When it comes to endpoint management, OpenText ZENworks can do just about anything a business needs. From managing Windows, Mac, Linux, and mobile devices to securing devices against vulnerabilities, ZENworks provides organizations a way to manage their endpoints effectively and securely, whether they be corporate-owned or personal devices.
We are pleased to announce ZENworks 24.4 (November 2024), which introduces the following:
- Zero-touch enrollment of Android device to help ease deployment and management
- Continued detection, tracking, and installation of superseded patches
- Enhanced disk encryption details for devices encrypted with ZENworks Full Disk Encryption
- A new PostgreSQL 16.x version for the embedded PostgreSQL database, and a migration utility to update from the current version to the new version
- Management of Windows 11 24H2 devices, SLES 15 SP6 devices, RHEL 8.10 and 9.4 devices, OpenSUSE Leap 15.6 devices, and OES 24.3 devices for added platform support
- Extensive hardening of the release via defect fixes and technical upkeep to ensure a quality Long-Term Service (LTS) release that is supported for 3 years
Below are brief introductions to some of these exciting new features. For more information, see What’s New in ZENworks 24.4.
Zero-Touch Enrollment for Android Devices
In ZENworks 24.2, we introduce zero-touch enrollment for Samsung Knox Android devices. With ZENworks 24.4, we have added zero-touch enrollment for all Android devices.
With zero-touch enrollment, an organization can ship unenrolled devices directly to it users who can then simply turn on the device and follow the normal setup workflow.
The device is automatically enrolled to ZENworks as a fully managed device (Android Enterprise Work Managed) based on the enrollment profile provided by the organization in the Google Zero Touch Portal.
Once enrolled, the device shows as Corporate owned and can be provisioned policies required to secure the device and applications the user needs to do their job.
Detection, Tracking, and Installation of Superseded Patches
By default, a software patch that is superseded (i.e. replaced) by a newer patch is disabled in ZENworks. Disabled patches are not viewable by default in ZENworks Control Center, do not display Patched/Not Patched counts, and can’t be deployed to devices.
ZENworks 24.4 provides the ability to automatically keep all superseded patches enabled (or manually re-enable specific patches) to continue to detect, track, and install those patches. In general, we do not recommend that superseded patches remain enabled; best practice is to always install the newest patch, not an older patch. However, some use cases might require this capability, such as:
- A patch maintenance window that is longer than the lifespan of a patch
- A device that requires a specific patch version but the patch was not applied before it was superseded
You configure the automatic disabling of superseded patches in ZCC > Configuration > Management Zone Settings > Security > CVE and Patch Cleanup. The maximum number of days is 180 and the setting only affects patches that are superseded after the setting is enabled.
If longer than 180 days is required (strongly not recommended!), you can use this system variable:
PATCH_DELAY_SUPERSEDED_DISABLE
Keep in mind that if there are two versions of a patch in a Patch policy, such as a superseded version and the current version, the policy only applies the most recent version. If you have an older version of a patch that you want to apply, make sure your rules criteria are specific enough to include that version and exclude any newer versions.
Embedded PostgreSQL Database Upgrade
ZENworks currently uses PostgreSQL 12.x for its embedded database. ZENworks 24.4 requires PostgresSQL 16.x. The ZENworks 24.4 release includes a PostgreSQL Migration utility that upgrades your embedded PostgreSQL 12.x database to PostgreSQL 16.4. This is a standalone utility that you must run on your ZENworks 23.4 or 24.2 database before you upgrade to ZENworks 24.4.
Enhanced Disk Encryption Details
ZENworks 24.4 enhances Full Disk Encryption device information by adding policy details and encrypted drive details to the device’s Encryption page. For a device, you can now see:
- Which drives are encrypted, and when they were encrypted
- The policy used to encrypt the devices
- The encryption algorithm and key length
- The PBA status and authentication method
How to Get the ZENworks 24.4 Release
The ZENworks 24.4 release is available for download from your Software License and Downloads (SLD) account or via System Update in ZENworks Control Center. Please note that ZENworks releases first appear in SLD and then are available via System Update approximately one month later. For update instructions, see the ZENworks 24.4 documentation.
Also note that updating to ZENworks 24.4 requires you to be on ZENworks 23.4 or 24.2; updating from earlier versions is not supported. In addition, ZENworks 23.4 is the last version that supports Windows Server as a Primary Server platform. Before updating to ZENworks 24.4, you must migrate your Windows Primary Servers to Linux or to the ZENworks Appliance. A tool is provided for migrating to the Appliance; you can download it from your Software License and Downloads (SLD) account. For information about using the migration tool, see Windows Server to Appliance Migration Tool.