Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


How to Enable Auditing in Novell Environment

Posted on 2010-11-09
Medium Priority
Last Modified: 2012-05-10
I would like to enable auditing on selected XP Pro computers. Every time I reboot, it seems like Novell writes over the changes.  How can I enable the Audit Policy and have it stay OR is there another way to turn this feature on?

I wanted to do this: start>run>secpol.msc>Local Settings>Audit Policy

Then navigate to shutdown.exe>Rt Click>Properties>Security>Advanced>Auditing, and go from there....

Reboot takes forever as it resets the policies back to a "default".  I am a novice at Novell. We do not use Group Policies or Active Directory.
Question by:cssunetadmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 19

Expert Comment

ID: 34100043
If you also have Zenworks in your Novell environment it is very well possible that you do have Group policies configured.

What makes you think that Novell has something to do with the resetting of the policy?

Can you check that there isn't anything like DeepFreeze or SteadyState installed?
LVL 30

Expert Comment

ID: 34101211
What version of Netware?
LVL 18

Expert Comment

ID: 34102421
As deroode mentions about ZENworks, can you confirm that the ZENworks management agent might be installed (look in Control Panel | Add/Remove programs)?  If so its possibly a Policy Package with a Windows Group Policy is running on workstation reboot?

Novell doesn't put stuff back at default unless there is some sort of policy setup by someone via ConsoleOne and ZENworks or via Active Directory Users/Computers and Group policy editor and pushed to the workstation.

Novell auditing is more about changes to files/folders on the server or changes to eDirectory objects than it is about watching changes to workstations.

As deroode also mentions do you have DeepFreeze or some other program that caches changes while the box is running and then restores the box back to the default following reboot???

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Author Comment

ID: 34107696
Thank you for responding... please check back tomorrow when I can check the network for complete answers to your questions.

I know there is Zenworks running and there is NO deepfreeze or other similar program installed (running). Thank goodness!  We use Console One for computer management - but as I mentioned I am a novice and know enough to get my job done.

The reason why I think it is Novell reverting the back is that turning the auditing on works on machines that do not have Novell installed on them.  

So if group policies were set up (prior to me) where would I find them to change them?  It may be a "default" policy setting that we haven't figured out how to manipulate.  

Here is what I needed to do - which works in our non-Novell systems... turn auditing on (like mentioned in my question) to determine what machine name is sending a remote shutdown to another machine.  The audit log shows this information in non-Novell machines.  

I REALLY appreciate any help you can give me.  And I'll respond again tomorrow when I know the versions, etc. that you had asked for.
LVL 19

Expert Comment

ID: 34109734
On your user and workstations objects there is a Zenworks tab. Under this tab is the section "Effective Policies". Select that one, for User objects select the right OS, and click the Effective Policies button. That should show one or more Windows Group Policy objects assigned to your users or workstations.

Group policies in a ZEN environment are implemented as Local policies on the workstation, due to restrictions that are in place on the Group policy mechanism.

Select a Group policy object, click Package Properties, and check out where your group policies are stored, you can also edit them (of course)

BTW Remote shutdown is only possible if a user has administrative rights to a remote computer. If you want to prevent remote shutdown (is this a student environment?) you should do something about that. No policies or auditing will prevent an administrator of messing with a computer, deleting audit logs, changing policies etc.

Author Comment

ID: 34110999
Deroode - thanks for the response - I'm much closer, but need to go a step further.

The version of Console One is 1.3.6h. The version for our clients is 4.91 SP5.

I went to a workstation object > Zenworks Tab > Effective Policies.  Nothing appeared in the window, so I went to the Effective Policies button.  There were about 14 items on the list, two of them were for Windows Group Policy, the policy package is the same (workstation policy), but the association points to and the other to

I clicked on the Package Properties for both and they are the same. Four workstation policies are listed: Novell iPrint, Remote Control, Workstation Imaging, and Zenworks Desktop Management Agent.  The only one enabled with a check mark is Remote Control.

So where do I go from here?

Regarding your BTW comment: Unfortunately, in our school system (yes, student environment) all users are using the same local windows user with admin rights.  They authenticate to Novell with their own user ID.  So, yes, they do have rights to remote to another computer.  Because it is a student environment, we can "redirect" the behavior if we can identify which machine is initiating the shutdown - based on log in times.  The student body knows they aren't supposed to do this and to help them make the right decisions, the Run command and Command Prompt have been removed from menus.  A couple of students are testing their boundaries.
LVL 19

Expert Comment

ID: 34111192
In the Policy packages that are assigned to the workstations, can you also check under the "Policies" tab. Since the Effective policies on the workstation object indicate that Group Policies are active they should be in the policy package. Under Policies select the XP OS  or the NT-2000-XP OS. There you'll find your policies.

Also it might be possible (though unlikely) that policies are distributed with an application object. Look for any application objects that copy files to C:\windows\system32\Grouppolicy.

Author Comment

ID: 34112087
Ah ha - I am so close I can smell it (with your generous help of course!)

A Windows Group Policy is being run on system startup.

I found that the policy was created under an NT platform but is not able to be edited until migrated to the XP platform. That is why folks kept running into roadblocks when trying to edit it. Okay... I'm going to work on this a bit more, but may need your help again later today or tomorrow morning.  
LVL 19

Accepted Solution

deroode earned 2000 total points
ID: 34118524
You can of course also delete the NT policy and create a new one.  The policy package details will tell you where the policy files are stored. The policy files themselves are a group of directories (adm, user, machine) with a gpt.ini file. In the ADM directory there's .adm files, in the User and Machine directories there are Registry.pol files.

You can use notepad to get an idea of what is configured in the policy.

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Migration of Exchange mailbox can be done with the ExProfre.exe tool. But at times, when the ExProfre.exe tool migrates the Exchange Server user profile, it results in numerous synchronization problems. Synchronization error messages appear in the e…
If your system is showing symptoms of browser hijacks or 'google search redirects' check out my other article ( first and run the tool TDSSKiller ( to get rid of the infection. Once done, and if the …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question