Limit logins on workstation to a specific file on Netware drive

Posted on 2006-04-19
Last Modified: 2008-03-06
We have a workstation, in our lab, that we want to only allow only certain users to be able to login and then to have access to one specific folder on Netware.  I have set up a user for all of them to log into Windows with. I want to limit it so when they login to Netware, as their own user on that one machine, it only maps to one specific folder for instance  H:\DataWork\TECHS\STUDY\Soil.  It is a Windows XP machine running Novell client 4.9 sp2.  
Question by:JornadaRange
    LVL 35

    Expert Comment

    Is there a Windoze domain too, or is it a local Windoze user account?  Are they logging in to Windoze first, and NetWare as an afterthought, or NetWare first and then Windoze?  Any reason why they should use their own NetWare login for this specific-function limited-access workstation, and not a special user ID?  Is it a modern NetWare server (5.1 or 6.x or OES, with eDirectory) or an obsolete NetWare server (5.0 or prior, with NDS, or 3.2 or prior, with Bindery)?

    One thing you could do is add logic to the login script to see if they're logging into this particular workstation, and if so, to bypass all drive mappings except the one you listed.  If you really want to tighten it up, map it root so the datawork\techs\studu\soil doesn't even show.  H:\ would be all they'd see.

    Of course, you'd use a normal NetWare MAP command for the version you're running - the only place "H" would show would be to the right of the equals sign, and you'd preferably use the volume's object on the left side of the equals sign, provided it's modern NetWare.

    If you want to try the login script logic workaround, let us know - there's more than one way to skin this cat, and we'd need more info from you to be specific.  Generally, you'd use an "if .. then" type construct.

    It's so much easier if you use a generic "test user" NetWare login ID, with the profile/container/system login script bypassed and a user login script with only that single drive/path mapped.  That way, you can also limit the filesystem access rights to only that directory as well.  To enforce not logging in as themselves, you can set up the workstation to do AutoAdminLogin and bypass the GINA altogether.

    Author Comment

    There is a Windows domain, but we did not add this computer to the domain.  They will probably log into NetWare and then Windows.  The  NetWare server is 6.5 and it has eDirectory.  How do I set up what you suggested in your last paragraph, it sounds exactly what we want?
    LVL 35

    Accepted Solution


    Alternative workaround to the 2nd TID (this is a guess) is install the client without NMAS, and make sure NMAS is disabled in the client properties, Advanced Login tab.

    If you need help understanding either or both TIDs, let me know.

    Author Comment

    Got it.  Thanks for the help.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
    There are many benefits to finding online courses that align with your personal or career goals. Read more about our reasons for continuing your education in technology.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now