Solved

Suppress Windows XP login

Posted on 2002-06-30
9
279 Views
Last Modified: 2010-05-18
We use NetWare clients on Win XP.  Our users are forced to change their individual NetWare passwords very month. All sensitive information is held on the Novell server.  We do also use Windows networking occasionally but would prefer not to have to login to Windows.  The NetWare clients offer the option to synchronise passwords but this creates confusion, because we do not set up individual pc accounts for each user on each pc's Windows system.
I should like to abolish any login screens which refer to Windows passwords.  I don't want users to have to think about Windows passwords.  Most especially I don't want them inadvertently to set a local password on the standard account on a Windows XP machine, because this can prevent other users from using that pc.
Can someone please advise on a way of setting up XP so that we never get presented with Windows login or password questions?  (I think that using AutoAdminLogon would be inappropriate because the monthly change of NetWare password would not be recognised by Windows, and anyway we don't want any Windows passwords).
0
Comment
Question by:rashields
  • 4
  • 3
  • 2
9 Comments
 
LVL 10

Expert Comment

by:DSPoole
ID: 7120987
ZENworks for Desktop Start Kit and the new NetWare Client for Windows NT/2K/XP (v4.83) - NetWare 5.1 ships with the ZfD Starter Kit.

Create a User Policy Package - configure a Windows NT/2K Policy - Dynamic Local User...

This will automatically sync and manage NDS User accounts and passwords with Windows (workstation) user accounts and passwords - thus bypassing the Windows login.

Best of all, you decide the security rights each user has on the workstation (Admin, Power User, User, etc.)

0
 
LVL 2

Expert Comment

by:gavrc
ID: 7126560
Use AutoAdminLogon (and AutoAdminQueryNDS) but set up a single windows user (eg staff) with an arbitary password (eg staff). For XP you will also need to create ForceAutoLogon=1 in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 7128009
Don't use AutoAdminLogon for a couple of reasons:

1)  It tends to change a bit as Novell releases new clients - what you do once may not work on the next client release.

2)  Everyone will have admin rights - you might as well be running Windows 9x/ME boxes.  My method will allow you to set user rights at the desktop to prevent users from "tinkering"...

0
 
LVL 2

Accepted Solution

by:
gavrc earned 100 total points
ID: 7129365
AutoAdminLogon doesn't log in as admin. Only as the user you specify as DefaultUsername with DefaultPassword. You set the rights for that user when you create it, eg User, Power User, etc
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:rashields
ID: 7129422
Thank you both very much for the debate.  Whilst I can see the merits of Zen, we are not into that and don't really want to go there (and I'm sure that Zen also has its own upgrade trail).  I had read Novell's TID10052847 (which has one or two errors - notably a missing space between Windows and NT in the details of the ForceAutoLogon key at the top of page 2)and gavrc helped me to understand it, and gave me the confidence to write the following .reg script for execution at each XP workstation.  I publish it below because it may help others.  You must first set up the default Windows user account with password "password".

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ForceAutoLogon"="1"
"AutoAdminLogon"="1"
"DefaultPassword"="password"

[HKEY_LOCAL_MACHINE\Software\Novell\Login]
"AutoAdminLogon"="0"
"AutoAdminQueryNDS"=dword:00000001
0
 
LVL 2

Expert Comment

by:gavrc
ID: 7129739
That's the one. I don't think AutoAdminLogon is necessary in \Novell\Login, I've never used it (but that's not gospel). I suspect the fact the key doesn't exist by default implies the value 0. But no harm. It might be useful to add "DefaultUserName"="username" whatever the username you are using is. This will remove the entry for the last person who logged on.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 7133017
You don't have to upgrade the free version of ZEN...
0
 

Author Comment

by:rashields
ID: 7137348
I don't have a free version of Zen.  We are running Novell 4.11.  I don't think we were given any free ZenWorks.
0
 
LVL 10

Expert Comment

by:DSPoole
ID: 7138196
rashields - you download it from Novell - it's called the ZENworks Starter Kit.

One of the neat features of using ZENworks and Dynamic Local User (as opposed to AutoAdminLogin) is that user accounts on the Windows box are created automatically without any intervention on your side.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to import SSL certificate into iFolder server? 2 733
Site to Site File Access 9 251
novell vibe with zimbra mail server and ldap users 2 1,183
Transferring permissions 6 310
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now