Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Anonymous_User Absent Member.
Absent Member.
2462 views

Client 32 and Windows login

Here is our scenario: Client 4.91 SP1 on all student laptops which are
XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers. For
students who violate our AUP, they are placed on Internet Restriction
using an ACL in Bordermanager. They are then allowed access to academic
sites that are provided by their teachers. They have figured out that if
they let one of their friends login to our network that is not on
Internet Restriction and they login to Wndows then they can still access
inappropriate sites such as proxy bypass sites to get around our internet
filtering, etc. My question is this: Is there anyway to have the
Windows login authenticate against the user that logged in on the network
and if they are different then deny access to Windows?

Joe Merricks
Network Admin
Hargrave Military Academy

Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Client 32 and Windows login

Joe,

> Here is our scenario: Client 4.91 SP1 on all student laptops which are
> XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers. For
> students who violate our AUP, they are placed on Internet Restriction
> using an ACL in Bordermanager. They are then allowed access to academic
> sites that are provided by their teachers. They have figured out that if
> they let one of their friends login to our network that is not on
> Internet Restriction and they login to Wndows then they can still access
> inappropriate sites such as proxy bypass sites to get around our internet
> filtering, etc. My question is this: Is there anyway to have the
> Windows login authenticate against the user that logged in on the network
> and if they are different then deny access to Windows?


You could setup the client to copy the NetWare username to the windows
username, then disable he advanced button so they can't change it -
forcing them to use the same ID for both.

To sync the names:

Software\Novell\Login\Tab Settings\NT Credentials\Sync NDS Username

Dword - 1 to enable 0 to disable

HKLM\Software\Novell\Login\Advanced

Dword - 1 to enable 0 to disable

--
Hamish Speirs
Novell Support Forums Volunteer Sysop.

http://haitch.net

(Please, no email unless requested. Unsolicited support emails will
probably be ignored)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Client 32 and Windows login

Thanks, Hamish. We use Zenworks to image our systems. I should be able to push this registry change out using Zen, correct?

>>> Hamish Speirs<hamish@haitch.net> 01/25/06 10:45 PM >>>


Joe,

> Here is our scenario: Client 4.91 SP1 on all student laptops which are
> XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers. For
> students who violate our AUP, they are placed on Internet Restriction
> using an ACL in Bordermanager. They are then allowed access to academic
> sites that are provided by their teachers. They have figured out that if
> they let one of their friends login to our network that is not on
> Internet Restriction and they login to Wndows then they can still access
> inappropriate sites such as proxy bypass sites to get around our internet
> filtering, etc. My question is this: Is there anyway to have the
> Windows login authenticate against the user that logged in on the network
> and if they are different then deny access to Windows?


You could setup the client to copy the NetWare username to the windows
username, then disable he advanced button so they can't change it -
forcing them to use the same ID for both.

To sync the names:

Software\Novell\Login\Tab Settings\NT Credentials\Sync NDS Username

Dword - 1 to enable 0 to disable

HKLM\Software\Novell\Login\Advanced

Dword - 1 to enable 0 to disable

--
Hamish Speirs
Novell Support Forums Volunteer Sysop.

http://haitch.net

(Please, no email unless requested. Unsolicited support emails will
probably be ignored)

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Client 32 and Windows login

I have found out that this is already set on our laptops. If a non-restricted student logs in at the Novell login and is not a user on the laptop, then the Windows login pops up and the restricted student can then log in to his computer and bypass our restrictions. I would like for only the user that is setup on that laptop to be able to log in to both Novell and Windows.
>>> Joe Merricks<MERRICKSJ@hargrave.edu> 01/26/06 8:39 AM >>>


Thanks, Hamish. We use Zenworks to image our systems. I should be able to push this registry change out using Zen, correct?

>>> Hamish Speirs<hamish@haitch.net> 01/25/06 10:45 PM >>>


Joe,

> Here is our scenario: Client 4.91 SP1 on all student laptops which are
> XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers. For
> students who violate our AUP, they are placed on Internet Restriction
> using an ACL in Bordermanager. They are then allowed access to academic
> sites that are provided by their teachers. They have figured out that if
> they let one of their friends login to our network that is not on
> Internet Restriction and they login to Wndows then they can still access
> inappropriate sites such as proxy bypass sites to get around our internet
> filtering, etc. My question is this: Is there anyway to have the
> Windows login authenticate against the user that logged in on the network
> and if they are different then deny access to Windows?


You could setup the client to copy the NetWare username to the windows
username, then disable he advanced button so they can't change it -
forcing them to use the same ID for both.

To sync the names:

Software\Novell\Login\Tab Settings\NT Credentials\Sync NDS Username

Dword - 1 to enable 0 to disable

HKLM\Software\Novell\Login\Advanced

Dword - 1 to enable 0 to disable

--
Hamish Speirs
Novell Support Forums Volunteer Sysop.

http://haitch.net

(Please, no email unless requested. Unsolicited support emails will
probably be ignored)

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Client 32 and Windows login

Joe,

Aside from AutoAdminLogon, I'm not aware of a way to enforce
authentication to a specific Windows account. (eg. grey out the
username field when the Windows dialog displays)

If no one comes back with a better suggestion, it sounds like a fine
enhancement request...

Novell's Online Enhancement Request
http://support.novell.com/enhancement/

Configure AutoAdminLogon for Novell Clients for Windows NT/2000/XP
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10052847.htm

How to login to NDS and Domain with a single login
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10057660.htm

Autolog
http://www.novell.com/coolsolutions/tools/1035.html

Microsoft states that leaving the password blank/empty disables
AutoAdminLogon to Windows...

How to turn on automatic logon in Windows XP
http://support.microsoft.com/kb/315231

--
Tony Pedretti
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Client 32 and Windows login

I have the impression, that your problem is not Synchronising Windows
and Novell Users, but to prevent users from authenticating to Novell
with wrong credentials (e.g. of a friend).

As you said, that you are using ZEN to manage the students laptops you
probably will have one Workstation object for each laptop - If you now
know, which student uses which laptop you should be able to restrict
everybody to his laptop for Novell login - thus preventing the use of
fake identities as credentials. Next step to look would be NMAS
(request of a token or any other stronger credential for successful
login).

Hope this helps

W. Prindl

--



merricksj@hargrave.edu wrote:

> Here is our scenario: Client 4.91 SP1 on all student laptops which
> are XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers.
> For students who violate our AUP, they are placed on Internet
> Restriction using an ACL in Bordermanager. They are then allowed
> access to academic sites that are provided by their teachers. They
> have figured out that if they let one of their friends login to our
> network that is not on Internet Restriction and they login to Wndows
> then they can still access inappropriate sites such as proxy bypass
> sites to get around our internet filtering, etc. My question is
> this: Is there anyway to have the Windows login authenticate against
> the user that logged in on the network and if they are different then
> deny access to Windows?
>
> Joe Merricks
> Network Admin
> Hargrave Military Academy

0 Likes
Anonymous_User Absent Member.
Absent Member.

Client 32 and Windows login

Put in login restrictions so students can only login to certain machines.

Tom Bannigan
Novell CNE 5 & 6
Sarcom

> Here is our scenario: Client 4.91 SP1 on all student laptops which are
> XP SP2, NW 6.5 SP4 on all servers. We have no Windows servers. For
> students who violate our AUP, they are placed on Internet Restriction
> using an ACL in Bordermanager. They are then allowed access to

academic
> sites that are provided by their teachers. They have figured out that

if
> they let one of their friends login to our network that is not on
> Internet Restriction and they login to Wndows then they can still

access
> inappropriate sites such as proxy bypass sites to get around our

internet
> filtering, etc. My question is this: Is there anyway to have the
> Windows login authenticate against the user that logged in on the

network
> and if they are different then deny access to Windows?
>
> Joe Merricks
> Network Admin
> Hargrave Military Academy
>


0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.