Environment
Novell Client for Windows 2000/XP/2003 4.91 Support Pack 5
Resolution
Install the post-Novell Client for Windows XP/2003 4.91 SP5 patch including a LOGINW32.DLL dated 28Jan2009 or later. Then,
enable the functionality by adding the following registry entry:
[HKEY_LOCAL_MACHINE\Software\Novell\Login]
"ForceWindowsAccountUnlockAudit"=dword:00000001
After making these changes, screen unlock events using eDirectory can be viewed using the existing Windows account-based
audit logging tool.
Additional Information
Novell has added an option to the Novell Client for Windows XP/2003 which allows a Windows account audit entry to occur during
an otherwise eDirectory-based workstation unlock" event. In other words, in addition to the eDirectory account password verification
that will occur during the unlock, the Novell Client will also arbitrarily perform a Windows account-based unlock attempt too, purely
for the purpose of potentially triggering a logon/unlock audit event for the Windows account during the otherwise eDirectory-only
workstation unlock event. Because this is non-benign and potentially non-desired behavior, this feature is disabled by default.
Enabling this functionality can be accomplished by using ZENworks or any other registry policy management tool to enable
this registry setting on the machine(s) where this behavior is desired.