Azurden
asked on
Zen 6.5 & Group Policy for Novell SendMsg
Greetings:
Question: We are in a K-12 school system and have to restrict the use of SendMessage nwsndmsg.exe from running on the student stations. We have decided after much reading that the best way to acomplish this is by using Zen and pushing a group policy using the workstation object... We found the artical at http://www.novell.com/coolsolutions/feature/3118.html that had a bit at the bottom of thr page about using the group policy to restrict this use. I have been unable to find WHERE this is located. I have looked up and down in gpedit.msc for a Novell listing will no luck. I have also used consoleone to see if it was listed under the workstation policy package as well. No luck...
I need to know where I need to set the restricting of sendmsg in the form of a policy I can push out...
Also, the answer has to be related to a policy not any of the following...
1: Do not wish to "disable it in the client" (kids know how to turn it on)
2: Do not wish to "hide the "N" icon
3: Do not wish to change the registry by using a login script.
Any takers?!
Thanx
Az
Question: We are in a K-12 school system and have to restrict the use of SendMessage nwsndmsg.exe from running on the student stations. We have decided after much reading that the best way to acomplish this is by using Zen and pushing a group policy using the workstation object... We found the artical at http://www.novell.com/coolsolutions/feature/3118.html that had a bit at the bottom of thr page about using the group policy to restrict this use. I have been unable to find WHERE this is located. I have looked up and down in gpedit.msc for a Novell listing will no luck. I have also used consoleone to see if it was listed under the workstation policy package as well. No luck...
I need to know where I need to set the restricting of sendmsg in the form of a policy I can push out...
Also, the answer has to be related to a policy not any of the following...
1: Do not wish to "disable it in the client" (kids know how to turn it on)
2: Do not wish to "hide the "N" icon
3: Do not wish to change the registry by using a login script.
Any takers?!
Thanx
Az
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just FYI, I don't think nwsndmsg.exe itself actually provides the send message functionality. I think it's just a wrapper to call the built-in function in the client, because disabling that executable doesn't prevent the client send message function from working.
ASKER
Bill:
When I go to the Policies for NT-2000-XP I do not see an "NT Client Config"... Here is what is listed...
Computer Extensible Policies
Novell iPrint Policy
Remote COntrol Policy
Windows Group Policy
Workstation Inventory Policy
ZENworks Desktop Managment Agent Policy
Any ideas how to add the NT Client Config?
Thanks
Az
When I go to the Policies for NT-2000-XP I do not see an "NT Client Config"... Here is what is listed...
Computer Extensible Policies
Novell iPrint Policy
Remote COntrol Policy
Windows Group Policy
Workstation Inventory Policy
ZENworks Desktop Managment Agent Policy
Any ideas how to add the NT Client Config?
Thanks
Az
If you click the ADD button, does it show up as an option to add that policy?
Have you got the right ConsoleOne snapins for your Zenworks version installed?
Have you got the right ConsoleOne snapins for your Zenworks version installed?
Also, what Zenworks and ConsoleOne versions are you using?
ASKER
1.3.6 C-One
ZFD 6.5
Not sure how to add additional snapins... It does not show as a policy that can be added...
Az
ZFD 6.5
Not sure how to add additional snapins... It does not show as a policy that can be added...
Az
Isn't there a special .adm file for the Novell client that someone put together themselves, available for download from coolsolutions?
Is that 1.3.6c or 1.3.6d or 1.3.6e?
ASKER
Sorry...
1.3.6d
1.3.6d
You probably need to upgrade your ConsoleOne to 1.36e. Not sure that will fix this specific issue,
but you should do it anyway, for other reasons.
You can download the latest Zenworks C1 snapins here...
http://download.novell.com/Download?buildid=Hw2EmnjzWbE~
but you should do it anyway, for other reasons.
You can download the latest Zenworks C1 snapins here...
http://download.novell.com/Download?buildid=Hw2EmnjzWbE~
Whoops, I boobooed...
The link above is for the Server plugins. You want the Desktop plugins, here...
http://download.novell.com/Download?buildid=2TUe019Z3zI~
Here's the link to the latest ConsoleOne itself.
http://download.novell.com/Download?buildid=CVTLiFIagE4~
Upgrade ConsoleOne first, then install the snapins.
The link above is for the Server plugins. You want the Desktop plugins, here...
http://download.novell.com/Download?buildid=2TUe019Z3zI~
Here's the link to the latest ConsoleOne itself.
http://download.novell.com/Download?buildid=CVTLiFIagE4~
Upgrade ConsoleOne first, then install the snapins.
ASKER
Ok, I installed the new C1 and the plugins... Still no options for NT-Client... Also, it does not show even to be added...
Ideas?
Az
Ideas?
Az
Well, ya learn something every day.
This is apparently something that was removed from later versions of ZenWorks. At one point ZenWorks required the Novell Client be installed on workstations, so there had to be a way to configure it, but with ZfD4, the client requirement was removed.
http://www.novell.com/documentation/zenworks65/index.html?page=/documentation/zenworks65/dminstall/data/br0uov3.html
It looks like the solution is to create your own extensible policy based on the custom ADM files ShineOn mentioned earlier.
ShineOn>Isn't there a special .adm file for the Novell client that someone put together themselves
Yep, here it is.
http://www.novell.com/coolsolutions/tools/14348.html
This is apparently something that was removed from later versions of ZenWorks. At one point ZenWorks required the Novell Client be installed on workstations, so there had to be a way to configure it, but with ZfD4, the client requirement was removed.
http://www.novell.com/documentation/zenworks65/index.html?page=/documentation/zenworks65/dminstall/data/br0uov3.html
It looks like the solution is to create your own extensible policy based on the custom ADM files ShineOn mentioned earlier.
ShineOn>Isn't there a special .adm file for the Novell client that someone put together themselves
Yep, here it is.
http://www.novell.com/coolsolutions/tools/14348.html
I believe that extensible policy functionality and .ADM files in specific have been short circuited by the almighty Microsoft with XP. In my district we have been forced to make the change in the client itself, and then mitigate the risk of that change by preventing access to the network icons using group policy. With the lack of .ADM template files that may be the only real solution left. If you come up with another I would be very interested in seeing it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The use of custom .adm files hasn't really been short-circuited with XP - they just made it suck for anyone that doesn't bend over and take AD where the sun don't shine.
You can still do custom .adm files, but they will make a real registry change instead of a temporary, policy-generated registry change.
You can still do custom .adm files, but they will make a real registry change instead of a temporary, policy-generated registry change.
>I'd go the route of creating a ZEN app that pushes the registry changes - set it to always make
>the setting changes, and always run, running as secure system user, at login event.
Toward this end, here's the actual registry key that needs to be changed:
HKLM\SOFTWARE\Novell\Netwo
Change the value from yes to no.
>the setting changes, and always run, running as secure system user, at login event.
Toward this end, here's the actual registry key that needs to be changed:
HKLM\SOFTWARE\Novell\Netwo
Change the value from yes to no.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you're using ZEN, don't launch gpedit.msc. Let ConsoleOne launch it for you, when you configure the GP for the policy package you're working on. The instance of gpedit.msc ZEN launches for you will not result in you screwing up your own local group policy settings.
Point. I should have made that clear. Doh!