Novell zenworks windows XP, AD login order and auto login problem

We're in the process og removing novell login from our computers and going over to a windows only network. Since we're satisfied with use zenworks actively for remote control and application control, we want to continue using it. We now want Zenworks to login automatically, whilst the users login to AD.

We removed Novell and set Zenworks to login automatically with some registry alterations, the problem is that with roaming profiles the user is logged into windows automatically too. This is because the Zenworks login happens before windows login. Uninstalling zenworks logging in and reinstalling helps, but it sometimes has to be done more than once.

Anyone got a smart way of changing the order of Zenworks and Windows login order, so we don't need to uninstall x number of times on all our PC's.
LVL 1
HannthoAsked:
Who is Participating?
 
ShineOnCommented:
I don't get why you need to log in ZEN to remote control machines.  I thought that was a service that ran pre-desktop, and you could even boot 'em up with WOL and remote into 'em and be staring at the MSGINA or the Windows Ctrl-Alt-Del screen.

Can you expand on your explanation to help get my aging synapses flowing?

Maybe ZENandEmailguy will chime in, or alextoft, or someone else that isn't brain-addled by multiple simultaneous software implementations as I am (in real life I'm a bit whelmed at work right now...)
0
 
ShineOnCommented:
It would be immensely helpful if you would let us know what version of ZENworks you have.
0
 
HannthoAuthor Commented:
The zenworks version is 6.5, so is the Novell version we're uninstalling. XP with sp3
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
ShineOnCommented:
The ZEN workstation agent by design will load pre-desktop, which is where the workstation-associated policies and application pre-distribution takes place.

First off, a bit of unsolicited advice that may or may not be relevant to your problem:  If you are using AD group policy you must disable the group policy support of the ZEN agent.  See this TID for how to disable ZEN group policy support:

http://support.novell.com/docs/Tids/Solutions/10099524.html

As to your issue:

You may already have read the docs and verified your new setup follows the guidelines, but here's a link to the Zen 6.5 documentation section on running ZEN in a Windows/AD environment:

http://www.novell.com/documentation/zenworks65/index.html?page=/documentation/zenworks65/dminstall/data/aliq069.html

Since you're going from a mixed NetWare/Windows environment to a Windows environment, there may be leftovers from the mixed-platform setup giving you grief.  If any of the components in your setup aren't configured per the documentation, check to verify it doesn't adversely affect operations - like giving you frustrations with double logins.  

Since ZEN 6.5 requires eDirectory, you do need to consider using DirXML to sync AD and eDirectory.  If they're not synchronized, that may be a reason for your extraneous login activity problem.  Ideally, it will be transparent (single sign-on, so to speak.)  Even though the agent will want to authenticate to eDirectory pre-login, it should only be authenticating as the workstation, in the background, and not asking for a user login/password before the NWGINA login.

In theory.

However, in reading your original question again, I notice that you are doing some form of auto login, and are using roaming profiles, which are also automatically logging in - which is a head-scratcher for me.  How do you use a roaming profile and auto-login if, by definition, roaming profiles get loaded when you log in, and why?  And, why auto-login the ZEN agent if the user is logging in?  The ZEN agent should take the user you use to log in to Windows, unless I'm mistaken.

Another question arises from that - are the roaming profiles ZEN profiles or AD profiles?  If they're ZEN profiles and you are also using AD GPO, be sure to read the first TID I posted.
0
 
HannthoAuthor Commented:
Looks like I overcomplicated the question... We've pretty much got the profile stuff sorted, and over to only AD, but we need Zenworks to login automatically so we can control machines without users having to be present.

When we put the userinfo in Novell\Login\... in the registry, with Zenworks login first, it passes the login details to Win/AD and the user isn't prompted to authenticate.

I've tried altering GinaDLL value in winlogon to msgina.dll, which gives the Windows login, but then Zenworks doesn't login automatically at all, and eventually prompts for login from the desktop.

 Uninstall and reinstall somehow rectifies this (eventually), but I can't see how. I can't reinstall Zenworks x number of times on all our PC's, it'll take forever with remote control and rebooting etc.
0
 
HannthoAuthor Commented:
Hi again, Get the overwhelmed at work bit. Thanks for your help, you got me thinking around the problem in a sensible way. Found out that our users don't really need their zen login info so we change the zen passwords and the auto-login gives the right username, but without logging in to Win/AD.

It appears that there needs to be a login for zenworks to re-import the maskin again after removal of the Novell client and we need it to give the users the right applications/shortcuts for their locations.

For some reason, we didn't need to specify the middle tier referanse before, but were required to after uninstalling Novell, again a registry entry to Zenworks\MiddleTierAddress and MiddleTierPort saved us re-installing.

Thanks again, you deserve the points for helping others when you yourself are snowed under!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.