Unable to Access Some Domain Resources when using a DLU policy

  • 7009886
  • 12-Dec-2011
  • 27-Apr-2012


Novell ZENworks 11 Configuration Management
Novell ZENworks 10 Configuration Management


Unable to Access all Domain Resources when logging in to a device using a DLU policy.


If access to Domain Resources is required, the user should logon to the Domain instead of logging into the local device using DLU.

Additional Information

The ZCM DLU policy will create a local account on the Windows PC and log that user onto the PC as that user.
The user will not logon to the PC as the domain account, even if the user authenticated to ZCM using the Domain account, but rather as the local account.

Pass-through Authentication will pass the local Windows account and password to the remote share.
If the same user account and password exist in the remote system's SAM Database, then authentication will be granted.
In a Domain Environment, generally only the Domain SAM Database would have matching credentials and then only if it was synced with the ZCM LDAP Source.
Non-Domain controllers would look at their local SAM Database and not the Domain's SAM database and deny pass-through authentication.

Therefore, If access to all domain resources is desired, it is recommended to logon to the PC using a Domain account instead of DLU.