How to set Patch Remediation bundles to run as System user

  • 7016883
  • 07-Oct-2015
  • 27-Jul-2016

Environment

Novell ZENworks Configuration Management

Situation

In some cases Dynamic Administrative User may not be available for devices, or may cause problems due to user interaction.  

Resolution

For 11.3 and later,  a global variable was introduced to allow remediation bundles to run as System User instead of Dynamic Administrative User (DAU).   

Individual bundles can be modified to use either, but on patch re-cache, they will be changed to use that which is defined by the global variable, or default.  When the variable is not set, the default is to use Dynamic Administrative User.

Note:  New Microsoft Office patches should run well as System user, but older ones may not.  Individual Remediation bundles can be set manually to run as DAU.

To change the user to System:

  1. In ZENworks Control Center (ZCC) go to Configuration / Device Management / System Variables
  2. Create a new system variable:  PATCH_DEPLOY_USER_SYSTEM with value of true
    Note:  Currently this value is global only, and won't be honored if set on device or device folder.
  3. Setting this variable will not change the existing remediation bundles retroactively.  In order to rebuild the existing bundles, initiate Update Cache on previously cached patches.


Note:  In 11.4.2 and later the default is to run as system user for new patch bundles.  The change can be reverted by following the same steps above, using the value of false instead of true;

Note also:  If patches fail to apply for some reason, files may be left in %temp% folder.  When run as DAU the temporary profile is cleaned up so this folder will not exist after the DAU is complete.  However when running as system user, the system %temp% folder (\windows\temp) persists so files may be left there.  To fix that, troubleshoot why the patches are failing or revert to DAU if the possiblity of failed patches leaving files in system %temp% is unacceptable.