By the time you read this, ZENworks 2017 Update 2 will either be very close to shipping or have shipped, and be available. Vikram Derebail our product manager did a great job introducing you to the new Android Enterprise capabilities that are being introduced in the update, and Darrin VandenBos introduced you to the new Managed BitLocker capabilities. In this article I’m going to take you through some other important changes that are happening in ZENworks 2017 Update 2.
The other key changes happening include:
ZMG Image Creation from Windows PE
iOS Activation Lock Bypass Support
Mobile Application Inventory
ZMG Image Creation from Windows PE
As most of you are aware, I’ve been working in Product Management for quite a while now, and before that, I taught people how to use ZENworks as part of our Advanced Technical Training group. During that time one of the constant challenges we’ve had with ZENworks imaging is being able to have the Linux based imaging environment keep up with the latest hardware being released by all of the vendors. As we’ve looked at what’s happening with Windows 10 we’ve made a number of changes over the last several releases to increase your options.
First, we introduced third party imaging in ZENworks 11 that allowed you to use ZENworks to drive the creation of .WIM files with ImageX, then in ZENworks 11 SP4 we introduced MDT bundles so that ZENworks can drive the MDT deployment, but many of you have continued to use the ZENworks imaging process and format (.ZMG).
In ZENworks 2017 Update 2 we’ve actually ported almost all of the ZENworks imaging functionalities from the Linux environment over to Windows PE. The exception, being it’s command line based. We made the choice to focus on the command line, and based on our discussions with you, most of you are using ZENworks imaging in scripted ways to deploy and take images vs manually using the imaging TurboVision. We do have plans to introduce a GUI, but in the meantime you can begin to leverage the new capabilities and move your scripted imaging processes over to Windows PE.
The primary advantage of the Windows PE environment for ZENworks Imaging is that if the device is capable of running Windows 7 or Windows 10 then it’s going to be capable of running Windows PE and the drivers are going to be easily available. Additionally, we’ve added simple commands that you can run to inject drivers and additional Windows PE functionality including things like Windows Scripting, Powershell, and more.
Let’s take a quick walkthrough of what’s supported:
Taking an image, restoring an image or multicasting the image by configuring bundles in the ZENworks Control Center. When you create or modify a Preboot Bundle in ZENworks 2017 Update 2 or you choose to take an image you will notice a new field that lets you control what Preboot environment is used, as shown in figure 1.
Scripting capabilities. ZENworks 2017 Update 2 provides several commands that you are already familiar with from your Linux experience. These include: img, zisedit and zisview. The syntax of these Windows PE executables has been designed to closely mirror the syntax of their Linux counterparts. This includes the ability to do things like advanced partition management, partition remapping when restoring images, selecting partition imaging when taking or restoring images, management of image safe data, and the ability to read image safe data in your scripts.
PXE or Media Based boot. In previous versions of ZENworks you’ve been able to boot WinPE to perform scripting imaging or 3rd party imaging tasks from PXE, but many of you requested the ability to do the same from optical disk or USB. So in ZENworks 2017 Update 2 you can quickly create a WinPE ISO with all of the ZENworks capabilities baked in by running a simple command line. Additionally we provide simple command line extensions to insert drivers you may need in the WinPE environment as well as adding WinPE extensions.
The bottom line here is that with the new Windows PE capabilities you can now be assured that you will be able to create, restore and multicast ZMG images on the latest and greatest Windows hardware. There are a couple of caveats to be aware of. First, because of the differences in the way that the Linux NTFS driver reads/writes data, and the way that Windows does the Windows PE environment cannot restore your existing ZMG files.
So, as you look to move to Windows PE you’ll need to restore your older Linux created image once to a machine and then boot to Windows PE, and upload the image. For your add-on images that you’ve created with Image Explorer there is no change. Second, as you port your Linux based imaging process to Windows PE it’s likely going to take time as you have to re-engineer the process using your Windows scripting language of choice instead of Linux Bash. As such we don’t anticipate the Linux environment going away any time real soon.
You should expect that both will be around for some time, but there may be times that we’ll ask you to Windows PE due to Linux hardware limitations. In the long term we plan to have Windows PE be our solution for Windows imaging as needed. We will of course continue to invest in additional integration with Windows deployment tools such as the ADK and MDT to ensure you have the ability to integrate those with ZENworks if you prefer instead of scripting your own custom process.
iOS Activation Lock Bypass Support
The next major enhancement in ZENworks 2017 Update 2 is support for iOS Activation Lock Bypass (fig. 2). This is a critical capability for companies that are purchasing IOS devices. For those of you not familiar with iOS Activation Lock it is a theft-deterrence technology built into the latest iOS platform. Basically if the end user of the device enables the Find My Phone capabilities, then any time the device is wiped, the user’s iCloud credentials are required when you reconfigure the phone.
As an individual, this is a good thing because it means that if I lose my own device that someone else can’t pick it up and start using it because they would need my ID to do so. However, for companies where the device is owned by the company and the user may leave the company but the device stays, it is critical that they be able to re-purpose the device.
ZENworks 2017 Update 2 introduces MDM capabilities to view and backup the iOS Activation Bypass codes. This allows the company to use this code instead of the user’s credentials to re-purpose the device. This capability can be enabled or disable for the zone and all of the bypass codes for the zone can be backed up from a zman command just in case something bad happens. The normal use case looks like this:
The user leaves the company.
You use ZENworks to wipe the device.
When re-enrolling the device you are prompted for the user’s credentials.
You open the device in ZCC and click the Show link next to Activation Lock Bypass Code, as shown in figure 2.
A pop-up appears displaying the bypass code.
You enter the bypass code on the iOS device and the device continues with the setup.
This capability is a must have feature for any customer currently managing their iOS devices with ZENworks.
Mobile Application Inventory
The last major new capability I want to highlight is the new Mobile Application Inventory features. With previous releases of ZENworks 2017 we’ve been able to give you some basic hardware inventory including important things like whether the device is roaming, the device’s serial number, etc. But we have really been able to give you much in the way of software.
That all changes with ZENworks 2017 Update 2. In ZENworks 2017 Update we can now tell you what software is installed on your devices. There are a few limitations which are based on the device platforms:
On iOS, we cannot report about system applications (calculator, clock, phone) because iOS does not return those. However we can show you all of the applications that have been installed on the device as well as a lot of extra data such as whether they are managed, the version, etc.
On Android devices enrolled with a work profile we can only report about applications installed within the Work profile since the ZENworks application only has visibility to that profile.
The process of getting mobile inventory is as simple as updating the server to ZENworks 2017 Update 2, and on Android you need to update the agent. Once those updates are done then the device will automatically inventory once a day. To view the software inventory on the device, simply go to the new Apps tab on the device as shown in figure 3.
In addition you can use the built-in ZENworks Control Center reports to quickly run reports against the software installed in the organization. To report on mobile software, create a new report that uses the following focus (see figure 4).
Once you’ve selected this you will then be able to quickly build a report that has any of the information you wish, including the number of instances of that software with a drill down to where that software is installed, as show in figure 5.
With ZENworks 2017 Update 2 you now have a great way to see all of your mobile hardware and software.
ZENworks 2017 Update 2 continues to improve on our objective to be a great Unified Endpoint Management solution. In addition, to what you’ve read about in this issue, there’s a handful of other smaller capabilities and changes. I would definitely recommend checking out the What’s New guide when the product is released, and rolling out this release to your environment.
This article was first published in Open Horizons Magazine, Issue 39, 2017/4, p27-29.
Jason Blackett is the product Manager for the Novell ZENworks Suite. He has been with Novell for over 18 years and has been involved with ZENworks in one way or another since it was first introduced. His passions include cooking, his six children and ZENworks.