DLU restrictions not working properly

  • 3417663
  • 03-Apr-2008
  • 30-Apr-2012


Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Desktop Management


PROBLEM STATEMENT: In the DLU policy they enable the Login Restrictions box to
restrict DLU on certain machines, it causes the DLU not to work at all.

ZDM 7 HP 6
Client + Agent ZDM 7 SP1 IR1
NetWare 6.5 backend

STEPS TO REPRODUCE (Enough detail to create a test case):
a. Setup a DLU policy, associate a user from a user group to it.
b. Check the Enable Login Restrictions check box and not the Ristrict
Unregistered workstations check box.
c. Make the user a member of the users group.
d. Try and login to the workstation and you should only get one login and the
profile should be created.

RESULTS: DLU does not work. They login to the NWGina, and then the Microsoft
login appears.

EXPECTED RESULTS: DLU should work and they should have to login only once.


WORKAROUNDS / COMMENTS: no workarounds other than disabling Login Restrictions


It looks like we may have identified what is happening. It looks like it is a reference problem with Edir 8.7.3.x.  This is fixed with eDir 8.82.  ZDM 7 is supported on eDir 8.82 with the latest updates, so if you are able to update ZDM, then update eDir to 8.82, that should fix this issue.  You also can try to run a repair to see if that helps on 8.7.3.x code.  It has helped in some cases and not others.


Reported to Engineering

Additional Information

The way it affects the DLU user is like this..
When the DLU policy package gets created with login restrictions enabled, we add workstation object(s) in the list of included and excluded workstations. This package then gets associated to the users. At this time, afaik, e-dir should create a back-reference to the workstation object(s) and the user as well. But sometimes (I should insist the randomness here) this reference creation fails. If this reference is not created then the ZDM code cannot find the workstation in the list of included as well as excluded list of workstations or containers. This then causes the isComputerRestricted method to return true since that is the default behavior. If a workstation is not found on list of included workstations or excluded workstations then access to that workstation is restricted.