Novell ZENworks 10 Configuration Management
Novell ZENworks 11 Configuration Management
If a DLU Policy is assigned to a Device or User and that Device or User is listed in the Exclusion List for that Policy, the user is able to use other existing credentials such as a domain account to logon to the PC.
This is working as expected.
The role of the DLU policy is to create and manage local accounts on the PC.
Excluding a user or device from the DLU policy will prevent the creation or management of local accounts on the PC.
The exclusion from a DLU policy will not prevent the user of Domain Credentials or Local Credentials for which the user has the password.
A security GPO can be created via ZCM or the Domain to prohibit logging into a device, even if the credentials are known by specifying users or groups in the "Deny Logon Locally" policy and assigning that policy to a set of devices.
Both Local and Domain Users/Groups can be specified in this policy.