dshofkom33 Absent Member.
Absent Member.
2314 views

ZCM and DLU question

Good Noonish,

I am testing a few more DLU settings and I could not get DLU login restrictions to work correctly at this time. Here is my goal:

I would like to setup a DLU (user associated) policy. I would like to restrict certain from logging into various workstations. (e.g Students logging into Administrator associated workstations or Technology Office workstations).

Is this possible? It currently does not seem to work.
Labels (2)
0 Likes
10 Replies
Micro Focus Expert
Micro Focus Expert

Re: ZCM and DLU question

It should.....

Add the Restricted Workstaions to the Student DLU package.
Make sure to increment the Version Number.
Make sure the WS does a refresh to see the new version number.
Make sure the student account does not already exist on the device.

On 3/1/2011 12:06 PM, dshofkom33 wrote:
>
> Good Noonish,
>
> I am testing a few more DLU settings and I could not get DLU login
> restrictions to work correctly at this time. Here is my goal:
>
> I would like to setup a DLU (user associated) policy. I would like to
> restrict certain from logging into various workstations. (e.g Students
> logging into Administrator associated workstations or Technology Office
> workstations).
>
> Is this possible? It currently does not seem to work.
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
dshofkom33 Absent Member.
Absent Member.

Re: ZCM and DLU question

craig_wilson;2080667 wrote:
It should.....

Add the Restricted Workstaions to the Student DLU package.
Make sure to increment the Version Number.
Make sure the WS does a refresh to see the new version number.
Make sure the student account does not already exist on the device.

On 3/1/2011 12:06 PM, dshofkom33 wrote:
>
> Good Noonish,
>
> I am testing a few more DLU settings and I could not get DLU login
> restrictions to work correctly at this time. Here is my goal:
>
> I would like to setup a DLU (user associated) policy. I would like to
> restrict certain from logging into various workstations. (e.g Students
> logging into Administrator associated workstations or Technology Office
> workstations).
>
> Is this possible? It currently does not seem to work.
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.



I have verified that the policy is working. It is not applying the DLU to the workstation that is excluded. I was hoping to restrict login access completely to the workstation is that still something that is taken care of in eDir?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM and DLU question

ZCM Policies cannot restrict eDirectory Logins.

However, If DLU is not working, then the eDirectory logon will not help
them since they can't into Windows.

> I have verified that the policy is working. It is not applying the DLU
> to the workstation that is excluded. I was hoping to restrict login
> access completely to the workstation is that still something that is
> taken care of in eDir?
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
dshofkom33 Absent Member.
Absent Member.

Re: ZCM and DLU question

craig_wilson;2081394 wrote:
ZCM Policies cannot restrict eDirectory Logins.

However, If DLU is not working, then the eDirectory logon will not help
them since they can't into Windows.

> I have verified that the policy is working. It is not applying the DLU
> to the workstation that is excluded. I was hoping to restrict login
> access completely to the workstation is that still something that is
> taken care of in eDir?
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.


It's gotta be something with our registry settings then. It uses the last logged in user (AutoAdminLogon). Hmm. I have to think of a good way to deploy this. Thanks for your help.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM and DLU question

Well "DLU" is not "AutoAdminLogon".

If you have ZCM, I would consider not using "AutoAdminLogon" but
configuring a DLU Policy that is configured to use a "Specific Local
Account", which would behave similar but add in security.

On 3/3/2011 9:06 AM, dshofkom33 wrote:
>
> craig_wilson;2081394 Wrote:
>> ZCM Policies cannot restrict eDirectory Logins.
>>
>> However, If DLU is not working, then the eDirectory logon will not
>> help
>> them since they can't into Windows.
>>
>>> I have verified that the policy is working. It is not applying the

>> DLU
>>> to the workstation that is excluded. I was hoping to restrict login
>>> access completely to the workstation is that still something that is
>>> taken care of in eDir?
>>>
>>>

>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Knowledge Partner
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational
>> human.

>
> It's gotta be something with our registry settings then. It uses the
> last logged in user (AutoAdminLogon). Hmm. I have to think of a good way
> to deploy this. Thanks for your help.
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
dshofkom33 Absent Member.
Absent Member.

Re: ZCM and DLU question

craig_wilson;2081825 wrote:
Well "DLU" is not "AutoAdminLogon".

If you have ZCM, I would consider not using "AutoAdminLogon" but
configuring a DLU Policy that is configured to use a "Specific Local
Account", which would behave similar but add in security.

On 3/3/2011 9:06 AM, dshofkom33 wrote:
>
> craig_wilson;2081394 Wrote:
>> ZCM Policies cannot restrict eDirectory Logins.
>>
>> However, If DLU is not working, then the eDirectory logon will not
>> help
>> them since they can't into Windows.
>>
>>> I have verified that the policy is working. It is not applying the

>> DLU
>>> to the workstation that is excluded. I was hoping to restrict login
>>> access completely to the workstation is that still something that is
>>> taken care of in eDir?
>>>
>>>

>>
>>
>> --
>> Craig Wilson - MCNE, MCSE, CCNA
>> Novell Knowledge Partner
>>
>> Novell does not officially monitor these forums.
>>
>> Suggestions/Opinions/Statements made by me are solely my own.
>> These thoughts may not be shared by either Novell or any rational
>> human.

>
> It's gotta be something with our registry settings then. It uses the
> last logged in user (AutoAdminLogon). Hmm. I have to think of a good way
> to deploy this. Thanks for your help.
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.


I guess I don't understand why you would use a specific local user but you are using DLU?? What is the benefit in that configuration?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: ZCM and DLU question

Some places prefer all users to share a common profile.
This is common on shared devices, perhaps a nurses station.

Each user will use their own credentials to logon to the PC, but the
Windows Profile will be shared.


>
> I guess I don't understand why you would use a specific local user but
> you are using DLU?? What is the benefit in that configuration?
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
dshofkom33 Absent Member.
Absent Member.

Re: ZCM and DLU question

craig_wilson;2082488 wrote:
Some places prefer all users to share a common profile.
This is common on shared devices, perhaps a nurses station.

Each user will use their own credentials to logon to the PC, but the
Windows Profile will be shared.


>
> I guess I don't understand why you would use a specific local user but
> you are using DLU?? What is the benefit in that configuration?
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.


Oh OK. this makes sense. i just thaught one of the primary functions of DLU was to create user profiles but it can be used to disable the use of AutoAdmin reg hacks, etc.

Thanks for your insight and information on this.
0 Likes
dshofkom33 Absent Member.
Absent Member.

Re: ZCM and DLU question

dshofkom33;2083512 wrote:
Oh OK. this makes sense. i just thaught one of the primary functions of DLU was to create user profiles but it can be used to disable the use of AutoAdmin reg hacks, etc.

Thanks for your insight and information on this.


Ok. Ran into another snag. Thank god I am just testing this. Here is my scenario.

Say I have a Student with a Student DLU (user level). I chose to exclude a certain workstation(s) as a test.
The workstation has it's own DLU which is set to use a predefined local user. When you use an existing user it makes it Volitile and does not manage the existing account (even though it should). The problem is that a user without an assocaited user level DLU can sign into the workstation but the Student with the user level DLU gets prompted for the local users password that was just deleted (volitile).

How do I get around this issue. We need to test this scenario until Faronics has Data Igloo resolved. Any thaughts?
0 Likes
floort Absent Member.
Absent Member.

Re: ZCM and DLU question

Craig is the king in DLU, he has been studying Master of DLU for a long time 😉 hehehe
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.