Novell ZENworks Asset Management 3.3 - ZAM3.3
Novell ZENworks 7.5 Asset Management - ZAM7.5
Novell ZENworks 7 Asset Management - ZAM7
Novell ZENworks TS.Census 3.2
The symptom is that the scans are failing. When you put the Client and the Collector in diagnostic mode (See Tid 3564341), you will see that the client is exiting since it did not receive it's .wif file which the Collection server would have attempted to send to the client (workstation's last scanned output file).
The current logged in User needs WRITE rights to the Collection clients \INBOXCC portion of the directory structure - the and its subdirectories - along with the Client/Collector's portion of the registry, HKEY_LOCAL_MACHINE\SOFTWARE\Tally Systems Corp.\TSCensus\CollectionClient.
The ZAM Client's Windows service runs with the permissions of the "Local System" Windows Built-In account. The majority of the ZAM Client processes occur within "Local System" account's security. However, to collect information on the primary user, another sub-process is spawned under the currently logged-in user's credentials.
In general "Users" don't need to be given administrative or "Power User" permissions, and they will never need full write access to all of Program Files. That permission can be given for ONLY the single ZAM directory (...\InboxCC) within Program Files to which the Collector actually writes. As such, it presents a very small risk, the risk that an ordinary user could discover that they have write permissions within that directory and attempt to sabotage the Client... an event which would immediately be noticed by the Collection Server and, if not automatically repaired, certainly brought to the administration's attention.
If the ZAM agent is ran as an executable (rather than run as a service), additional rights are needed. The user must have modify rights to the files (in the server folder \...\InboxCC):