Policy Problems 101
Novell Cool Solutions: Feature
By Mark Poole
Digg This -
Posted: 5 Apr 2000
User Policies continue to befuddle lots of readers, so we turned to Mark Poole from our Board of Review to create a checklist that could be used for troubleshooting or planning. Thanks, Mark!
Most of this information is available either from the Cool Solutions website, the ZENworks for Desktops manual, or the Support Connection news groups. You are encouraged to use all three for additional information. Much thanks to everybody willing to share their knowledge to make life a little easier for the rest of us.
User policy checklist:
- Check to make sure that the workstation manager is running on the machine you wish to affect. If not, install the latest client for ZEN, including the workstation manager.
- Check to see if the policy is associated with the user in question. If it is a direct association, check the "Associated Policy Packages" tab. If it is inherited, pick the "Effective Policies" tab. Pick the operating system from the drop down list, and press the effective policies button. Check to see if the correct policy is showing up. Remember that the client will get the first policy that the search finds for each type.
- If no policy is showing up at all, check the Search Policy in the container package for the user. Make sure that it is set correctly for your tree. Please note that searching all the way to [root] may take a while if you have slow WAN links. You can also change the order that the policies are searched for between Object, Group, and Container if it was finding the wrong policy.
- Make sure that you have turned on the policy you want to use in the appropriate policy package. (If you go into the policy package, it should be checked)
- Make sure that the policy is doing what you think it is doing. You should think of a policy as a switch and not an indication of the current state. In this example, a user associated with the policy will have the Restrict Display set to on, the Restrict Network Control Panel policy to off, and the Restrict Passwords Control Panel policy set to whatever it was before the user logged in. If it was on, it will stay on. If it was off, it will stay off.
This gets a lot of people so be careful with it. If you wanted to make sure that the password control panel would show up you would need to set this to off. Many places create a policy package for administrators with all policies set to open the machine up. This way they can log into a restricted machine and still do anything that they need to. When they log out, the machine will stay unlocked until someone with a restriction policy logs in, so again, be careful. This probably trips up more people than any other part does.
If you are working with a workstation policy, all of the above applies, plus you must make sure that the workstation has been imported into the tree and knows what its respective workstation object is. You can look at the last registered time of the workstation object to see if everything is working ok.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com