Using ZDM based on Workstation object only

  • Document ID:3604396
  • Creation Date:13-Sep-2006
  • Modified Date:18-Jun-2012
    • Micro Focus Products:
      ZENworks Desktop Management

Environment

Novell ZENworks 6.5 Desktop Management - ZfD6.5
Novell ZENworks 7 Desktop Management - ZfD7
Novell ZENworks Management Agent
Novell Application Launcher (NAL)
Novell ZENworks Desktop Management

Situation

ZENworks Desktop Management gives the administrator the ability to control devices in the environment based on two different types of network identities - the user and workstation. However, in some environments, it may be desired to only manage these devices based on workstation - with no user identity based administration. For example, a Windows only shop may not wish to use Identity management software to sync their user IDs between Active Directory and eDirectory in order to use ZENworks.
Using ZDM based on Workstation object only

Resolution

To use ZfD in an agent-only environment based solely on the workstation object, the only functionality that needs to be turned off is the ZENworks prompt for user credentials that happens after supplying credentials to the Microsoft gina. This can be disabled by modifying the registry as follows:

HKLM\Software\Novell\LgnXtier

add a DWORD: DisablePassiveModeLoginPrompt

set the value to 1 to turn off the ZENworks login prompt

When this value is set, the agent only workstation (configured in Passive mode) will not attempt to login to eDir using the credentials supplied to the Microsoft gina.

Additional Information

When a login to eDirectory as a user does not occur - either because it is suppressed or because it fails - the HKCU\Software\NetWare\NAL\1.0\LocalLoginOnly value is set to 1. When this value is set to 1, NAL will not prompt the user for credentials upon launching.
If ZENworks is being utilized based on workstation object only, functionality requiring a user identity will be lost, such as:

Ability to initiate Remote Management sessions from a user object

Ability to allow different Remote Management policies for different users of the same workstation

Ability for AWI to create workstation objects based on user name or location

Ability for AWI to import at the user login event, or after a specified number of logins

Ability to control Terminal Server sessions with Terminal Server policies

Ability to have different Group Policy settings for different users of the same workstation

Ability to create and manage a Dynamic Local User

Ability to create and manage a Roaming Profile

Ability to deliver different iPrint printers for different users of the same workstation

Formerly known as TID# 10094960