floort Absent Member.
Absent Member.
4646 views

DLU Login restriction Not working

Hello,

Annoying problem with dlu exclusion.

I have a dlu policy:
-Use user source credentials
- Manage existing accuont if any
- member of administrator+

Assigned to: 1 device.

Maked a login restrictions for 1 user.
Usertab > Excluded users list
added 1 user.

The useraccount that i excluded is not available on the machien anymore (removed user/profile)
The workstations is refreshed to get the right version.

But when i logged on it still has a DLU!
Some why is my exclusion not working?
Labels (2)
0 Likes
23 Replies
Knowledge Partner
Knowledge Partner

Re: DLU Login restriction Not working

floort;2082137 wrote:
Hello,

Annoying problem with dlu exclusion.

I have a dlu policy:
-Use user source credentials
- Manage existing accuont if any
- member of administrator+

Assigned to: 1 device.

Maked a login restrictions for 1 user.
Usertab > Excluded users list
added 1 user.

The useraccount that i excluded is not available on the machien anymore (removed user/profile)
The workstations is refreshed to get the right version.

But when i logged on it still has a DLU!
Some why is my exclusion not working?


Can you duplicate this on a workstation were this excluded user never have been logged in before? I wonder if some cache needs to be cleared out in this situation before that setting takes effect...

Thomas
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

I will try that.
I will create a complete new user in my edir to use.
Maybe a zac cc will help also?



thsundel;2082928 wrote:
Can you duplicate this on a workstation were this excluded user never have been logged in before? I wonder if some cache needs to be cleared out in this situation before that setting takes effect...

Thomas
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Thomas,

With a new user (never logged in) = working
Existing user (has logged in before, but user/profile is deleted) = Only working after a ZAC CC.

(Windows XPSP3)

I think that's not the way it should be work?
What do you think?

Cheers,

Tristan



floort;2082930 wrote:
I will try that.
I will create a complete new user in my edir to use.
Maybe a zac cc will help also?
0 Likes
Knowledge Partner
Knowledge Partner

Re: DLU Login restriction Not working

floort;2082951 wrote:
Thomas,

With a new user (never logged in) = working
Existing user (has logged in before, but user/profile is deleted) = Only working after a ZAC CC.

(Windows XPSP3)

I think that's not the way it should be work?
What do you think?

Cheers,

Tristan


I agree, this is not how it should work... I will ask Novell if it's a bug or wad 🙂

Thomas
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Can you ask that?, because if i need to make a service request i'm 3 weeks further before they told me it's a bug.

🙂

thsundel;2082990 wrote:
I agree, this is not how it should work... I will ask Novell if it's a bug or wad 🙂

Thomas
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: DLU Login restriction Not working

If you can verify the following facts:

#1 - The Local Account is deleted from the Local SAM
(Not the The Profiles Directory)

#2 - The User is Listed in the Exclude List

#3 - The DLU Version Number is increased and a refresh is done on the
client to see the new version number.

#4 - No Other DLU policies are in effec.
(Example - Both Device and User DLU policies are in effect.)

#5 - On Reboot, the User is Created by the DLU policy.

#6 - Deleting User from SAM, running zac cc, and refreshing again, and
rebooting will cause the user to no longer be created.


Then.......
There is a bug.

"zac cc" should not be required for any changes in the DLU policy to be
seen. If it is, then IMHO an SR should be created and a request for a
defect should be created.



On 3/7/2011 8:36 AM, floort wrote:
>
> Can you ask that?, because if i need to make a service request i'm 3
> weeks further before they told me it's a bug.
>
> 🙂
>
> thsundel;2082990 Wrote:
>> I agree, this is not how it should work... I will ask Novell if it's a
>> bug or wad 🙂
>>
>> Thomas

>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Craig, i've done this and some other tests.
I will write here which scenario is working and which not.


Scenario1:

#1 - The Local Account is deleted from the Local SAM
(Not the Profiles Directory!!!!!!)

#2 - The User is Listed in the Exclude List

#3 - The DLU Version Number is increased and a refresh is done on the
client to see the new version number.

#4 - No Other DLU policies are in effec.
(Example - Both Device and User DLU policies are in effect.)

#5 - On Reboot, the DLU Policy exclusion has effect!

Result: Working.


Scenario2:

#1 - The Local Account is deleted from the Local SAM
(Also delete the Profiles Directory!!!!!!)

#2 - The User is Listed in the Exclude List

#3 - The DLU Version Number is increased and a refresh is done on the
client to see the new version number.

#4 - No Other DLU policies are in effec.
(Example - Both Device and User DLU policies are in effect.)

#5 - On Reboot, the DLU Policy exclusion has NO effect!
- The user still logs in!
- A Profile is created
- There is no local user created

Result: Not working.

But if you have done Scenario2:
Since there will be no local user created anymore in scenario2, How can i delete the LOCAL SAM USER!
That isn't possible. And since that is not possible, an dlu exclusion for that users in not possible anymore on that machine.

What i have at that moment:
- I have a profile.
- I have no local sam user

because scenario1 is working: i have to remove the local sam user only.
- I have no local sam user.

Panic.

And in the ZCC log i see each time a user logs in:
The policy "Test DLU for device" was failed in include/exclude list calculation
Source: /Devices/Workstations/pc613
Message ID: POLICYHANDLERS.DLUPolicyHandler.NotEligible

If this is again a cosmetic error then i have a burnout from now!

So is this how it supposed to work!.

Cheers,
Tristan.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: DLU Login restriction Not working

Definitely Sounds Buggish.............
I would create an SR.......

On 3/8/2011 2:36 AM, floort wrote:
>
> Craig, i've done this and some other tests.
> I will write here which scenario is working and which not.
>
>
> Scenario1:
>
> #1 - The Local Account is deleted from the Local SAM
> (Not the Profiles Directory!!!!!!)
>
> #2 - The User is Listed in the Exclude List
>
> #3 - The DLU Version Number is increased and a refresh is done on the
> client to see the new version number.
>
> #4 - No Other DLU policies are in effec.
> (Example - Both Device and User DLU policies are in effect.)
>
> #5 - On Reboot, the DLU Policy exclusion has effect!
>
> Result: Working.
>
>
> Scenario2:
>
> #1 - The Local Account is deleted from the Local SAM
> (Also delete the Profiles Directory!!!!!!)
>
> #2 - The User is Listed in the Exclude List
>
> #3 - The DLU Version Number is increased and a refresh is done on the
> client to see the new version number.
>
> #4 - No Other DLU policies are in effec.
> (Example - Both Device and User DLU policies are in effect.)
>
> #5 - On Reboot, the DLU Policy exclusion has NO effect!
> - The user still logs in!
> - A Profile is created
> - There is no local user created
>
> Result: Not working.
>
> But if you have done Scenario2:
> Since there will be no local user created anymore in scenario2, How can
> i delete the LOCAL SAM USER!
> That isn't possible. And since that is not possible, an dlu exclusion
> for that users in not possible anymore on that machine.
>
> What i have at that moment:
> - I have a profile.
> - I have no local sam user
>
> because scenario1 is working: i have to remove the local sam user
> only.
> - I have no local sam user.
>
> Panic.
>
> And in the ZCC log i see each time a user logs in:
> The policy "Test DLU for device" was failed in include/exclude list
> calculation
> Source: /Devices/Workstations/pc613
> Message ID: POLICYHANDLERS.DLUPolicyHandler.NotEligible
>
> If this is again a cosmetic error then i have a burnout from now!
>
> So is this how it supposed to work!.
>
> Cheers,
> Tristan.
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Craig,

Created an SR, and send you an email.

Tristan.
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

The behavior of my dlu problem was as expected and as designed (no bug) , but there was nothing found in the documentation about a combination with active directory domain member devices.
There is a tid now available that will explain the behavior:
Excluding User from a DLU Policy still permits Domain Authentication

Cheers,

Tristan.
0 Likes
rinzwind Absent Member.
Absent Member.

Re: DLU Login restriction Not working

zen11
I created a DLU for a terminal server. Device associated. I exluded the entire user container (edir). However, I can still login... tried 2 accounts.
Rebooted cleared cache... No other DLU's are associated with this computer.
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Is the computer a member of a windows domain?

rinzwind;2089642 wrote:
zen11
I created a DLU for a terminal server. Device associated. I exluded the entire user container (edir). However, I can still login... tried 2 accounts.
Rebooted cleared cache... No other DLU's are associated with this computer.
0 Likes
rinzwind Absent Member.
Absent Member.

Re: DLU Login restriction Not working

No... but now it seems to be working... but I rebooted last time... and did zac cc..
Well whatever.. it works! ... for now 😉
0 Likes
floort Absent Member.
Absent Member.

Re: DLU Login restriction Not working

Oke.. hmmm 🙂

rinzwind;2089756 wrote:
No... but now it seems to be working... but I rebooted last time... and did zac cc..
Well whatever.. it works! ... for now 😉
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.