Novell Home

Using ZENworks to migrate Email Clients

Novell Cool Solutions: Trench
By Heath Tennant

Digg This - Slashdot This

Posted: 7 Jul 2005
 

Recently I was faced with a situation where a customer was unfortunately required to replace GroupWise with Exchange. While the desktop tasks initially seem quite simple there are a few things that needed to be ironed out and thought about to ensure things happened in the correct order and with as little user interaction as possible. By utilizing the existing ZENworks infrastructure I was able to achieve this with the creation of a few simple objects, which I have defined below.

The issues I had to resolve were:

  • Removing GroupWise silently from the workstations.
  • Adding the machines to the domain (as well as getting around the fact DLU was used).
  • Having the machines login to the domain without losing profile settings.
  • Deploying Outlook.

The ZENworks applications configured to meet these requirements are as follows:

1. Configure AutoLogin to Workstation (AutoLogin to WS)

This is to configure the Workstations to automatically login as admin so that when Dynamic Local User is removed the user can still get access to the workstation.

Run Options

  • Application
  • Path to file: net.exe
  • Parameters: USER Administrator <password> (this will reset the w/s admin password following DLU login)
  • Working directory: None

Distribution options

Registry:

Add the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

"DefaultUserProfile"="Administrator"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon]

"AutoAdminLogon"="1"

"DefaultPassword"="<password>"

"DefaultUserName"="Administrator"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Location Profiles\Services\{1E6CEEA1-FB73-11CF-BD76-00001B27DA23}\Default\Tab3]

"DefaultUserName"="Administrator"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login]

"AutoAdminLogon"="0"

"AutoAdminQueryNDS"=dword:00000001

2. Remove users from DLU policy and remove Auto Login

This is so that the workstation will log onto the domain rather than the local workstation at a later stage. At this point the AutoLogin procedure takes care of logging onto the workstation as administrator, therefore keeping the users' profile information.

The AutoLogin to WS policy can also be removed at this point as all users have logged in and the relevant changes have been applied.

3. Remove GroupWise and join domain (DomainAdd)

A simple application to run a batch file that uses CleanIT (from the Novell Cool Tools page) to remove GroupWise silently from the workstation, joins the domain and then restarts the machine. This application also adds domain users to the Administrators group on the workstation to give the users full access to the workstation.

After the machine has joined the domain the computer will create a new profile for the domain on the workstation. When this happens all users will lose their individual profile settings. To get around this I have set the default user profile key in the registry to use the Administrator profile. Be warned though as the first login can take some time if users have stored a large amount of data in their profile. It is recommended to revert this key back to default user once all users have logged in.

To do this, configure the application as follows:

Force run order: 50

  • Run Options
  • Application
  • Path to file: <path to file>add.bat
  • Working directory: None
  • Check Run application once

Add.bat contains the following:

@echo off

echo Please wait while GroupWise is removed...

<path to file>cleanit.exe /sn

<path to file>netdom.exe join %COMPUTERNAME% /Domain:<domain> /UserD:<User with add computer rights (Described in appendix)> /PasswordD:<password> /OU:<Computers OU> /VERBOSE /REBoot:10

net.exe localgroup "Administrators" "<domain>\Domain Users" /ADD

Distribution options

Registry:

Add the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList]

"DefaultUserProfile"="Administrator"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon]

"AutoAdminLogon"=-

"DefaultDomainName"="<domain>"

"DefaultPassword"=-

"DefaultUserName"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Location Profiles\Services\{1E6CEEA1-FB73-11CF-BD76-00001B27DA23}\Default\Tab3]

"DefaultUserName"=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login]

"AutoAdminLogon"=-

"AutoAdminQueryNDS"=-

4. Deploy Microsoft Outlook (Microsoft Outlook 2003)

This is an application with an MSI and MST created using the Office Resource Kit.

The deployment can be configured with the Variable %USERNAME% for automatic profile creation, this is configured and kept in the MST.

Run Options:

Path to file: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

MSI: MSI Location: <path to copy of office cd>\Outls11.MSI

MST Location: <path to copy of office cd>\Outlook2003.MST

5. Remove Outlook icons

This is an application to delete all Outlook icons apart from the NAL delivered icon so that users are forced to run Outlook via the ZENworks icon to ensure the profile is configured by ZENworks and any MSI patches are applied. It needs to be assigned to all users.

Distribution options

Icons / Shortcuts:

The following icons need to be defined for deletion:

Name: Microsoft Office Outlook 2003
Location: C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office

Name: Launch Microsoft Office Outlook
Location: %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch

Name: Launch Microsoft Office Outlook
Location: C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch

Registry:

Delete the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{00020D75-0000-0000-C000-000000000046}]

Appendix:

The user containers will need rights to the folder containing the ZENworks applications.

Netdom.exe must be from the Windows 2003 resource kit and have the following properties:

Version: 5.2.3790.0
Modified: 24 March 2003
Size: 177 KB (181,248 bytes)

The user with add computer rights must be created manually and is solely for the purpose of adding workstations to the domain, therefore it should only have Domain User privileges and the 'add computers' privilege. To configure this:

  1. Open AD users and computers.
  2. Create a user to use for the domain add task and specify password.
  3. Enable Advanced Mode (View menu -> Advanced Features).
  4. Right click the computer's OU where you need to add rights, and select Properties
  5. Go to the security tab and click Advanced.
  6. Click Add and select the newly created user.
  7. Grant Create Computer Objects and Click OK to all Dialogs.

Hope this article has been useful and if you have any further questions or queries regarding this please do not hesitate to contact me.


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell