Environment
Novell Client 2 SP3 for Windows (IR10)
Windows Server 2012 R2 (x64)
Windows Server 2012 (x64)
Windows 8.1 (x86 or x64) excluding Windows 8.1 RT
Windows 8 (x86 or x64) excluding Windows 8 RT
Windows Server 2008 R2 SP1 (x64)
Windows Server 2008 R2 (x64)
Windows 7 SP1 (x86 or x64)
Windows 7 (x86 or x64)
Situation
Some administrators want to be able to have other options for unlocking an eDirectory-authenticated workstation, than just using the eDirectory password.
Resolution
This setting, "Unlock Workstation Credentials" is available in the client properties beginning with Novell Client 2 SP3 for Windows (IR10), and later.
"Unlock Workstation Credentials" is a feature of the Novell Client which allows administrators to configure or enforce the type of authentication required during the unlock process of an already logged-on Windows session.
To enable this feature, a registry entry of type DWORD named "Simple Unlock" needs to be created at HKLM/Software/Novell/Login.
The possible values of this entry in Windows 6.x ranges from 0 to 3.
The four settings supported by "Unlock Workstation Credentials" are as follows:
0 - "eDirectory And Windows Credentials"
When "Simple Unlock" is set to 0, then:
If the network is present and the user is connected to an eDirectory server, then during unlock, a "Network Locked Tile" is displayed. If the user is unable to unlock using their eDirectory password, the error "Login failed. Error code: 0x8007E9B0" and message "The eDirectory credentials cannot be validated at this time because the network connection to the Novell network was lost. Please enter the password for the Windows account to unlock the computer now, or wait and try the network password again later." are displayed.
The user then has the option to switch to the "Local Machine Locked Tile" to unlock the Windows session.
If no network is present or user is not connected to any eDirectory server, then during unlock, the "Local Machine Locked Tile" is displayed.
1 - "eDirectory Credentials Only if Network is Present"
When "Simple Unlock" is set to 1, then:
If the network is present and the user is connected to an eDirectory server, then during unlock, a "Network Locked Tile" is displayed. If the user is unable to unlock using eDirectory password, then the same "Network Locked Tile" is displayed. Here, user has the option to switch user and try logging in with user. If no network is present or the user is not connected to any eDirectory server, then during unlock, the "Local Machine Locked Tile" is displayed.
2 - "Windows Credentials Only"
When "Simple Unlock" is set to 2, then:
If network is present and user is connected to eDirectory server, then during unlock, we present a "Local Machine Locked Tile". If user is unable to unlock using Machine password, then we present the same "Local Machine Locked Tile" or user has the option to switch user and try with some other user.
If no network is present or user is not connected to any eDirectory server, then during unlock, we present "Local Machine Locked Tile".
3 - "Enforce eDirectory Credentials"
When "Simple Unlock" is set to 3, then:
If the network is present and the user is connected to an eDirectory server, then during unlock, the "Network Locked Tile" is presented. If the user is unable to unlock using their eDirectory password, then the same "Network Locked Tile" is displayed or user has the option to switch user and try with some other user.
If no network is present or the user is not connected to any eDirectory server, then during unlock, the error "Login failed. Error code: 0x8007DFA0" and message "eDirectory credentials are required for unlocking this user session, but the eDirectory credentials could not be validated because the network connnection is not available. To continue, check the network connectivity or utilize "Switch use" to login as a different user." are displayed.
Additional Information
Note: Windows XP, this feature had values from 0 to 2, but in Windows 6.x, a new option has been added.