icon-unified.svg
Experience Center

Interacting with Zscaler Client Connector Remotely

This feature is available only for Zscaler Client Connector version 4.4 and later for Windows.

You can use a CLI to interact with Zscaler Client Connector remotely to view the status of services. You can also enable or disable the Private Applications service. This feature is useful if you must interact with services on behalf of users (for example, an outage requires you to disable Private Applications for all users).

Enabling the CLI

To enable the CLI:

  1. In the Admin Portal, go to Infrastructure > Connectors > Client.
  2. Under Platform Settings, select Windows and click Add Windows Policy.
  3. In the Command Line Interface Access section, enable the Command Line Interface.

  4. (Optional) In the Disable Services section, enable Disable ZPA Password to require a password when disabling the Private Applications service using the CLI.

    If enabled, a Generate ZPA Disable Password option appears.

    The Private Applications service is the only service that can require a password. The Internet & SaaS and Digital Experience Monitoring services cannot require a password.

    CLI Access section

Using the CLI

To use the CLI:

  1. Start a command prompt as an administrator.
  2. Use one of the following file paths, depending on your Windows system version:
    • For 64-bit: C:\Program Files\Zscaler\ZSACli\ZSACli.exe <command>
    • For 32-bit: C:\Program Files (x86)\Zscaler\ZSACli\ZSACli.exe <command>

  3. Replace <command> with one of the following commands and press Enter.

    CommandResultNotes
    enable -s zpaTurn on Private Applications.

    If you are enabling Private Applications for a partner tenant, add -u <partner username> after zpa.

    Can be run five or fewer times per minute.

    disable -s zpaTurn off Private Applications.

    If you enabled Disable ZPA Password and generated a password in app profiles, add -p <disable password> after zpa.

    Example: ZSAcli.exe disable -s zpa -p<disable password>

    Can be run three or fewer times per minute.

    status -s <service>Display the status in a JSON format of the entered service, or for all services if you enter all.

    Possible values for <service>:

    • zia
    • zpa
    • zdx
    • deception
    • zep
    • all
    helpDisplays help information about the CLI arguments.N/A

    If a message displays indicating that the CLI is disabled from the policy, enable the Command Line Interface option in the app profile.

Related Articles
About Enrolled DevicesDevice States for Enrolled DevicesViewing Device Fingerprint for an Enrolled DeviceAccessing One-Time Passwords for Enrolled DevicesRemoving a Device if the Number of Devices Limit is ReachedSoft Removing a Device from the Admin PortalForce Removing a Device from the Admin PortalAbout Machine TunnelsAbout Partner DevicesViewing Device Fingerprint Information for a Partner DeviceInteracting with Zscaler Client Connector Remotely