Page 133: Selected Packages

    ORKING EPLOYMENTS Summary Item Description Manner Whether these deployments are Sequential or Parallel, and if Sequential, how many deployments will be distributed at once. Deployment Notification Whether or not the users will receive a deployment notification (as defined under the Notification Options page).

  • Page 134: Associated Vulnerability Analysis Page

    ORKING EPLOYMENTS Column Description Reboot Displays the reboot settings of each package defined in the Package Deployment Behavior Options page. Devices / Groups Displays the number of selected devices and/or groups applicable to each package. Click Finish to create the deployments and proceed to the Deployments Summary page. Associated Vulnerability Analysis Page The Associated Vulnerability Analysis page of the Deployment Wizard allows you to view the devices targeted for the deployment, and if they are patched for the selected...

  • Page 135: Deployment Summary Page

    ORKING EPLOYMENTS The following table describes the fields and their descriptions. Table 4-27: Associated Vulnerability Analysis Fields Name Description Name Name of device receiving the deployment. Platform Info Applicable Operating Systems. Results Displays either Yes or N/A depending on whether the selected package applies to that particular device.

  • Page 136: Selected Packages

    ORKING EPLOYMENTS The Deployment Summary lists all the parameters associated with the deployment. Table 4-28: Deployment Summary Items Summary Item Description Job Name The name given the deployments defined in the Deployment Options page. Schedule The schedule for the deployments defined in the Deployment Options page.
  • Page 137 ORKING EPLOYMENTS Column Description Selected Options Displays the behavior of each package defined in the Package Deployment Behavior Options page. Reboot Displays the reboot settings of each package defined in the Package Deployment Behavior Options page. Devices / Groups Displays the number of selected devices and/or groups applicable to each package.
  • Page 138 ORKING EPLOYMENTS - 122 -...

  • Page 139: Using Devices And Inventory

    WORKS ATCH ANAGEMENT UIDE Using Devices and Inventory The Devices page contains a listing of all devices that have an agent registered to the Patch Management Server. From this list of devices, you can access the device details. The device details include device specific information such as associated vulnerabilities, inventory information, and deployment history.

  • Page 140: Using The Devices Page

    SING EVICES AND NVENTORY Click Update View. The Devices page displays the devices which match the selected filter ESULT options. To view all devices, select the Include Child Groups checkbox. NOTE Using the Devices Page To display additional information about the device, click on the name of the actual device. Figure 5-2: Devices page - 124 -...
  • Page 141 SING EVICES AND NVENTORY The following table describes the fields within the Devices page. Table 5-1: Devices page columns Column Description Device Name The name of the device as extracted from system data and inventory. Selecting the device name displays the Device Details page.

  • Page 142: Device Status Icons

    SING EVICES AND NVENTORY Menu Item Description Scan Now Prompts the Discover Applicable Updates task to check the device. For additional information refer to Using the Scan Now Feature on page 41. Reboot Now Prompts the selected device to reboot. For additional information refer to Rebooting Devices on page 139.
  • Page 143 SING EVICES AND NVENTORY Active Pending Description The agent is in a Reboot status (the agent can accept no more deployments until after it reboots). The agent is in a Chain status (the agent can accept chained deployments only until after a reboot) and is sleeping due to its Hours of Operation settings.

  • Page 144: Using The Details By Device Page

    SING EVICES AND NVENTORY Using the Details by Device Page To display additional information about a device click on the name of the device. The Device Details page provides device specific information, associated vulnerabilities, inventory information, and deployment history. The tabs access specific details about the endpoint. Figure 5-3: Endpoint Details page Device Information Tab The Device Information tab displays important information about the device.
  • Page 145 SING EVICES AND NVENTORY The following table describes the Action Menu items available in the Device Information window. Table 5-4: Action Menu Menu Item Description Export Retrieves all device information and allows for saving to a .CSV file. For additional information refer to Exporting Data on page 17.
  • Page 146 SING EVICES AND NVENTORY Field Description OS Build Number The build number of the operating system running on the device. IP Address The IP Address of the device. Agent Information Section The Agent Information section displays the following agent data: Figure 5-5: Agent Information Table 5-6: Agent Information Field Descriptions Field...
  • Page 147 Indicates if there are applicable deployments available for this device. Added By The ZENworks Patch Management user who added the device to the group. System created groups indicate Novell Corp. in this field. Added On The date and time that the device was added to the group.
  • Page 148 SING EVICES AND NVENTORY Policy Information Section The Device Policy Information section displays the policies used by the device during a deployment. These policies are the results of applying each of the policies defined by the device’s group membership (applying the conflict resolution rules when applicable) and filling in any undefined policies from the Global Policy.
  • Page 149 SING EVICES AND NVENTORY Device Vulnerabilities The Device Vulnerabilities tab displays vulnerability information associated with the selected device. The page displays the same information as is presented in the Vulnerabilities page. Figure 5-8: Device Vulnerabilities The following table describes the Action menu functions used in the Device Vulnerabilities page: Table 5-9: Devices action menu Menu Item...
  • Page 150 SING EVICES AND NVENTORY Device Inventory The Inventory tab displays the inventory information for the selected device. The page displays the same information as is presented in the Inventory page. For details on using this page, see About Inventory on page 140. Figure 5-9: Device Inventory The following table describes the Action menu functions used in the Inventory page.
  • Page 151 SING EVICES AND NVENTORY Device Deployments The Device Deployments page displays all of the deployments that the device has been associated with or assigned. The page displays the same information as is presented in the Deployments section in the Vulnerabilities page. Figure 5-10: Device Deployments The following table describes the Action menu functions used in the Device Deployment page.

  • Page 152: Installing An Agent

    SING EVICES AND NVENTORY Installing an Agent Click Install to display the list of agent installers that can be used to register devices to Patch Management Server. When launching the Agent Installers dialog box, the behavior is the same whether a device is selected or not. Refer to the ZENworks Patch Management Server 6.4 SP2 Agent Install Guide for complete instructions regarding the installation of...
  • Page 153 SING EVICES AND NVENTORY Viewing Device Details View details of a specific device by selecting the desired device and clicking the device name. The Device Details page is described in Using the Details by Device Page on page 128. Figure 5-12: Device Details page - 137 -...

  • Page 154: Deleting A Device

    SING EVICES AND NVENTORY Disabling a Device Disabling a device releases the agent license used by the agent installed on the device and makes it available to the system. Once disabled, the agent on the device ceases communication with Patch Management Server and is no longer included in the patch management activities of the Patch Management Server.
  • Page 155 SING EVICES AND NVENTORY Deploying a Vulnerability Deploying a vulnerability to selected devices is a key function of the Patch Management Server. Deployments are initiated by clicking Deploy. For additional information refer to Using the Deployment Wizard on page 88. The Deploy command is not exclusive to a selected device and results in the same action NOTE whether selected from the Devices or Vulnerabilities page.
  • Page 156 SING EVICES AND NVENTORY In the Reboot Device Warning dialog box, click OK. The Reboot Now window opens. ESULT Figure 5-14: Reboot Now Confirm the reboot, and select Yes, Reboot the selected device. Click Reboot. The system schedules the reboot and the Reboot Success window ESULT opens.
  • Page 157 SING EVICES AND NVENTORY In addition to viewing the list of inventory items, the inventory results can be exported to a file (.csv). Inventory information is also available at the device and group level. Patch Management Server only captures inventory data for devices that have the Patch NOTE Management Agent installed.
  • Page 158 SING EVICES AND NVENTORY The following table describes the Action Menu functions used in the Inventory page. Table 5-12: Action Menu Menu Item Description Export Retrieves all device information and allows for saving to a .csv file. For additional information refer to Exporting Data on page 17.

  • Page 159: Scanning Inventory

    There is no automated distribution method for custom inventory. Each agent must have a local file named CustomInventory.xml in <Program Files>\Novell\ZENworks Patch Management Agent (for Windows Agents) or patchagent/update (for Linux/Unix/Mac Agents). - 143 -...

  • Page 160: Guidelines For Microsoft Windows Based Operating Systems

    <item class=”User Defined” name=”Example Name” type =”Literal”>ZENworks Patch Management 6.4 SP2 Custom Inventory</item> Returns: “Example Name = ZENworks Patch Management 6.4 SP2 Custom Inventory” Registry Allows the user to retrieve the registry key value. The string added will be of the form “name = value” where name is the tag name and value is the value stored under the identified registry key.
  • Page 161 SING EVICES AND NVENTORY Example XML (This example will return the value of the defined environment variable): <item name=”Environment Example” Class=”User Defined” type =”Environment”>%PROCESSOR_ARCHITECTURE%</item> Returns: “Environment Example = i386” Windows Management Instrumentation (WMI) allows the user to use scripting to use the WMI component, and tends to focus on operating system settings.
  • Page 162 SING EVICES AND NVENTORY Returns: “Line 1 = This is line one” “Line 2 = This is line two” XML_File Allows the user to retrieve text data from a file. An external XML file will be referenced. The XML file structure must be defined by the XPath string.

  • Page 163: Guidelines For Linux/Unix/Mac Based Operating Systems

    <item class=”User Defined” name=”Example Name” type =”Literal”>ZENworks Patch Management 6.4 SP2 Custom Inventory</item> Returns: “Example Name = ZENworks Patch Management 6.4 SP2 Custom Inventory” Dynamic Allows the user to search using a script. The string added will be of the form “name = value” where name is the tag name, and value is the result of the script.
  • Page 164 SING EVICES AND NVENTORY <EnvValue><![CDATA[/usr/local]]></EnvValue></env></envs><!-- Script --> <content><![CDATA[echo -n ‘du -ks /usr/local/work/PatchLink \(in kb\)]]> </content></command></item> Returns: “ZENworks Patch Management Disk Usage = 18.1 (in kb)”d An example XML file, using valid Linux/Unix/Mac/Netware inventory options, is provided below: <?xml version="1.0" encoding="UTF-8"?><!-- <!DOCTYPE customInventory SYSTEM "/home/user/testcode/custominventory.dtd"...

  • Page 165: Using Groups

    WORKS ATCH ANAGEMENT UIDE Using Groups A group is a collection of devices organized for managing activities within ZENworks Patch Management Server and contains a listing of all groups registered to it. Within the ZENworks Patch Management Server, groups are organized into nested groups. These related groups, called parent and child groups, allow you to maintain your ZENworks Patch Management Server with minimum maintenance.
  • Page 166 SING ROUPS The Groups page is available by selecting Groups in the main navigation menu. Figure 6-1: Groups Page To View Groups The following procedure shows how to display a group. Select Groups. The Groups main page displays in the window. ESULT Select a group type from the directory tree.
  • Page 167 SING ROUPS In the Group Browser search field, type your search criteria. The results for your search appear below the Group Browser field as you ESULT type. Click the desired Group link. Information for the selected group appears on the Groups page. ESULT Groups and the Directory Tree You can view the list of groups using the directory tree.

  • Page 168: Defining Groups

    SING ROUPS Defining Groups Groups can be categorized into the following classifications: Table 6-1: Group Definitions Icon Group Type Definition Parent System Groups Devices identified in your network are automatically assigned a group membership based on their operating system, Active Directory membership, or IP System Groups Address.
  • Page 169 SING ROUPS Group Information The Information view displays general group-related information concerning the group's membership, hierarchy, policies, roles, mandatory baselines, and other settings. Figure 6-2: Group Information The following table describes the button functions in the Information view. Table 6-2: Group Information Button Action Description Export...

  • Page 170: Group Information Settings

    SING ROUPS Group Information Settings Group Information, a section within the Groups page Information view, lists the following data: Table 6-3: Group Information Settings Field Description Name The name of the group. Distinguished Name System-created name based upon the group’s parent hierarchy.

  • Page 171: Assigned Email Notification Addresses

    SING ROUPS Field Description Policy Inheritance When set to True, policy sets are inherited from the group’s parent. Policy Enabled When set to True, policy sets can be assigned to the group. Assigned Email Notification Addresses Assigned Email Notification Addresses, a section within the Information view, lists the following data: Notification Address The e-mail addresses that will receive group specific notifications.

  • Page 172: Assigned Mandatory Baseline Items

    SING ROUPS Assigned Mandatory Baseline Items The Assigned Mandatory Baseline Items list the vulnerabilities defined in the group’s mandatory baseline. Table 6-5: Assigned Mandatory Baseline Items Field Description Name The name of the vulnerability. Impact The vulnerability impact. OS List The list of applicable operating systems The Mandatory Baseline items shown in Assigned Mandatory Baseline Items are only NOTE...

  • Page 173: Assigned Roles

    SING ROUPS Resultant Policy Information Resultant Policy Information, a section in the Information view, displays the results of the assigned or inherited policy sets and provides the following data: Table 6-7: Resultant Policy Information Field Description Name The name of the policy. Value Indicates the policy value.

  • Page 174: Group Membership

    SING ROUPS Group Membership The Group Membership view allows the user to see the group’s direct child groups. The number of direct child groups display in the window. Figure 6-3: Group Membership - 158 -...
  • Page 175 SING ROUPS The Group Membership view displays the following group details. Table 6-9: Group Membership View Field Description Action Contains Edit this Group and Delete this Group icons. Use these icons to edit of delete the associated group. Type (Monitor Icon) Displays an icon that indicates the group type.

  • Page 176: Creating A Group

    SING ROUPS Button Use to Scan Now Prompts the Discover Applicable Updates (DAU) task to immediately launch and check a group for vulnerabilities. For additional information refer to Using the Scan Now Feature on page 41. Reboot Now Initiates the Reboot system task to all members of the selected group or groups.
  • Page 177 SING ROUPS Click Move. The Move Groups window opens. ESULT Figure 6-4: Move Groups Window Select a new parent group. - 161 -...

  • Page 178: Deleting Groups

    SING ROUPS Click Next. The Move Confirmation window opens. ESULT Figure 6-5: Move Confirmation Click Finish. The group is moved to the new parent group. ESULT Deleting Groups Complete the following steps to delete a single or multiple groups. Deleting a group does not prevent a device within that group from deploying, rebooting NOTE or scanning due to these tasks working at the device level.

  • Page 179: Editing Groups

    SING ROUPS Delete the desired group or groups using one of the following methods. Method Steps 1. Click the Delete icon associated with group you want to delete. Deleting a Single Group 1. Select the check boxes associated with the groups you want Deleting Multiple Groups to delete.
  • Page 180 SING ROUPS Device Membership The Device Membership view provides an interface for managing the devices assigned to a group. Figure 6-6: Device Membership The Device Membership view displays the following device details. Table 6-11: Device Membership view Column Description Device Name The name of the device as extracted from system data and inventory.

  • Page 181: Adding Or Removing Device Members

    SING ROUPS The following table describes the functions of the Device Membership view toolbar: Table 6-12: Device Membership View Toolbar Button Use To Install Install an agent to a device. For more information, see the ZENworks Patch Management Server 6.4 SP2 Agent Install Guide.
  • Page 182 SING ROUPS Click Manage. Figure 6-7: Manage Devices Add or remove devices using one of the following methods. Task Methods • Select the check box associated with the device(s) To add devices, use one of the to include in the group from the Devices table and following methods: click Assign.

  • Page 183: Enabling Or Disabling Devices Within A Group

    SING ROUPS Enabling or Disabling Devices within a Group In the Device Groups page, select Device Membership from the drop-down list. The Device Membership page displays in the Groups window. ESULT If necessary, designate search options and click Update View. Select the device you want to enable or disable.
  • Page 184 SING ROUPS • Disabling mandatory baseline deployments does not disable the deployments created through mandatory baseline inheritance. Additionally, disabling the baseline deployments will not remove the baseline items from the group’s Mandatory Baseline view. When a mandatory baseline is created or modified: •...
  • Page 185 SING ROUPS The following table describes the Mandatory Baseline view table: Table 6-13: Mandatory Baseline Column Definitions Column Header Description Expand (>) Expanding allows you to view the devices, their operating systems, and their mandatory baseline compliance. Vulnerability Status The status of a mandatory baseline is indicated by an icon. This column displays the status/type of each vulnerability assigned to the baseline.
  • Page 186 SING ROUPS The following table describes Mandatory Baseline view toolbar functions. Table 6-14: Mandatory Baseline View Toolbar Button Function Manage Add or remove vulnerabilities from the mandatory baseline. Export Retrieves all page information and allows for saving to a .csv file.

  • Page 187: Mandatory Baseline Item Compliance Icons

    SING ROUPS Mandatory Baseline Item Compliance Icons Compliance status for the mandatory baseline item relative to groups include: Table 6-15: Mandatory Baseline Item Compliance Items Status Description At least one member of this group is either detecting, obtaining the package, waiting on detection, or in a deployment not started state.
  • Page 188 SING ROUPS Click Manage. All known vulnerabilities are retrieved and displayed in the Groups ESULT window. Figure 6-9: Assign Vulnerabilities Add or remove vulnerabilities to or from the mandatory baseline. Task Methods • Select the check box associated with the To add vulnerabilities, use one of vulnerabilities to include from the Vulnerabilities the following methods.

  • Page 189: Using The Filter Functions To Select Vulnerabilities

    SING ROUPS Using the Filter Functions to Select Vulnerabilities When managing mandatory baselines, use filter functions to quickly find specific vulnerabilities. From the Vulnerabilities or Selected Vulnerabilities tables, click Show Filters. Type the filter criteria in the Name and/or the Information fields. Click Apply Filters.
  • Page 190 SING ROUPS From the Selected Vulnerabilities table, click the Options button associated with the desired vulnerability. The Package Deployment Options window opens. ESULT Figure 6-10: Package Deployment Options In the Deployment Options For field, confirm the operating system selection. If the Deployment Options For field has multiple Operating System groupings, NOTE you must set the package Deployment Options for each OS grouping.
  • Page 191 SING ROUPS Select or clear the desired Deployment Options. Table 6-16: Deployment Options Select Do not notify users of Deploy the mandatory baseline package without notifying the this deployment users of the device. Notify users of this Deploy the mandatory baseline package and notify the users deployment of the device.

  • Page 192: Removing Deployments Created By Mandatory Baselines

    SING ROUPS Select or clear the desired Reboot Options. Table 6-17: Reboot Options Select Do not notify users of Reboot the mandatory baseline package without notifying the this reboot users of the device. Notify users of this Reboot the mandatory baseline package and notify the users reboot of the reboot.

  • Page 193: Removing A Mandatory Baseline Deployment From A Group

    SING ROUPS Removing a Mandatory Baseline Deployment from a Group The following procedure halts a mandatory baseline deployment. In the Device Groups page, select Mandatory Baseline from the drop-down list. The Mandatory Baseline page displays in the Groups window. ESULT Select a group from the directory.
  • Page 194 SING ROUPS Device Group Vulnerabilities The Vulnerabilities view displays the vulnerabilities that have been assigned to the members of the group and the status of each vulnerability for the devices. This view is the same as the Vulnerability Summary view but only displays the vulnerabilities applicable to the member devices of the selected group.

  • Page 195: Enabling Vulnerabilities Within A Group

    SING ROUPS Column Description Impact Describes the level of requirement for the vulnerability. For additional information refer to Vulnerability Impacts on page Vulnerability Statistics Indicate vulnerability statistics. For additional information refer Icons to Vulnerability Statistics on page 37. The following reference describes the Vulnerabilities view toolbar functions. Table 6-19: Vulnerabilities View Toolbar Button Function...
  • Page 196 SING ROUPS Select the check box associated with a disabled vulnerability. You can select multiple disabled vulnerabilities. Click Enable. The selected vulnerabilities are enabled for the applicable group. ESULT Disabling Vulnerabilities within a Group You can disable all vulnerabilities. Disabled vulnerabilities move to the bottom of the list and are noted with the disabled status icon.
  • Page 197 SING ROUPS Device Group Inventory This view displays the software, hardware, operating systems and services that were detected on the devices in the group. This view is the same as the Inventory Summary view, but only displays the inventory of the selected group. Figure 6-12: Device Group Inventory View The following table describes the Inventory view toolbar functions Table 6-20: Group Inventory Toolbar...
  • Page 198 SING ROUPS Device Group Deployments This Deployments view displays the deployments that the selected group has been assigned. This view is the same as the Deployment Summary view, but displays only deployments for the selected group. For additional information refer to Using the Deployment Pages on page 75.
  • Page 199 SING ROUPS Button Function Disable Disables the selected enabled deployment. For additional information refer to Disabling Deployments on page 86. Delete Removes the deployment from ZENworks Patch Management Server. For additional information refer to Deleting Deployments on page 87. Deploy Re-deploys the selected packages.

  • Page 200: Device Group Policies

    SING ROUPS Device Group Policies The Policies view displays the policy sets that the selected group has been assigned. For more information on policy sets and policy conflict resolution, see Working With Agent Policy Sets on page 268. Figure 6-14: Device Group Policies View Adding a Policy to a Group Complete the following steps to add an already established policy set to a group.
  • Page 201 SING ROUPS Removing a Policy from a Group Complete the following steps to remove an already established policy set from a group. note: You cannot remove inherited policy sets; instead, must change the group’s policy inheritance setting. For more information regarding the modification of group inheritance, see Editing Group Settings on page 193.

  • Page 202: Adding A Role To A Group

    SING ROUPS The following reference describes the Roles view table. Table 6-22: Roles View Columns Column Description Role Name The name of the user role. Source Group The name of the group assigned to the user role. The following table describes the functions available in the Roles view. Table 6-23: The Roles View Toolbar Action Use To...

  • Page 203: Removing A Role From A Group

    SING ROUPS Click Add. The Select a Role drop-down list displays in the Groups window. ESULT Figure 6-16: Add a Role Select a role from the Name list. Click the Save icon. The role is saved and associated with the group. ESULT Removing a Role from a Group Complete the following steps to remove an established role from a group.
  • Page 204 SING ROUPS Device Group Dashboard The Group Dashboard view consists of a series of charts providing a current view of the selected group. These charts are generated based on the latest data available and include only those devices that are members of the current group, its child hierarchy, and their applicable vulnerabilities and packages.
  • Page 205 SING ROUPS Dashboard Charts The following table describes all of the available charts. Table 6-24: Dashboard Charts Chart Description Vulnerability Severity This chart displays the percentage of un-remediated applicable vulnerabilities vs. applicable vulnerabilities grouped by vulnerability severity. Vulnerability Severity by This chart displays the percentage of un-remediated Device devices vs.

  • Page 206: Dashboard Settings And Behavior Icons

    SING ROUPS Dashboard Settings and Behavior Icons Use the following table to define your settings when viewing the graphs dashboard. Table 6-25: Dashboard Settings and Behavior Icons Icon Function Opens the dashboard settings window. Opens a printable version of the currently displayed charts. Refresh all of the displayed charts.

  • Page 207: Removing A Graph From The Dashboard

    SING ROUPS Adding a Graph to the Dashboard Click the Dashboard Settings icon. The Dashboard Settings dialog opens. ESULT Figure 6-19: Dashboard Settings Dialog Select check boxes associated with the charts you want to displays. Move the graphs up or down according to your priorities. Select the number of columns for display: Select a one or two column width view from Columns.
  • Page 208 SING ROUPS Deselect the checkbox next to the graph(s) you want to remove. Click Save Dashboard Settings. Click Save. The graph(s) is removed from the Dashboard window ESULT Device Group Settings The Settings view displays the default group settings. Figure 6-20: The Settings View The following table describes Settings view toolbar functions.
  • Page 209 SING ROUPS Editing Group Settings If different settings are required, you can edit the default settings for a group. In the General area, edit the following fields as necessary. Field Description Group Name The group name. My Groups, System Groups, and Directory Service NOTE Groups group names cannot be edited.

  • Page 210: Assign A Source Group To A Custom Group

    SING ROUPS In the Policy area, edit the following lists as necessary. List Use To Policy Inheritance Defines whether the group inherits the policies assigned to the group’s parent hierarchy. A True value will set the group to inherit it’s parent hierarchy’s policy settings. Policies Enabled Defines whether policies may be assigned to the group.
  • Page 211 SING ROUPS Click Modify. The Edit Source Groups window opens. ESULT Figure 6-21: Edit Source Groups Expand the Source Group tree or use the search field to locate the group you require as a source. Select the groups you require as a source. A Source Group’s inherited devices will always be included regardless of whether NOTE you select the Source Group’s child groups.
  • Page 212 SING ROUPS - 196 -...

  • Page 213: About Reports

    WORKS ATCH ANAGEMENT UIDE Reporting This section provides information on defining and generating reports in ZENworks Patch Management. Reports provide a way to view the current patch status and network vulnerabilities for internal reporting, and briefing management. About Reports Reports cover a range of indicators and can be customized to cover a general category (devices, packages) or focus on specific elements of your network (for example, vulnerabilities specific to a particular vendor).
  • Page 214 EPORTING Report Parameters Page From the Available Reports List, selecting Device Status Report displays the Application Reporting Device Status Report Parameters page. The report definition page where you define the data to include in the report. Figure 7-2: Report Parameters Page - 198 -...

  • Page 215: Report Parameters List

    EPORTING Report Parameters List The following table describes the parameters used when using reports. Each report includes at least one parameter. Table 7-1: Report Parameters Select Devices Choose from a list of all available devices that you have permission to view. All available devices are shown in the Available Devices list.

  • Page 216: Report Results Page

    EPORTING Select Vulnerabilities Choose from a list of all available vulnerabilities identified by Patch Management Server. All vulnerabilities are shown in the Available Vulnerabilities list. Click a vulnerability name or use the CTRL and SHIFT keys to select multiple vulnerabilities. Date Range Choose from a list of all deployments that occur within the selected dates.

  • Page 217: Viewing Reports

    EPORTING Viewing Reports ZENworks Patch Management provides several pre-defined reports designed to provide a comprehensive view of your computing environment in respect to patch management activities. In the Main Menu, select Reports. The Available Reports page opens in a new browser window. ESULT Figure 7-4: Available Reports - 201 -...
  • Page 218 EPORTING Select the report to generate in the Available Reports page. The corresponding Report Parameters page opens. ESULT Figure 7-5: Report Parameters In the Report Parameters page, define the report contents and organization by selecting parameters. In the Parameters box, select the parameter to use in defining the report contents from the list of available parameters.

  • Page 219: Searching Within Reports

    EPORTING Working with Reports The following section explains how to use the functions to create, view, and use report data. • Searching within Reports on page 203 • Displaying Time and Date in Reports on page 203 • Exporting Reports on page 203 •...

  • Page 220: Viewing Printable Data In Reports

    EPORTING • Comma Separated Values (.csv) • Microsoft Excel Worksheet (.xls) • XML Document (.xml) The Export command and drop-down list is presented at the bottom of the page. All data results will export, not just selected results. However, some of the data may not NOTE import into a readable format.
  • Page 221 EPORTING • Detection Results Not Found Report • Services Inventory Detail Report • Device Duplicate Report • Services Inventory Summary Report • Device Status Report • Software Inventory Detail Report • Hardware Inventory Detail Report • Software Inventory Summary Report •...
  • Page 222 EPORTING Available Parameters: Deployments, Vulnerabilities, Date Range Table 7-3: Deployment Detail Report Column Definitions Column Definition Deployment Name The name of the deployment. Package Name The name of the package. Device Name The name of the device. Deployment Status The deployment status or stage. Deployment Date The date the deployment was sent.
  • Page 223 EPORTING Column Definition Package Name The name of the package. Deployment Name The name of the deployment. Device Name The name of the device. Deployment In-Progress Report The Deployment In-Progress Report provides information about deployments that have not completed. Reports can be generated for each deployment, package, or device. The report provides the status of the deployment.

  • Page 224: Deployment Summary Report

    EPORTING Column Definition Total Disabled The total number of devices that are disabled and cannot receive the deployment. Percent Success The percentage of devices that have successfully received the deployment. Percent Failure The percentage of devices on which the deployment has failed.

  • Page 225: Detection Results Not Found Report

    EPORTING Column Definition Total Failed The total number of deployments that have failed. Total Disabled The total number of devices that are disabled and cannot receive the deployment. Total Patched The total number of devices that have been patched by this deployment.
  • Page 226 EPORTING Column Description DNS Name The name used by the Domain Name System (DNS) to identify the device. OS Info A description of the operating system. Device Duplicate Report The Device Duplicate Report returns a list of duplicate devices registered with Update Server.

  • Page 227: Hardware Inventory Detail Report

    EPORTING Column Definition OS Name The operating system name. OS Build No. The operating system’s build number. OS Service Pack The latest service pack applied to the operating system (if applicable). Agent Version The version of the agent. The last date that the server had contact with Last Contact Date the agent.

  • Page 228: Mandatory Baseline Detail Report

    EPORTING Available Parameters: Devices, Groups Table 7-11: Hardware Inventory Summary Report Column Definitions Column Definition Hardware Device Class The type of hardware. Hardware Device Name The name of the hardware device. Instances The number of times this device occurs. (Within the parameters of the report.) Mandatory Baseline Detail Report The Mandatory Baseline Detail Report provides information about the mandatory baseline status associated with a device.

  • Page 229: Mandatory Baseline Summary Report

    EPORTING Column Definition Date Installed The date the package was installed on the device. Date Last Verified The date of the last Discover Applicable Updates (DAU) scan. Assigned Indicates whether the mandatory baseline has been assigned to the device. 1 = Assigned, 0 = Not Assigned Mandatory Baseline Summary Report The Mandatory Baseline Summary Report returns a summary list of patch and deployment information for all mandatory baseline packages and vulnerabilities associated...

  • Page 230: Operating System Inventory Detail Report

    EPORTING Operating System Inventory Detail Report The Operating System Inventory Detail Report provides information about the operating system associated with a device and the device status. Available Parameters: Devices, Groups Table 7-14: Operating System Inventory Detail Report Column Definitions Column Definition Operating System The operating system name and description.
  • Page 231 EPORTING Available Parameters: Devices, Groups, Packages Table 7-16: Package Compliance Detail Report Column Definitions Column Definition Package Name The name of the package. Device Name The name of the device. Vulnerability Status The vulnerabilities patch status. Last DAU Run The date of the last Discover Applicable Updates (DAU) scan. Last DAU Status The status of the last Discover Applicable Updates (DAU) scan.
  • Page 232 EPORTING Available Parameters: Devices, Groups, Packages Column Definition Package Name The name of the package. Total Devices The total number of devices. Applicable Devices The total number of applicable devices. Devices Detecting The number of devices currently running a Discover Applicable Updates (DAU) task.
  • Page 233 EPORTING Available Parameters: Devices, Groups Table 7-17: Services Inventory Detail Report Column Definitions Column Definition Service Name The name of the service. Device Name The name of the device. Service Startup State The state the service should enter upon device boot. Service Current State The current state of the device.
  • Page 234 EPORTING Software Inventory Summary Report The Software Inventory Summary Report provides information about the software associated with a device and the device status. Available Parameters: Devices, Groups Table 7-20: Software Inventory Summary Report Column Definition Column Definition Software Program The name of the software installed on the device. Instances The number of times this software program occurs.
  • Page 235 EPORTING Column Definition Percent Patched The percentage of applicable devices that are patched. If a selected vulnerability does not have an associated deployment, it will not appear in the report. NOTE - 219 -...
  • Page 236 EPORTING - 220 -...

  • Page 237: About User Management

    WORKS ATCH ANAGEMENT UIDE Managing Users and Roles This section provides information on managing users of ZENworks Patch Management. The user management features allow you to create users and define their permissions and access rights. About User Management The User Management page allows the system administrator to define which users can access Patch Management Server and the role each user has within the system.
  • Page 238 ANAGING SERS AND OLES Windows-based Authentication Patch Management Server authentication is controlled by the Windows operating system. Users who have access to the Patch Management Server are members of the local Windows group PLUS Admins. Update Access Rights Once a user has logged into Patch Management Server, their assigned user role is authenticated by the system.

  • Page 239: Defining Roles

    ANAGING SERS AND OLES Defining Roles The Patch Management Server includes both system and custom roles. System roles are roles native to every installation and cannot be edited or disabled. They allow control over all device groups and devices. Custom roles are created by the administrator and allow for combining access rights and selected devices or groups for a particular user.
  • Page 240 ANAGING SERS AND OLES Role Description Operator This user role is permitted to perform all routine operations (deploy, detect, export). Operators can only perform typical daily functions. Guest This role provides access to the system but restricts the user from performing any patch management tasks.
  • Page 241 ANAGING SERS AND OLES The following table identifies the default set of access rights, describes the functionality of each, and illustrates the system role assigned to each access right. Table 8-1: User Role Access Rights Access Right Name Description Enable Update Cache Button Ability to cache (download) packages from the Global Subscription Service.
  • Page 242 ANAGING SERS AND OLES Access Right Name Description View Home Page Access to the Home page. X X X X View Current Status Display the server status (on the Home X X X X page). View Inventory Access the Inventory data. X X X X Export Inventory Data Enable the export of Inventory data.
  • Page 243 ANAGING SERS AND OLES Access Right Name Description View Product Licenses Access the Options > Products tab. X X X X Export Product License Data Enable the export of product license data. Manage Options Manage subscription, product licenses, configuration, agent policies, e-mail notifications, and support options.

  • Page 244: Defining Accessible Device Groups

    ANAGING SERS AND OLES Access Right Name Description Manage Vulnerabilities Ability to disable and enable vulnerabilities. Enable Administrative Reports Ability to run reports that return data for all devices and device groups regardless of user role, device, or group assignments. Export Reports Ability to export application reports.

  • Page 245: Defining Accessible Devices

    ANAGING SERS AND OLES As mentioned, roles are defined primarily by the access rights associated to the role. In the case of the default system roles, the entire network monitored by the Patch Management Server is available to users if they have the appropriate role-based access rights. The accessible groups option is disabled when working with a predefined system role.

  • Page 246: Creating New Users

    ANAGING SERS AND OLES Creating New Users When creating users, you have two options: create a new local user, or add an existing local or domain user. User names may be between 1-20 characters in length and cannot include any of the NOTE following characters: ‘...
  • Page 247 ANAGING SERS AND OLES Click Next. The Create User page opens. ESULT Figure 8-3: Create User Wizard - Create a New User Enter the user credentials, and contact information for the new user. User Name, Password, Confirm Password, and Role are required fields. Select a Role (Administrator, Manager, Operator, or Guest) for the user from the pull-down window list.
  • Page 248 ANAGING SERS AND OLES Click Next. The Confirm User page opens. ESULT Figure 8-4: Create User Wizard - Creation Confirmation Page - 232 -...
  • Page 249 ANAGING SERS AND OLES Confirm the user information and click Close. The Creation Summary page opens. ESULT Figure 8-5: Create User Wizard - Creation Summary Page Click Close to exit the wizard. ESULT The new user is created, added to Windows, and granted the appropriate access to the Patch Management Server.
  • Page 250 ANAGING SERS AND OLES Click Next. The Search for the following users page opens. ESULT Figure 8-6: Create User Wizard - Search for Users In the Search for the following users field type a user name, or the beginning characters of one or more user names.
  • Page 251 ANAGING SERS AND OLES Click Next. The Users Found page opens. ESULT Figure 8-7: Create User Wizard - Users Found Select a User Role for each of the users found. The No Action value indicates that the user will not be added to the Patch ESULT Management Server, or if the user already exists as a Patch Management user, no changes are made to the user.
  • Page 252 ANAGING SERS AND OLES Editing User Profiles Editing user profile information allows you to change the role assigned to a user as well as update the user’s contact information. If you have the Change Password access right, you can edit other user’s passwords using the procedure defined under Changing a User’s Password on page 238.

  • Page 253: Deleting Users

    ANAGING SERS AND OLES Removing Users Removing a user from ZENworks Patch Management disables their access to the Patch Management Server without deleting the user’s Windows account. Once removed, the user is deleted from the Patch Management Server database and is removed from the user list in the User Management page.

  • Page 254: Changing A User's Password

    ANAGING SERS AND OLES Changing a User’s Password Changing a User’s Password in ZENworks Patch Management also changes the user’s Windows password on the (physical) Patch Management Server. Passwords are case sensitive and must meet password the rules defined by local and/or NOTE domain password policies.
  • Page 255 ANAGING SERS AND OLES numbers and symbols. Also, they do not resemble common words or names including words with numbers in place of letters. Figure 8-10: Change Password Wizard - Strong Password Click Finish. The password is changed. ESULT Working with User Roles The Patch Management Server includes both system and custom roles.
  • Page 256 ANAGING SERS AND OLES This section describes the role-based tasks available from the User Management page. • Creating User Roles on page 241 • Editing User Roles on page 243 • Assigning a User Role to an Existing User on page 244 •...

  • Page 257: Creating User Roles

    ANAGING SERS AND OLES Creating User Roles Creating custom-defined roles is an effective means to delegate patch management responsibilities to stakeholders throughout the organization. Once you define the template, you can then modify access rights and modify group and device access levels. In the Users page, select the Roles tab.
  • Page 258 ANAGING SERS AND OLES Select the Access Rights tab. To define which rights the users assigned this role will have, select the checkbox to the left of each of the desired access rights. Click Assign to move the selected access rights to the Selected Access Rights table or click Assign All to move all of the access rights to the Selected Access Rights table.

  • Page 259: Editing User Roles

    ANAGING SERS AND OLES Editing User Roles The editing feature is available only to custom-defined roles (system-defined roles cannot be edited) and is performed within the Edit a Role Wizard. In the Users page, select the Roles tab. Click the Edit icon to the left of the role you wish to edit. The Edit a Role wizard opens.
  • Page 260 ANAGING SERS AND OLES Select the Devices tab, to define which devices the users assigned this role will be able to access. To assign device access, select the checkbox to the left of each of the desired devices. Click Assign to move the selected devices to the Selected Devices table or click Assign All to move all of the devices to the Selected Devices table.
  • Page 261 ANAGING SERS AND OLES Edit the user as defined in Editing User Profiles on page 236, changing the role as desired. Click Finish to save your selections. Click Close to exit the Edit User Wizard. Disabling User Roles You can disable any non-system role, allowing you to continue maintaining the role within ZENworks Patch Management but restricting its assignment to any users.
  • Page 262 ANAGING SERS AND OLES Deleting User Roles Removing a role deletes the role and its data from the Patch Management Server database. In order to remove a role, it must first be disabled. You cannot delete a system role. From the Users view, select the Roles tab. Ensure the Status filter is set to All or Disabled.
  • Page 263 WORKS ATCH ANAGEMENT UIDE Configuring Default Behavior Configuration options provide you a means to define the default behavior and administer the Patch Management Server. This chapter provides information on configuring and managing ZENworks Patch Management. About the Options Page The Options page is available by clicking Options on the main toolbar. The page comprises six management and configuration views as individual tabs.
  • Page 264 ONFIGURING EFAULT EHAVIOR Viewing Subscription Service Information The Subscription Service page allows you to modify the Subscription Communication interval, initiate a standard or full replication, configure the subscription service, and view Subscription Service history and status information. Figure 9-2: Subscription Service Tab Patch Management Agents gather a list of software, hardware, services and patches installed on each agent within the network.
  • Page 265 ONFIGURING EFAULT EHAVIOR Button Function Reset Resets the replication status and initiates a complete replication with the Global Subscription Server. Once you click Reset, a confirmation window opens stating the replication NOTE status has been reset and you can choose whether to initiate the replication process by clicking OK, or wait until a later time, by clicking Cancel.

  • Page 266: Subscription Service History

    ONFIGURING EFAULT EHAVIOR Subscription Service History The Subscription Service History section displays a list of subscription activity and update records. Field Description Type Defines the type of task, the available types include: • Licenses - Verifies the validity of your Patch Management Server license.
  • Page 267 ONFIGURING EFAULT EHAVIOR • Enable or disable enhanced content. Figure 9-3: Subscription Service Configuration The following table describes the available functions in the Subscription Service Configuration window. Table 9-3: Subscription Service Configuration Functions Button Function Restart Stops and restarts the Global Subscription Server. This button is located on the Service tab.
  • Page 268 ONFIGURING EFAULT EHAVIOR Accessing the Configuration Page The Subscription Service Configuration page allows you to view and define your Patch Management Server communication settings. Select the Options tab. The Configuration Options window opens with the Subscription Service ESULT tab displaying as the default. Click Configure.

  • Page 269: Subscription Service Proxy Configuration

    ONFIGURING EFAULT EHAVIOR Subscription Service Status The following table describes the fields within the Status area of the Subscription Service Configuration window’s Service tab. Field Description Service Status The current status of the local Subscription Service’s communication with the Global Subscription Server. Last Checked The last date and time the local Subscription Service contacted the Global Subscription Server.

  • Page 270: Subscription Service Communication Settings

    ONFIGURING EFAULT EHAVIOR Subscription Service Communication Settings The following table describes the fields within the Communication area of the Subscription Service Configuration window’s Service tab. Table 9-5: Subscription Service Communication Field Descriptions Field Description Logging Level The level of detail recorded to the Subscription Service Log. Options include: Debug, Info, Warn, Error, and Fatal.
  • Page 271 ONFIGURING EFAULT EHAVIOR Select the Languages tab. The Subscription Service Configuration window’s Language tab ESULT displays. Figure 9-5: Subscription Service Configuration Language Tab Select the check box corresponding to the language that you want to display. Click Apply. Click Save. Configuring Enhanced Content The Subscription Service Configuration window allows you to enable, disable, and export enhanced content.

  • Page 272: Enabling Enhanced Content

    ONFIGURING EFAULT EHAVIOR Enabling Enhanced Content Enabling Enhanced Content streamlines the manner in which applicable updates are detected by ZENworks Patch Management. Select the Options tab. The Configuration Options window opens with the Subscription ESULT Service tab displaying as the default. Click Configure.

  • Page 273: Disabling Enhanced Content

    ONFIGURING EFAULT EHAVIOR Disabling Enhanced Content The following procedure will walk you through disabling the Enhanced Content functionality of ZENworks Patch Management. Select the Options tab. The Configuration Options window opens with the Subscription ESULT Service tab displaying as the default. Click Configure.
  • Page 274 ONFIGURING EFAULT EHAVIOR Verifying Subscription Licenses The Products page allows you to view, validate and export license information. The page provides a summary of all product, third-party software, and plug-in component licenses that are part of your patch management activities. This information is updated as part of the daily replication with the Global Subscription Server.

  • Page 275: Product Information

    ONFIGURING EFAULT EHAVIOR Product Information The Product Information section provides a summary of license availability and usage. Table 9-7: License Availability License Description License In Use The total number of licenses in use by registered agents. License Available The total number of licenses available for use. Total Non-Expired The total number of licenses active and available for use.

  • Page 276: Default Configuration

    ONFIGURING EFAULT EHAVIOR Default Configuration The Patch Management Server Configuration page lets you establish, modify and export the Deployment Defaults, Agent Defaults (Default Agent Policy), ISAPI Communication, and User Interface settings. Figure 9-8: Configuration Tab - 260 -...

  • Page 277: Configuring Deployment Defaults

    ONFIGURING EFAULT EHAVIOR Table 9-9: Configuration Tab Page Functions Button Function Save Saves any changes made on this page. If you make any changes, you must click Save to save those changes. If CAUTION you do not click Save, the system will return to the last saved settings when you navigate away from the Configuration page.
  • Page 278 ONFIGURING EFAULT EHAVIOR Deployment Setting Description Maximum number of Simultaneous The maximum number of agents that can mandatory baseline deployments receive simultaneous mandator baseline deployments. Consecutive Maximum number of times a The number of failed deployment attempts deployment will be consecutively permitted before Update Server disables the attempted deployment.
  • Page 279 ONFIGURING EFAULT EHAVIOR Communication Agent communication settings are defined in the Communication section of the Configuration page. The following table describes the fields within this section. Table 9-11: Agent Communication Settings Field Description Agents should be Configures a time interval (defined in minutes, hours or days) shown Offline when that must elapse before an agent is considered to be offline.

  • Page 280: Absentee Agent Management

    ONFIGURING EFAULT EHAVIOR Field Description May Reboot Edit and display a message advising the user that the computer may be rebooted. (Maximum of 256 characters.) Default Reboot Edit and display the default message advising the user that the Message computer requires a reboot. (Maximum of 256 characters.) Legacy Agents have a Time allotment for the notification window to display for pre-6.3 Notification Timeout...
  • Page 281 ONFIGURING EFAULT EHAVIOR Configuring User Interface Defaults The User Interface default settings allow you to define the initial user experience for your users. Figure 9-11: Configuration Tab - User Interface Defaults Table 9-15: User Interface Defaults Field Description Display _ Rows Per Allows you to set the default number of rows [25, 50, 100, 200, Page 500, or 1000] displayed within Patch Management Server.

  • Page 282: Configuring Isapi Communication Settings

    ONFIGURING EFAULT EHAVIOR Customizing Row Values The Customize Row Values page allows you to define the amount of rows you want to display when using Patch Management Server. On the Configuration page, click Modify. The Customize Row Values window opens. ESULT Figure 9-12: Customize Row Values If needed, type a new row value in the Value field.

  • Page 283: Concurrent Agent Limit

    ONFIGURING EFAULT EHAVIOR Concurrent Agent Limit Defines the maximum number of threads used by ZENworks Patch Management. Table 9-16: Concurrent Agent Limit Field Description SQL Default (64 Select to enable the recommended thread count for a SQL threads) Server implementation. Custom Setting Select to define a custom (between 5 and 256) thread count.

  • Page 284: Working With Agent Policy Sets

    ONFIGURING EFAULT EHAVIOR Working With Agent Policy Sets Agent Policies are the key element in defining agent behavior. Agent Policies consist of the rules for communicating with the Patch Management Server and define settings such as communication interval, deployment notification options, reboot notification options, logging levels, discovery mode, and hours of operation.

  • Page 285: Viewing Agent Policy Summary Information

    ONFIGURING EFAULT EHAVIOR The following functions are available when using Policy Sets. Table 9-19: Policy Sets Page Functions Button Function Create Creates a new Agent Policy Set. Delete Deletes an existing Agent Policy Set. Export Exports policy data to a comma separated value (.csv) file. For additional information refer to Exporting Data on page 17.
  • Page 286 ONFIGURING EFAULT EHAVIOR Creating a Policy Set The Create a Policy Wizard allows you to create and add a policy set to the Patch Management Server. Open the Agent Policy Sets page (Options > Policies). Click Create. The Create a Policy Set window opens. ESULT Figure 9-16: Create a Policy Set - 270 -...
  • Page 287 ONFIGURING EFAULT EHAVIOR In the Policy Set Information tab, click within the fields to activate the options. The following table lists and describes the available agent policies. Table 9-21: Agent Policy Set Descriptions Name Description Policy Set Details Policy Set The name designated to the policy.
  • Page 288 ONFIGURING EFAULT EHAVIOR Name Description Inventory Launches the Select Inventory Collection page, allowing the Collection selection of which inventory values to record during collection. Options Resume When enabled, the agent will resume interrupted downloads at the Interrupted point of interruption. Downloads Hours of Launches the Edit Agent Policy Set page.
  • Page 289 ONFIGURING EFAULT EHAVIOR Name Description User May User can cancel the reboot. Cancel User May User can snooze the reboot. Snooze Reboot Within Snooze or cancel the reboot time window, in minutes. When the defined Offset has elapsed, the reboot will automatically occur. Discover Applicable Updates (DAU) Scheduling Defines how often the agent must perform a Discover Applicable...
  • Page 290 ONFIGURING EFAULT EHAVIOR Editing a Policy Set The Edit a Policy Set wizard allows you to modify an agent policy and the policies behavior. Select the Agent Policy Set you wish to edit. Select the Edit icon to the left of the policy. The Edit a Policy Set window opens.

  • Page 291: Deleting A Policy Set

    ONFIGURING EFAULT EHAVIOR Deleting a Policy Set You can delete a policy at any time. Deleting a policy will delete the policy from the database and any groups associated to the policy are automatically associated to the default policy. Click Options. In the Options page, click Policies.
  • Page 292 ONFIGURING EFAULT EHAVIOR Defining Inventory Collection Options The Select Inventory Collection page allows you to chose the inventory items collected by the Discover Applicable Updates (DAU) task. Figure 9-19: Inventory Collection Options Button Function Reset Resets the window, returning to the previous settings. Closes the window (saving changes).
  • Page 293 ONFIGURING EFAULT EHAVIOR Select and define the inventory options. Table 9-22: Inventory Collection Options Inventory Option Description Inventory Collection Deselecting this option will deselect all inventory collection Options options. Allow use of WMI Required if WMI data will be gathered. Deselecting this option during inventory will deselect all inventory options which require WMI.
  • Page 294 ONFIGURING EFAULT EHAVIOR Inventory Option Description USB Devices Scan for data regarding USB devices. BIOS Information Scan for BIOS data. Sound, Video, and Scan for data regarding sound, video, and game controllers. Game Controllers OS Serial Number Scan for the Operating System serial number. (requires WMI) Virtual Machines Scan to determine if device is a virtual machine.

  • Page 295: Defining Agent Hours Of Operation

    ONFIGURING EFAULT EHAVIOR The Inventory Collection Options window closes, saving your changes. Changes made to the Inventory Collection Options will not be saved until you have CAUTION selected Save on the originating page. Defining Agent Hours of Operation Agent communication can be enabled or disabled to restrict agent communication with the Patch Management Server to a specific time range only.

  • Page 296: Defining Fastpath Servers

    ONFIGURING EFAULT EHAVIOR Scroll to the Hours of Operation area, and click Define. The Hours of Operation window opens. ESULT Click the Day and Hour combinations during which you want to restrict agent communication. • All toggles all agent communication. •...
  • Page 297 ONFIGURING EFAULT EHAVIOR Scroll to the FastPath Servers area, and click Modify. The Edit FastPath Servers window opens. ESULT Figure 9-21: Edit FastPath Servers Window Click the Add link (or Edit icon). The Add FastPath Server dialog opens. ESULT Figure 9-22: Add FastPath Server Dialog - 281 -...

  • Page 298: Defining Agent Policy Conflict Resolution

    ONFIGURING EFAULT EHAVIOR Provide the following data about your FastPath server. • Url - The Url should be added in the http://servername format. • Port - The port on which your FastPath server operates. • Authenticated - Select this option if the FastPath server requires authentication. Enables the User Name and Password fields.

  • Page 299: Agent Policy Conflict Resolution Rules

    ONFIGURING EFAULT EHAVIOR Agent Policies - After resolving the group policies, the conflicting policies assigned to an agent (via it’s group membership) are resolved. The following rules apply: The resultant policies of all groups to which the agent is a member are resolved as defined in the Agent Policy Conflict Resolution Rules on page 283.
  • Page 300 ONFIGURING EFAULT EHAVIOR Policy Setting Resolution User May Snooze The agent will use True. Deployment Deployment Within n The agent will use the smallest Deploy Within value. Minutes Always on Top The agent will use True User May Cancel The agent will use True Reboot User May Snooze The agent will use True...
  • Page 301 ONFIGURING EFAULT EHAVIOR Using E-Mail Notification The E-Mail Notification page lets you configure system alerts to help in monitoring your Patch Management Server. You can enter any number of e-mail addresses and then assign the particular alert types that you want each recipient to receive. This page also allows you to define the trigger levels for individual alerts.
  • Page 302 ONFIGURING EFAULT EHAVIOR Button Function Export Exports a list of e-mail notification addresses and settings to comma separated value (.csv) file format. For additional information refer to Exporting Data on page 17. Test Sends a test e-mail message to the selected e-mail address(es). Defining E-Mail Notification The following options can be defined for each e-mail address included in the notification address column.
  • Page 303 ONFIGURING EFAULT EHAVIOR Column Name Description Notification Address The e-mail address that receives notifications. Must be a validly formatted e-mail address (name@domain.tld); the system does not, however, validate the actual address. Outgoing Mail Server The mail host used by your Patch Management Server for (SMTP) sending e-mail messages.

  • Page 304: Technical Support Information

    ONFIGURING EFAULT EHAVIOR Sending a Test E-Mail On the Options page, click E-Mail In the Current E-Mail Notifications section, select the e-mail address(es) to receive the test message. Click Test. ESULT A confirmation message informs you that the test message was sent. Technical Support Information Clicking on the Support tab causes the Technical Support page to be displayed.

  • Page 305: Server Information

    Operating System The operating system installed and running on the Patch Management Server machine. Last Connected The date and time the system last made a connection with the Global with Novell Subscription Server. ZENworks Non-Expired Total number of active licenses.
  • Page 306 ONFIGURING EFAULT EHAVIOR Field Description Version The version number of the Patch Management Server installed. The URL assigned to this Patch Management Server. Last Agent The date and time an Agent last made a connection to the Patch Connection Management Server. Installation Date The date Patch Management Server was installed.

  • Page 307: Support Information

    Knowledge Base Access Product Accesses the Novell Web site. Web Site Ask a Question Sends a support question to the Novell technical support team via e-mail. Request a Patch Sends a patch request to the Novell technical support team via e-mail.
  • Page 308 ONFIGURING EFAULT EHAVIOR - 292 -...

  • Page 309: About The Agent For Pre Windows Vista

    Go to Start > Settings > Control Panel. Select ZENworks Patch Management. ESULT The Novell Agent Control Panel opens with the Deployment tab selected by default. When opening the Patch Management Agent, the Control Panel must be displayed in NOTE the Windows Classic View.

  • Page 310: Server Information And Status

    SING THE GENT Deployment Tab The Deployment tab is comprised of four functional areas. Figure 10-1: Agent Initial Window Server Information and Status The following table displays the Patch Management Server location and the communication status: Table 10-1: Server Information - Deployment Tab Field Description Patch Management...
  • Page 311 SING THE GENT Agent Information The following table describes the information in the Agent Information area of the Deployment tab: Table 10-2: Agent Information Field Description Last Checked Time When the agent last communicated with the Patch Management Server. Next Checked Time Next scheduled time when the agent will contact the ZENworks Patch Management Server.
  • Page 312 SING THE GENT The Agent Log (ZENworks Patch Management Agent.log) opens. Figure 10-2: Agent Log Clearing the Agent Log Perform the following procedure to clear the agent log. Click Clear Agent Log. The clear confirmation message dialog box opens. ESULT Figure 10-3: Clear Agent Log Message Click Yes.
  • Page 313 SING THE GENT Initiating Communication Between the Agent and Patch Management Server Complete the following procedure to initiate communication between the Patch Management Agent and the Patch Management Server. Click Check Now. ESULT The agent initiates communication with the Patch Management Server and checks for any pending tasks or deployments and the Last Checked Time is updated to reflect the current time.
  • Page 314 SING THE GENT Server Information and Status The following table displays the Patch Management Server location and the communication status: Table 10-5: Server Information - Detection Tab Field Description Patch Management The URL of the ZENworks Patch Management Server the Server agent is registered against.
  • Page 315 SING THE GENT Viewing the Detection Log Complete the following procedure to view the Detection Log. Click View Detection Log. ESULT The Detection Log opens. Figure 10-5: View Detection Log Clearing the Detection Log Complete the following procedure to clear the Detection Log. Click Clear Detection Log.
  • Page 316 SING THE GENT Agent Operations The following table describes the Agent Operations area: Table 10-8: Agent Operations Detect ASAP Causes the agent to start a Discoverable Applicable Updates task as soon as possible. Prompting the Agent to Detect Vulnerabilities Immediately Complete the following procedure to prompt the Agent to detect vulnerabilities immediately.

  • Page 317: Configuring Proxy Settings

    SING THE GENT Server Information and Status The following table displays the Patch Management Server location and the communication status. Table 10-9: Server Information - Proxies Tab Field Description Patch Management The URL of the ZENworks Patch Management Server the Server agent is registered against.

  • Page 318: About Tab

    SING THE GENT Type the password in the Password field. Click OK. The confirmation dialog box opens. ESULT Figure 10-9: Proxy Change Confirmation Click Yes. ESULT The proxy information is saved. About Tab The About Tab displays information regarding the Agent and its associated ZENworks Patch Management Server.

  • Page 319: Server Information And Status

    SING THE GENT Server Information and Status The following table displays the Patch Management Server location and the communication status: Table 10-10: Server Information - About Tab Field Description Patch Management The URL of the ZENworks Patch Management Server the Server agent is registered against.
  • Page 320 After you create a deployment within the Patch Management Server, the agent can retrieve the deployment from the server. When the agent receives a deployment, if a deployment notification was enabled and a user is logged into the device, the Novell ZENworks Desktop Deployment Manager displays on the Device screen.

  • Page 321: Canceling A Deployment

    User Interaction During a Reboot If the agent must reboot the device, a user is logged into the device, and reboot notification was enabled, the Novell ZENworks Desktop Deployment Manager will displays on the Device screen. Figure 10-13: Novell ZENworks Desktop Deployment Manager - Pending Reboot An icon is also visible in the taskbar.

  • Page 322: About The Patch Management Agent For Mac

    SING THE GENT Rebooting Immediately Complete the following procedure to reboot immediately. Click Reboot. ESULT The Agent reboots the device. Delaying a Reboot Complete the following procedure to delay a reboot. Select a time frame from the Snooze for drop-down list. Click Snooze.
  • Page 323 SING THE GENT The Novell Agent Control Panel opens. The Deployment tab is the default. Deployment Tab The Deployment tab is comprised of three functional areas. Figure 10-15: Agent Deployment Tab Server Information The following table displays server information: Table 10-12: Server Information Displayed in the Mac Agent...
  • Page 324 SING THE GENT Field Description Agent Version The version number of the Patch Management Agent. Agent Status Indicates the current status (started, stopped, working, waiting, or restarting) of the Patch Management Agent service on the local device. Install Directory The directory in which the Patch Management Agent is installed.
  • Page 325 SING THE GENT Field Description View Error Log Opens a text file containing the agent error log. Clear Error Log Clears the agent error log. More Information Displays agent configuration information, usage information, and excerpts of the agent activity and error logs in the Results field.
  • Page 326 Patch Management Agent and the configured ZENworks Patch Management Server. Click System Preferences. Click Patch Management Agent Control Panel. The Novell Agent Control Panel opens. The Deployment tab is the ESULT default. Click Start Agent. - 310 -...
  • Page 327 Patch Management Agent and ZENworks Patch Management Server. The Agent will automatically restart after a reboot. Click System Preferences. Click Patch Management Agent Control Panel. The Novell Agent Control Panel opens. The Deployment tab is the ESULT default. Click Stop Agent.
  • Page 328 After you create a deployment within ZENworks Patch Management Server, the agent can retrieve the deployment from the server. When the agent receives a deployment, if a deployment notification was enabled and a user is logged into the device, the Novell ZENworks Desktop Deployment Manager displays on the Device screen.

  • Page 329: User Interaction During A Reboot

    User Interaction During a Reboot If the agent must reboot the device, a user is logged into the device, and reboot notification was enabled, the Novell ZENworks Desktop Deployment Manager will displays on the Device screen. Figure 10-18: Novell ZENworks Desktop Deployment Manager - Pending Reboot Rebooting Immediately Complete the following procedure to reboot immediately.

  • Page 330: Canceling The Reboot

    SING THE GENT Delaying a Reboot Complete the following procedure to delay a reboot. Select a time frame from the drop-down list. Click Snooze. ESULT The reboot is delayed for the selected duration. Canceling the Reboot Complete the following procedure to cancel a reboot. Click Reject (if Reject is not available, your Administrator has disabled your ability to cancel a reboot).
  • Page 331 Specifies the macro definitions that should be used by the setmacro agent. Archives the Agent logs so that they can be sent to Novell. archivelogs Set p your proxy server. proxysetup Clears the Patch Management Agent error log file.
  • Page 332 SING THE GENT The Agent Control Panel opens. Figure 10-19: Agent Control Panel - 316 -...

  • Page 333: Home Page

    SING THE GENT Home Page The Home page is comprised of the following functional areas. Figure 10-20: Vulnerability Detection Page • Compliance - Displays whether your computer is compliant with corporate policies. The available values are as follow: Table 10-16: Computer Compliance Status Status Description Displays...
  • Page 334 SING THE GENT Status Description Displays Yellow (Service Compliant is running and the Patch Management Agent is busy) Unable to Blue (Service is Contact running and the Server Patch Management Agent is offline or unknown) • Active Scan Statistics - Only displays after clicking the Scan button. The Active Scan Statistics section will start a scan if one is not already active, and displays the Scan Type, Start Time, Duration, and Status.

  • Page 335: Proxy Settings

    SING THE GENT Proxy Settings The Proxy Settings page allows you to override the server provided proxy settings for communication with the Patch Management Server. Figure 10-21: Proxy Settings Configuring the Proxy Settings Complete the following procedure to configure proxy settings. Select Override the Server Provided Proxy Settings.
  • Page 336 SING THE GENT The Username, Password, and Retype Password fields become ESULT active. Type the username in the Username field. Type the password in the Password and Retype Password fields. Click Save. ESULT The proxy information is saved. Logging The Log Files page, provides buttons to view and clear the Agent log files. Figure 10-22: Log Files Page Viewing a Log File Complete the following procedure to view a log file.
  • Page 337 SING THE GENT Clearing a Log File Complete the following procedure to clear the log file. If desired, click the Name, Date Modified, or Size column heading to sort the log files. Click the Truncate button to clear the log. - 321 -...
  • Page 338 SING THE GENT Log Detail Page The Log Detail page displays the Name, Size, last Updated date, and log contents. From the Log Detail page, you can search the log contents, change to a single page, or facing pages view, and refresh.

  • Page 339: Management Server

    SING THE GENT Management Server The Server Settings page is comprised of the Patch Management Server Settings area which provides the following information. Figure 10-24: Vista Agent Server Settings Page Table 10-18: Server Settings Page - Field Descriptions Field Description Patch Management Server Provides the version of the Patch Management Server that Version...
  • Page 340 After you create a deployment within the Patch Management Server, the agent can retrieve the deployment from the server. When the agent receives a deployment, if a deployment notification was enabled and a user is logged into the device, the Novell ZENworks Desktop Deployment Manager displays on the Device screen.

  • Page 341: Canceling A Deployment

    User Interaction During a Reboot If the agent must reboot the device, a user is logged into the device, and reboot notification was enabled, the Novell ZENworks Desktop Deployment Manager will displays on the Device screen. Figure 10-26: Novell ZENworks Desktop Deployment Manager - Pending Reboot Rebooting Immediately Complete the following procedure to reboot immediately.

  • Page 342: Canceling The Reboot

    SING THE GENT Delaying a Reboot Complete the following procedure to delay a reboot. Select a time frame from the Remind me in drop-down list. ESULT The reboot is delayed for the selected duration. Canceling the Reboot Complete the following procedure to cancel reboot. Click Cancel (if Cancel is not available, your Administrator has disabled your ability to cancel reboots).

  • Page 343: Server Security

    NOTE other than Internet Explorer 6 SP 1 and above. If you need to remove this restriction, and disable the enhanced security settings available with IE 6 SP1, refer to the Novell Knowledgebase . Server Error Pages The ZENworks Patch Management Server provides several distinct error pages. these pages are: •...
  • Page 344 ATCH ANAGEMENT ERVER EFERENCE • Requested Page Not Found - This page is displayed whenever a user attempts to navigate to an address that does not exist on the server. Links are provided to common sections of the server to assist the user in returning to their desired location. •...

  • Page 345: Device Status Icons

    ATCH ANAGEMENT ERVER EFERENCE HTTP Status Codes As a Web based application using Internet Information Services (IIS), ZENworks Patch Management users HTTP status codes. While many of the status codes are informational only, the following table defines a few of the common error codes. Table A-2: HTTP Status Codes Code Description...
  • Page 346 ATCH ANAGEMENT ERVER EFERENCE Active Pending Description The agent is offline. The agent is sleeping due to its Hours of Operation settings. This agent has been disabled. The agent is offline and is in a Chain status (can accept chained deployments only after reboot). The agent is offline and is in a Reboot status (can accept no more deployments until after it reboots).

  • Page 347: Secure Your Server With Ssl

    Server and Patch Management Agents by enabling SSL during the installation of ZENworks Patch Management. This process involves obtaining a SSL certificate (.CER), and installing the certificate during the installation. Refer to the ZENworks Patch Management 6.4 SP2 Server Installation Guide for details regarding installing with SSL enabled.

  • Page 348: Put Your Server Behind A Firewall

    ECURING ATCH ANAGEMENT ERVER Click Properties. The Local Area Connection Properties window opens. ESULT Figure B-1: Local Area Connection Properties Select File and Printer Sharing for Microsoft Networks. Do not uninstall Client for Microsoft Networks because it is required by both CAUTION Microsoft SQL Server and Internet Information Server.

  • Page 349: Turn Off Non-Critical Services

    Therefore, there are a number of services that can be turned off (e.g.: RPC, Remote Registry, etc.) to reduce the risk of outside attacks. Although Novell does not encourage this type of lock down, it can be an effective method to reduce the risk of hacker attacks. The following services are required to run ZENworks Patch Management: •...
  • Page 350 ECURING ATCH ANAGEMENT ERVER On the Local Area Connection Status General tab, click Properties. The Local Area Connection Properties window opens. ESULT Figure B-2: Local Area Connection Properties Select the Internet Protocol (TCP/IP) protocol. - 334 -...
  • Page 351 ECURING ATCH ANAGEMENT ERVER Click Properties. The Internet Protocol (TCP/IP) Properties window opens. ESULT Figure B-3: Internet Protocol (TCP/IP) Properties In the General tab, click Advanced... The Advanced TCP/IP Settings window opens. ESULT Select the Options tab. Select TCP/IP Filtering. - 335 -...
  • Page 352 Close the open windows. FTER OMPLETING With all ports locked (except for ports 80 and 443), it will be necessary to add entries to your Proxy or HOSTS file for the necessary Novell websites and the Global Subscription Server. - 336 -...
  • Page 353 ECURING ATCH ANAGEMENT ERVER Apply All Security Patches Apply all applicable Microsoft Security Patches to ensure that the server remains protected against all known security threats. Be sure to apply the most recent patches for IIS, SQL Server, and Windows Server 2003. - 337 -...
  • Page 354 ECURING ATCH ANAGEMENT ERVER - 338 -...

  • Page 355: Supported Operating Systems

    WORKS ATCH ANAGEMENT UIDE Working With the Content Update Tool With the advent of subscription support, some software manufacturers require a subscription to download software patches and updates. Due to this subscription model some vulnerabilities retrieved from the Global Subscription Server cannot include the vendor’s patch.

  • Page 356: Installing The Content Update Tool

    ORKING ITH THE ONTENT PDATE • An active Internet connection. Installing the Content Update Tool The Content Update Tool is available as a download from the Agent Installers page of your ZENworks Patch Management Server. Downloading the Content Update Tool Prior to installing the Content Update Tool, you must download the tool from your ZENworks Patch Management Server Agent Installers page.
  • Page 357 ORKING ITH THE ONTENT PDATE Click Install. The Agent Installers page opens. ESULT Figure C-1: Agent Installers Page From the Agent Installers window, select the Content Update Tool download link. The File Download dialog box opens. ESULT In the File Download dialog box, click Save. The Save As window opens.

  • Page 358: Installing The Content Update Tool

    ORKING ITH THE ONTENT PDATE Installing the Content Update Tool Having downloaded the installer, you can now install the Content Update Tool. From the downloaded location, select the ContentUpdateTool.msi file to extract the Content Update Tool Installation Wizard. The Content Update Tool Tool Welcome page opens. ESULT Click Next.

  • Page 359: Using The Content Update Tool

    ORKING ITH THE ONTENT PDATE Click Next to install. Click Close to exit the wizard. Using the Content Update Tool The Content Update Tool is a wizard-based utility that will guide you through the process of associating your ZENworks Patch Management vulnerability definitions with vendor supplied patches.

  • Page 360: Using The Content Update Tool

    Content Update Tool. Using the Content Update Tool Select Start > Programs > Novell ZENworks > ZENworks Content Update Tool 6.4 SP-2 to start the Content Update Tool. The Welcome page opens.
  • Page 361 ORKING ITH THE ONTENT PDATE Click Next. The Configuration page opens. ESULT Figure C-3: Content Update Tool - Configuration Page Select the Server tab and set the configuration options. Table C-4: Content Update Tool - Server Tab Configuration Options Field Description Server Name The name of your Patch Management Server.
  • Page 362 ORKING ITH THE ONTENT PDATE Field Description Port The proxy server’s port. Authenticated Proxy Select if the defined proxy requires a user name and password. Selecting this option will enable the Username and Password fields. Username The user name used when connecting via the defined proxy. Password The password associated with the defined user name.
  • Page 363 ORKING ITH THE ONTENT PDATE Click Search. The vulnerabilities grid will display the results of your search. ESULT Figure C-4: Content Update Tool - Vulnerability Selection Page Select the desired vulnerabilities by selecting (or de-selecting) the checkboxes in the Selected column. When selecting vulnerabilities, the following reference fields are available: •...
  • Page 364 ORKING ITH THE ONTENT PDATE Click Next. The vulnerability metadata will be downloaded from the Global ESULT Subscription Server and the Package Selection page will open when the download is complete. Figure C-5: Content Update Tool - Package Selection Page To perform an automatic selection of the package components: Type, or browse to (using the ellipsis button), the target search directory.
  • Page 365 ORKING ITH THE ONTENT PDATE automatic selection is unable to find all of the necessary packages, you must either repeat the search using a different directory, or manually select the package components. The following status icons are displayed in the Status column. Table C-7: Package Status Icons Icon Status Definition...
  • Page 366 ORKING ITH THE ONTENT PDATE the vulnerability name and a listing of what properties failed to match will be added to the beginning of the vulnerability description. The package components are uploaded to your Patch Management Server ESULT and the Summary Report page will open when complete. Figure C-6: Content Update Tool - Summary Report Page Click Close to exit the wizard.

  • Page 367: Preparing Your Database

    WORKS ATCH ANAGEMENT UIDE Creating a Disaster Recovery Solution The most important part of an effective disaster recovery solution is having a current and valid backup. You can create backups either manually or as part of a Database Maintenance Plan. This appendix applies to Microsoft SQL Server 2005 and requires the Microsoft SQL NOTE Server Management Studio.
  • Page 368 REATING A ISASTER ECOVERY OLUTION Select Properties. The Database Properties window opens. ESULT Figure D-1: Database Properties Select Options within the Select a page field. The Options page opens. ESULT In the Recovery model field, select Full. Click OK. The changes are saved and the Database Properties window closes. ESULT Repeat for the PLUS_Staging database (and the PLAMS and PLUS_Reports databases if they exist).

  • Page 369: Creating A Manual Solution

    REATING A ISASTER ECOVERY OLUTION Creating a Manual Solution While a Maintenance Plan will allow you to automate the backup of your databases and transaction logs, you can also create and restore individual backups using the SQL Server Management Studio. Creating a Database Backup The most important part of an effective disaster recovery technique is having a current and valid backup.
  • Page 370 REATING A ISASTER ECOVERY OLUTION Select Tasks > Backup... The Back Up Database window opens. ESULT Figure D-2: Back Up Database Ensure that the Source values are set as follows: • Database: PLUS • Recovery model: Full If the Recovery model is not set to Full, refer to Changing the Database Recovery NOTE Model on page 351.
  • Page 371 REATING A ISASTER ECOVERY OLUTION Define your backup Destination settings. Select either the Disk or Tape option. Define the destination Folder. For performance reasons, it is recommended that you create your database NOTE backup in a directory that is not on the same physical drive as your database. Select Options within the Select a page field.

  • Page 372: Restoring A Database Backup

    REATING A ISASTER ECOVERY OLUTION Restoring a Database Backup Another important part of an effective Disaster Recovery Solution is having a process defined in which to restore your database backup. Open the Services Management Console (Start > Settings > Control Panel > Administrative Tools >...
  • Page 373 REATING A ISASTER ECOVERY OLUTION Select Restore Database... The Restore Database window opens. ESULT Figure D-4: Restore Database In the To database field, type or select the database you need. Specifying a new name for the database automatically defines the database files NOTE restored from the database backup.
  • Page 374 REATING A ISASTER ECOVERY OLUTION Select Options within the Select a page field. The Options page will display. ESULT Figure D-5: Restore Database - Options Ensure the Overwrite the existing database option is selected. Verify, and correct if necessary, the directory path within the Restore the database files as field.

  • Page 375: Creating An Automated Solution

    REATING A ISASTER ECOVERY OLUTION Creating an Automated Solution A Maintenance Plan allows you to create an automated backup and schedule the backup to occur as frequently as your organizational needs dictate. Maintenance Plans allow you to define your back up options as well as which databases and transaction logs to include. If you have not already done so, you should change your Database Recovery Model to NOTE FULL before continuing.
  • Page 376 REATING A ISASTER ECOVERY OLUTION Select Maintenance Plan Wizard. The SQL Server Maintenance Plan Wizard opens. ESULT Figure D-6: SQL Server Maintenance Plan Wizard Click Next. The Select a Target Server page opens. ESULT Define the maintenance plan Name, Description [optional], target Server, and Authentication method.
  • Page 377 REATING A ISASTER ECOVERY OLUTION Set the tasks to execute in the following order: • Check Database Integrity • Back Up Database (Full) • Back Up Database (Transaction Log) • Clean Up History [optional] Click Next. The Define Database Check Integrity Task page opens. ESULT Click the Database drop-down.
  • Page 378 REATING A ISASTER ECOVERY OLUTION Click Next. The Define Back Up Database (Full) Task page opens. ESULT Figure D-7: Define Back Up Database (Full) Task Click the Database drop-down. Select the These databases option. Select the PLUS and PLUS_Staging databases. Click OK.
  • Page 379 REATING A ISASTER ECOVERY OLUTION Define your Back up Destination settings. Select either the Disk or Tape option. Select to Create a backup file for every database. Select to Create a sub-directory for each database. Define your destination Folder. For performance reasons, it is recommended that you create your database NOTE backup in a directory that is not on the same physical drive as your database.
  • Page 380 REATING A ISASTER ECOVERY OLUTION Click Next. If the Clean Up History option was selected, the Define Cleanup History ESULT Task page opens. Otherwise the Select Plan Properties page will open. Figure D-8: Define Cleanup History Task If the Clean Up History option was selected, define the Cleanup History Task options. Ensure that Backup and restore history is selected.
  • Page 381 REATING A ISASTER ECOVERY OLUTION If desired, click Change... to open the New Job Schedule page and define the maintenance plan schedule. Figure D-9: New Job Schedule Enter a Name for the schedule. Select a Schedule type. Ensure that Enabled is selected. Define the Occurrence frequency (Daily, Weekly, or Monthly) and options.
  • Page 382 REATING A ISASTER ECOVERY OLUTION Click Next. The Complete the Wizard page opens. ESULT Click Finish to complete the wizard. FTER OMPLETING You must now establish a backup procedure which will archive all of your backup files and the contents of the Patch Management Server Storage directory on a regular basis. This can be done through the use of any file backup utility.
  • Page 383 WORKS ATCH ANAGEMENT UIDE Working With the Distribution Point The Distribution Point, based upon the Apache HTTP Server 2.2.3 open source product, provides remote package caching to a network. Through the use of the Distribution Point, agent communication can be redirected from the primary Patch Management Server to a local web-cache server.
  • Page 384 ORKING ITH THE ISTRIBUTION OINT Downloading the Distribution Point Prior to installing the Distribution Point, you must download the tool from your ZENworks Patch Management Server Agent Installers page. Log on to the target computer as the local administrator (or a member of the LOCAL_ADMINS group).
  • Page 385 ORKING ITH THE ISTRIBUTION OINT Click Install. The Agent Installers page opens. ESULT Figure E-1: Agent Installers Page From the Agent Installers window, select the Distribution Point download link. The File Download dialog box opens. ESULT In the File Download dialog box, click Save. The Save As window opens.
  • Page 386 ORKING ITH THE ISTRIBUTION OINT Installing the Distribution Point Having downloaded the installer, you can now install the Distribution Point. elect the distributionpoint.msi file to start the Distribution Point Installation Wizard. The Welcome page opens. ESULT Click Next. The License Agreement page opens. ESULT If you agree to the license terms, select the I accept the terms in the license agreement option.

  • Page 387: Configuring The Distribution Point

    ORKING ITH THE ISTRIBUTION OINT Enter the following information. Field Description Network Domain The DNS domain in which your Distribution Point is registered (MyDomain.com). Server Name The full DNS name of the server on which you are installing the Distribution Point (ServerName.MyDomain.com).
  • Page 388 ORKING ITH THE ISTRIBUTION OINT configuration file must be manually updated by referencing and copying the settings in the .default file into your .conf file. Table E-1: Configurable Distribution Point Directives Directive Name Usage Default Value ThreadsPerChild value The Maximum number of connections the Distribution Point can handle at one time.
  • Page 389 ORKING ITH THE ISTRIBUTION OINT Directive Name Usage Default Value LogLevel value The indicator that controls error Warn logging. ProxyRequests value The indicator that defines whether forward (standard) proxy requests are enabled. CacheRoot path The directory root where cache <Program Files> files are stored.
  • Page 390 NOVELL, INC® 1800 SOUTH NOVELL PLACE PROVO, UT 84606 UNITED STATES OF AMERICA PHONE: +1 800.858.4000 E-MAIL: INFO@NOVELL.COM 02_012N ZENWORKS PATCH MANAGEMENT USER GUIDE...

Table of Contents