Controlling rogue processes is one of the many cool features of ZENworks. But to implement it you have to set keys in the registry on each of the users machines. Per the documentation, you can do this manually or with an application object that's pushed via the Application Launcher. I thought it would be easier to be able to push these settings to the workstation using a Windows Group Policy setup in the ZENworks User Package. Using the ZfDRogue.adm administrative template file allows you to setup such a policy that some of you may find to be an easier way of administering rogue processes.
The screen shots are of the policy in action:
These are things to know before you use this administrative template. Please read in its entirety.
Description of settings:
When you load the ZfDRogue.adm, you may not see its contents. If this happens, click the View|Filtering menu and uncheck the "Only show policy settings that can be fully managed."
Configure Rogue Process Management:
When enabled, Application Launcher terminates all rogue processes. Disable to have Application Launcher ignore all rogue processes.
Configure Exception List:
The 'Configure Rogue Process Management' setting determines what happens to the processes you add to the exceptions list. If 'Configure Rogue Process Management' is disabled (ignore processes), then any processes you add to the exceptions list are terminated rather than ignored. If 'Configure Rogue Process Management' is enabled (terminate processes), then any processes you add to the exceptions list are ignored rather than terminated.
Enter the name of the process in the 'Enter the name of the item to be added' field and leave the remaining field blank.
When 'Report Ignored Processes' is enabled, Application Launcher reports on all ignored processes. Uncheck to disable reporting of ignored processes.
When 'Database Reporting is enabled, Application Launcher writes to the database determined by the Service Location Policy package associated with the user.
When 'SNMP Reporting' is enabled, Application Launcher sends to the SNMP trap targets determined by the Service Location Policy package associated with the user.
When 'XML Reporting' is enabled, Application Launcher sends to the XML targets determined by the Service Location Policy package associated with the user.
Specify the full path and filename, in the 'File Reporting' field, to enable logging to a file. This can be a mapped drive or a UNC path to a local or network drive. For example, \\server1\vol1\process\rogue.txt. If you do not enter a value, log file reporting is disabled.