Zen 6.5 & Group Policy for Novell SendMsg

Greetings:

Question:  We are in a K-12 school system and have to restrict the use of SendMessage nwsndmsg.exe from running on the student stations.  We have decided after much reading that the best way to acomplish this is by using Zen and pushing a group policy using the workstation object...  We found the artical at http://www.novell.com/coolsolutions/feature/3118.html that had a bit at the bottom of thr page about using the group policy to restrict this use.  I have been unable to find WHERE this is located.  I have looked up and down in gpedit.msc for a Novell listing will no luck.  I have also used consoleone to see if it was listed under the workstation policy package as well.  No luck...

I need to know where I need to set the restricting of sendmsg in the form of a policy I can push out...

Also, the answer has to be related to a policy not any of the following...

1: Do not wish to "disable it in the client" (kids know how to turn it on)
2: Do not wish to "hide the "N" icon
3: Do not wish to change the registry by using a login script.

Any takers?!

Thanx

Az

AzurdenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

billmercerCommented:
With ZenWorks 6.5, in ConsoleOne, go to the Workstation package.
Look under Policies for NT-2000-XP, you should see NT-Client Configuration.
Enable it, and click Properties
Under the Novell Client Configuration tab, choose the Advanced Menu Settings option.
There's an entry called Enable Send Message, this should do what you want.
If you have an older Zenworks version, the names may be different.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
billmercerCommented:
Just FYI, I don't think nwsndmsg.exe itself actually provides the send message functionality. I think it's just a wrapper to call the built-in function in the client, because disabling that executable doesn't prevent the client send message function from working.
 
0
AzurdenAuthor Commented:
Bill:

When I go to the Policies for NT-2000-XP I do not see an "NT Client Config"...  Here is what is listed...

Computer Extensible Policies
Novell iPrint Policy
Remote COntrol Policy
Windows Group Policy
Workstation Inventory Policy
ZENworks Desktop Managment Agent Policy

Any ideas how to add the NT Client Config?

Thanks

Az
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

billmercerCommented:
If you click the ADD button, does it show up as an option to add that policy?

Have you got the right ConsoleOne snapins for your Zenworks version installed?

0
billmercerCommented:
Also, what Zenworks and ConsoleOne versions are you using?
0
AzurdenAuthor Commented:
1.3.6 C-One
ZFD 6.5

Not sure how to add additional snapins...  It does not show as a policy that can be added...

Az
0
ShineOnCommented:
Isn't there a special .adm file for the Novell client that someone put together themselves, available for download from coolsolutions?
0
ShineOnCommented:
Is that 1.3.6c or 1.3.6d or 1.3.6e?  
0
AzurdenAuthor Commented:
Sorry...

1.3.6d
0
billmercerCommented:
You probably need to upgrade your ConsoleOne to  1.36e. Not sure that will fix this specific issue,
but you should do it anyway, for other reasons.
You can download the latest Zenworks C1 snapins here...
http://download.novell.com/Download?buildid=Hw2EmnjzWbE~ 
0
billmercerCommented:
Whoops, I boobooed...
The link above is for the Server plugins. You want the Desktop plugins, here...
http://download.novell.com/Download?buildid=2TUe019Z3zI~

Here's the link to the latest ConsoleOne itself.
http://download.novell.com/Download?buildid=CVTLiFIagE4~ 

Upgrade ConsoleOne first, then install the snapins.
0
AzurdenAuthor Commented:
Ok, I installed the new C1 and the plugins...  Still no options for NT-Client...  Also, it does not show even to be added...

Ideas?

Az
0
billmercerCommented:
Well, ya learn something every day.
This is apparently something that was removed from later versions of ZenWorks. At one point ZenWorks required the Novell Client be installed on workstations, so there had to be a way to configure it, but with ZfD4, the client requirement was removed.
http://www.novell.com/documentation/zenworks65/index.html?page=/documentation/zenworks65/dminstall/data/br0uov3.html

It looks like the solution is to create your own extensible policy based on the custom ADM files ShineOn mentioned earlier.  

ShineOn>Isn't there a special .adm file for the Novell client that someone put together themselves

Yep, here it is.
http://www.novell.com/coolsolutions/tools/14348.html 

0
treyandersonCommented:
I believe that extensible policy functionality and .ADM files in specific have been short circuited by the almighty Microsoft with XP.  In my district we have been forced to make the change in the client itself, and then mitigate the risk of that change by preventing access to the network icons using group policy.  With the lack of .ADM template files that may be the only real solution left.  If you come up with another I would be very interested in seeing it.
0
ShineOnCommented:
I'd go the route of creating a ZEN app that pushes the registry changes - set it to always make the setting changes, and always run, running as secure system user, at login event.  Disable access to regedit via ZEN group policy.  That way, even if they figger out a way to un-tweak it without using regedit, next time they log in, it's back to blocked.  

At least, using a ZEN app, you don't have to allow the user rights/permissions to run regedt or any other registry-modifying programs from the login script.
0
ShineOnCommented:
The use of custom .adm files hasn't really been short-circuited with XP - they just made it suck for anyone that doesn't bend over and take AD where the sun don't shine.

You can still do custom .adm files, but they will make a real registry change instead of a temporary, policy-generated registry change.
0
billmercerCommented:
>I'd go the route of creating a ZEN app that pushes the registry changes - set it to always make
>the setting changes, and always run, running as secure system user, at login event.
Toward this end, here's the actual registry key that needs to be changed:
    HKLM\SOFTWARE\Novell\Network Provider\Menu Items\Enable Send Message Dialog
Change the value from yes to no.
0
Sebastien47136Commented:
Hi Az,

I'm at another K-12 school, and have been working with this. I'm interested to know if there is any particular reason that students need access to the "N" icon, which is where most of our students lauch it from. You can even create a different policy for teachers that leaves the "N" on if needed.

Through the ZENWorks Windows Group Policy you can prevent access to the command prompt, restrict their access to the C drive, and hide the notification area. (The trick is hiding the notification area which basically turns off the system tray.) gpedit.msc -> User Configuration -> Start Menu and Task Bar -> Hide Notification Tray.

For desktops that's not been a problem for us, laptops are another story as the user has no clue when their battery is about to die.

Just a thought.

P



0
ShineOnCommented:
If you're using ZEN, don't launch gpedit.msc.  Let ConsoleOne launch it for you, when you configure the GP for the policy package you're working on.  The instance of gpedit.msc ZEN launches for you will not result in you screwing up your own local group policy settings.
0
Sebastien47136Commented:
Point. I should have made that clear. Doh!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Novell Netware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.