Novell is now a part of Micro Focus

Keep NAL in Disconnected Mode

Novell Cool Solutions: Trench
By Scott Morris

Digg This - Slashdot This

Posted: 30 Apr 2002

Current Version: ZENworks for Desktops 3.2

The following is a solution that I have come up with to keep NAL from automatically going into connected mode when a user authenticates to NDS through a VPN over a 56K dial-up link.

By design, NAL will automatically switch from disconnected mode to connected mode if a user authenticates to NDS remotely. If this remote connection is over a dial-up connection, things can be painfully slow if NAL switches to connected mode. We'd prefer that when a user checks the "Workstation Only" checkbox when logging into the laptop, NAL would stay in disconnected mode even if the client makes a connection to NDS later on in that session. However, we would like the ability to switch to connected mode as well. We just don't want it to switch modes automatically.

So to combat this problem, I have come up with a way of keeping NAL in disconnected mode even if the user later connects to NDS through our VPN. The following is a list of the needed tools/modifications that need to be made.

Tools needed:

  • A "Configure Workstation" NAL object that is set as "Force Run", "Force Cache", "Distribute Always", and "Disconnectable"
  • A "Switch to Connected Mode" NAL object that is set as "Force Cache", "Disconnectable", "Distribute Always" and appears in the user's Start menu.
  • Two lines added to the user's login script.
  • ConsoleOne\1.2\lib\zen\AUTORUN.EXE placed in the system32 dir.
  • Regini.exe from the Win 2000 Resource Kit placed in the system32 dir.
  • The following NAL patch to fix lauch and distribution scripts in 3.2

When a user logs into the workstation locally, NAL sets the following value:
HKLM\Software\Netware\NAL\1.0\[Connected] = FALSE.

This instructs NAL to run in disconnected mode. If the user fires up his/her VPN and attaches to a NetWare server, NAL then sets the above registry value to TRUE and enters connected mode. If we can stop NAL from changing the registry value to "TRUE", we can, in effect, stop NAL from going into connected mode. So to do that, I have done the following.

In the post launch script of the "Configure Workstation" object put the following:

   IF "%99"="FALSE" THEN
     #Regini.exe D:\Winnt\System32\NALOff.ini

The result is that if the user logged in locally, there will be an environment variable of "DISCONNECTED" equal to "1" and Regini.exe will set the registry permissions on HKLM\Software\Netware\NAL\1.0 as "Read Only".

NALOff.ini should contain the following lines:

             1.0 [8 19]

Now when NAL detects that the user has authenticated to NDS, it will attempt to switch the "Connected" registry value to ?"RUE". However, since we have restricted the key to "Read Only", NAL cannot change the key and therefore remains in disconnected mode.

As far as the login script is concerned, it must contain the following lines:

    #Regini.exe D:\Winnt\System32\NALConct.ini

If the "DISCONNECTED" does not equal 1, then we know that the user is logging to the network from the Ctrl-Alt-Del login screen and therefore must be directly attached to the LAN. So, we now want NAL to run in connected mode. However, the registry key is still set as read only, so we then have to run regini.exe to give the rights back.

NALConct.ini should contain the following lines:

        1.0 [1 5 7 17]
          Connected = REG_SZ TRUE

Last but not least, is the ability to switch to connected mode manually if desired. To do this, I have placed the following lines in the "Post Distribution Script" of the "Switch to Connected Mode" object:

#Regini.exe D:\Winnt\System32\NALConct.ini

The first line will set the registry permissions back to full control and set the value to "TRUE". The second line will cause NAL to automatically do a refresh. Since the value is "TRUE", NAL will refresh in connected mode.

Final note:

The environment variable "DISCONNECTED" is still set at this point, so it could be used if you do not want large updates forced on remote users who manually switch to connected mode. Simply put a system requirement on the update that "DISCONNECTABLE" does not exist.

The environment that I have this running in is:

  • Windows 2000 workstations
  • NetWare 6 server
  • NDS 8.6 patched to 8.7
  • ZfD 3.2 with the latest patches

Scott Morris is a Technical Analyst with the TD Bank Financial Group. If you have any questions you may contact him at

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates