Unable to update the group membership of the user on the managed device
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
On the managed device, the group membership of the user is not updated according to the User Configurations settings of the Dynamic Local User policy.
Possible Cause:
The registry key is set to 1
Action:
On the managed device for a 32-bit machine, set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA\Dynamic Local User\DontUpdateGroupMemberships to 0.
On the managed device for a 64-bit machine, set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Novell\NWGINA\Dynamic Local User\DontUpdateGroupMemberships to 0.
Dynamic Local User is unable to log on to the managed device
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
If the password of the Dynamic Local User in the user source does not meet the password complexity requirements, the user fails to log on to the managed device.
Possible Cause:
is enabled in the password policy setting of the Group policy of the device ( > > > > ).
Action:
Do one of the following:
-
Ensure that the password specified for the user in the user source meets the password complexity requirements. For information on the password complexity requirements, double-click in the password policy setting of the Group policy ( > > > > ).
-
Disable the setting on the managed device.
Subsequent to the first login, the DLU user is prompted to provide the credentials when he or she tries to log into the device again during the cache period specified in the policy
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
If the and settings are configured in the Dynamic Local User policy, then subsequent to the first login, the DLU user is prompted to provide the credentials when he or she tries to log into the device again during the cache period specified in the policy.
Action:
To enable the user to log into the device without being prompted on subsequent logins, ensure that the option is enabled in the policy. This ensures that the ZENworks Agent manages the password on behalf of the user.
After logging out of a managed device that is disconnected from the network, a Dynamic Local User is unable to log in to the device again
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
If a Dynamic Local User policy that has > , and options enabled is assigned to a device and a user logs out of the device when the device is disconnected from the network, the user is unable to log in to the disconnected device again.
Action:
Before the policy is assigned to the device or the device is disconnected from the network, perform the following steps on the managed device:
-
(Recommended) Select the option for logging in to the device.
or
-
Do the following:
-
Open the Registry Editor.
-
For a 32-bit machine, go to
\HKLM\SOFTWARE\Novell\NWGINA\Dynamic Local User\.
For a 64-bit machine, go to HKLM\SOFTWARE\Wow6432Node\Novell\NWGINA\Dynamic Local User\.
-
Create a DWORD called EnableEDirPasswordForFA, and set the value to 1.
The DLU policy does not delete user profiles if the Roaming Profile policy is applied
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
User profiles created with a volatile DLU (Dynamic Local User) that has a Roaming Profile policy in effect are sometimes not deleted on user logoff.
The DLU-based login corrupts the user profile when logging in to different devices with a roaming profile
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
If the user profile is not deleted on every logout on each device, the roaming profile will not work in a stable state when attempting to log in to different devices.
Action:
Use the DLU policy Volatile user option to set the local user profile to be removed each time the user logs out.
This requires the DLU Volatile User cache to be disabled. This can be done at: > > > > >
For more information, see TID 7010457 in the Novell Support Knowledge base.
The DLU policy allows excluded user to log in
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
When you assign a DLU policy with excluded users to a device and restart the device immediately after enforcing the DLU policy, it still allows an excluded user to log in.
Possible Cause:
Random refresh is enabled.
Action:
Disable Random refresh.
DLU with smart card uses PIN for Windows user account
Source:
ZENworks Configuration Management; Policy Management; Windows Configuration Policy.
Explanation:
The DLU policy with user source credentials and ZENworks smart card login uses the smart card PIN for the Windows Local user account. In this case password complexity may not meet for the Windows password.
Action:
Configure Universal Password policy for the eDir user and create universal password for the user. This universal password will be used for the DLU account.
This universal password will be used for the DLU account.