?
Solved

Novell zenworks windows XP, AD login order and auto login problem

Posted on 2009-02-20
6
Medium Priority
?
2,193 Views
Last Modified: 2012-06-21
We're in the process og removing novell login from our computers and going over to a windows only network. Since we're satisfied with use zenworks actively for remote control and application control, we want to continue using it. We now want Zenworks to login automatically, whilst the users login to AD.

We removed Novell and set Zenworks to login automatically with some registry alterations, the problem is that with roaming profiles the user is logged into windows automatically too. This is because the Zenworks login happens before windows login. Uninstalling zenworks logging in and reinstalling helps, but it sometimes has to be done more than once.

Anyone got a smart way of changing the order of Zenworks and Windows login order, so we don't need to uninstall x number of times on all our PC's.
0
Comment
Question by:Hanntho
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:ShineOn
ID: 23698173
It would be immensely helpful if you would let us know what version of ZENworks you have.
0
 
LVL 1

Author Comment

by:Hanntho
ID: 23699689
The zenworks version is 6.5, so is the Novell version we're uninstalling. XP with sp3
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 23703396
The ZEN workstation agent by design will load pre-desktop, which is where the workstation-associated policies and application pre-distribution takes place.

First off, a bit of unsolicited advice that may or may not be relevant to your problem:  If you are using AD group policy you must disable the group policy support of the ZEN agent.  See this TID for how to disable ZEN group policy support:

http://support.novell.com/docs/Tids/Solutions/10099524.html

As to your issue:

You may already have read the docs and verified your new setup follows the guidelines, but here's a link to the Zen 6.5 documentation section on running ZEN in a Windows/AD environment:

http://www.novell.com/documentation/zenworks65/index.html?page=/documentation/zenworks65/dminstall/data/aliq069.html

Since you're going from a mixed NetWare/Windows environment to a Windows environment, there may be leftovers from the mixed-platform setup giving you grief.  If any of the components in your setup aren't configured per the documentation, check to verify it doesn't adversely affect operations - like giving you frustrations with double logins.  

Since ZEN 6.5 requires eDirectory, you do need to consider using DirXML to sync AD and eDirectory.  If they're not synchronized, that may be a reason for your extraneous login activity problem.  Ideally, it will be transparent (single sign-on, so to speak.)  Even though the agent will want to authenticate to eDirectory pre-login, it should only be authenticating as the workstation, in the background, and not asking for a user login/password before the NWGINA login.

In theory.

However, in reading your original question again, I notice that you are doing some form of auto login, and are using roaming profiles, which are also automatically logging in - which is a head-scratcher for me.  How do you use a roaming profile and auto-login if, by definition, roaming profiles get loaded when you log in, and why?  And, why auto-login the ZEN agent if the user is logging in?  The ZEN agent should take the user you use to log in to Windows, unless I'm mistaken.

Another question arises from that - are the roaming profiles ZEN profiles or AD profiles?  If they're ZEN profiles and you are also using AD GPO, be sure to read the first TID I posted.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Hanntho
ID: 23721128
Looks like I overcomplicated the question... We've pretty much got the profile stuff sorted, and over to only AD, but we need Zenworks to login automatically so we can control machines without users having to be present.

When we put the userinfo in Novell\Login\... in the registry, with Zenworks login first, it passes the login details to Win/AD and the user isn't prompted to authenticate.

I've tried altering GinaDLL value in winlogon to msgina.dll, which gives the Windows login, but then Zenworks doesn't login automatically at all, and eventually prompts for login from the desktop.

 Uninstall and reinstall somehow rectifies this (eventually), but I can't see how. I can't reinstall Zenworks x number of times on all our PC's, it'll take forever with remote control and rebooting etc.
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 2000 total points
ID: 23730250
I don't get why you need to log in ZEN to remote control machines.  I thought that was a service that ran pre-desktop, and you could even boot 'em up with WOL and remote into 'em and be staring at the MSGINA or the Windows Ctrl-Alt-Del screen.

Can you expand on your explanation to help get my aging synapses flowing?

Maybe ZENandEmailguy will chime in, or alextoft, or someone else that isn't brain-addled by multiple simultaneous software implementations as I am (in real life I'm a bit whelmed at work right now...)
0
 
LVL 1

Author Comment

by:Hanntho
ID: 23774387
Hi again, Get the overwhelmed at work bit. Thanks for your help, you got me thinking around the problem in a sensible way. Found out that our users don't really need their zen login info so we change the zen passwords and the auto-login gives the right username, but without logging in to Win/AD.

It appears that there needs to be a login for zenworks to re-import the maskin again after removal of the Novell client and we need it to give the users the right applications/shortcuts for their locations.

For some reason, we didn't need to specify the middle tier referanse before, but were required to after uninstalling Novell, again a registry entry to Zenworks\MiddleTierAddress and MiddleTierPort saved us re-installing.

Thanks again, you deserve the points for helping others when you yourself are snowed under!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question