Using Novell's ZEN Works to Deploy McAfee Updates

Ken Sallot Department of Astronomy ken@astro.ufl.edu Using Novell's ZEN Works to Deploy McAfee Updates

What you be talking about Willis? • What Novells ZEN Works is • What McAfee SuperDat's are • How ZEN Works can be used to apply SuperDat updates • I've used these techniques in the College of Liberal Arts and Sciences to manage 1500 workstations, and in the College of Design, Construction, and Planning to manage 200 workstations

Novell ZEN Works • Allows you to deploy applications and policies to large groups of workstations from a single workstation • Provides the ability to schedule tasks to be run as either an event, or a timed job • Allows you to run the events as a system level user on Windows NT/2000/XP platforms, giving administrators the ability to apply service packs without giving users administrative priviledges

Novell ZEN Works • ZEN Works allows you to centrally manage and distribute applications • It provides software license metering and tracking • It allows you to deploy printer drivers and objects through policies • Bottom line is, if you use NetWare or NDS, you should be using ZEN Works (and it's on the contract too!)

McAfee SuperDat • McAfee SuperDats provide new virus definition files • They provide engine updates • They are released weekly, as well as under special circumstances when a new virus is in the wild • They can be downloaded from: http://www.nai.com/naicommon/download/dats/superdat.asp

McAfee SuperDat • They can be applied to Windows 95/98/ME machines easily • In order to apply them to Windows NT/2000/XP machines the user must have Administrator priviledges (can it work with poweruser? I don't know, I never gave my users poweruser)

Making ZEN do the Work • The first step would be to ensure that ZEN works is installed and configured correctly and that all of your workstations have the appropriate client software installed: http://www.novell.com/products/zenworks • Place the SuperDat in a directory on a server volume, and grant read and file-scan rights for the directory to the container your workstation objects reside in

Making ZEN do the Work • Within ZEN Works create a new Workstation Policy • Tab to the “WinNT-2000 Policies” page from within the default Policy page • Click Add to add a new policy. Name your policy the same name as your superdat file (ex. Sdat4160) • The new policy should show up in the WinNT-2000 Workstation Policies window

Making ZEN do the Work • Highlight the new policy and select Properties • From the properties page, select the option to add actions for the policy • The screen should look like this:

Making ZEN do the Work • In the field Name specify the UNC path to the Superdat (ex. \\servername\volume\path\sdat) • In the field Working Directory specify C:\ • In the field Parameters specify /silent /f – these options make the SuperDat upgrade run quietly in the background, and force the update to run • In the field Priority select Above Normal • Check Terminate and set it to quit after 15 minutes

Making ZEN do the Work • Next click on the Policy Schedule Tab • Change the setting in Policy Schedule Type to Daily • Enable the policy to run at least from Monday-Friday and from 6:00 to 23:00 at the minimums • Select the Advanced Settings button • Choose the Completion tab. Check the box labeled Disable the Action After Completion

Making ZEN do the Work • Next click on the Fault tab. Set the behavior to Ignore the error and reschedule normally • Next click on the Impersonation tab. Set the policy to run as System • In the Priority tab set it to run Above Normal • Set the Time Limit to Terminate After 15 minutes • Select [ OK ]

Making ZEN do the Work • Go to the NDS Rights Tab and add the container that your workstation objects are in • Click the Apply button and the Policy Action is complete • Finally, from the main Policy page associate the policy with the workstations you wish to have managed

Pros to this approach • You can control which SuperDats your workstations get upgraded with • You can schedule the time the update runs to minimize the impact on your users, workstations, and network • You can ensure consistency in your workstations with their virus definition files

Cons to this approach • It's time consuming & tedius, for each new SuperDat you must create a new Workstation Policy Action • If you're not using ZEN Works for management (non-novell shop?), then this approach is not for you • There is no reporting on whether or not the update policy ran correctly or not for your workstations

Is there a better way? • The McAfee Auto-Update utility allows your workstations to automatically grab new virus definition files from NAI • I'm not sure if AU does engine upgrades or not, if it does then it may be a better solution – I've not used it yet, but am going to be looking at it for Astronomy

Conclusion • For NetWare shops, ZEN Works is cool • SuperDats are a wonderful way to keep your virus definition files and agent engines up to date • ZEN Works can be used to provide superdat updates seamlessly to your end users without their intervention

Using Novell's ZEN Works to Deploy McAfee Updates

Using Novell's ZEN Works to Deploy McAfee Updates

Presentation Transcript

Deploy Scheduler

Install and Deploy EJB using WebLogic

Using MATLAB to Develop and Deploy Financial Models

Deploy Phase

Deploy

Linux Deploy

PREPARING TO DEPLOY WINDOWS 7

Using BITS for updates

Zen

Deploy

Deploy Microsite to Production

ZEN

How to Submit Academic Updates in MAP-Works

Zen

How to Achieve Your Zen Using Buddha Beads Bracelet?

How to Remove Trojans Using McAfee Antivirus?

Novell ZEN works 10 Configuration Management Advanced Administration

SIP - Ready to Deploy

WAAR TE ZOEKEN NAAR UPDATES BIJ MCAFEE

Hoe Te Controleren Op Mcafee Updates?

Learn How to Activate McAfee using McAfee activation key

Easy steps to activate McAfee using McAfee activation key