Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

DLU based login corrupts user profile when logging-in to different devices with roaming profile

This document (7010457) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks Configuration Management
Dynamic Local User (DLU)
Roaming Profiles (RP)
Windows Group Policies (GPO)
Windows 7

Situation

  • Group Policies do not apply
  • Corrupt Windows profile
  • User has non-existent or incorrect rights various subkeys under HKCU\Software\Policies and/or HKCU\Software\Microsoft\Windows\CurrentVersion\Policies

Resolution

This is fixed in version 11.3.1 - see TID 7015288 "ZENworks Configuration Management 11.3.1 - update information and list of fixes" which can be found at https:// www.novell.com/support/search.do?usemicrosite=true&searchString=7015288
 
Workaround: 
Have the local user profile removed on each user logoff using the DLU policy Volatile user option.

This requires the DLU Volatile User cache to be disabled. This can be done at:
ZCC > Policies > [DLU Volatile User Policy] > Details > Volatile user > Enable Volatile User cache

Cause

DLU creates a new SID at each login.  If a user visits a machine where the user is cached (already exists) the existing SID will clash with the new SID.

Status

Reported to Engineering

Additional Information

Note:  There could be many possible causes giving the symptom of Windows Group Policies not being correctly applied.  In this case, the following must all be true:
  • Windows 7 (or Vista)
  • Dynamic Local User set to use Volatile User Cache or Volatile user option not enabled
  • Roaming Profiles
  • Windows Group Policies
  • A user will always be able to log in correctly to a machine that they have not logged in to before (or longer than the Volatile Cache period)
  • A user will never be able to log in correctly to a machine that they have logged in to before (within the Volatile Cache period)
  • Once a user's Roaming Profile becomes broken, it stays broken
  • The problem can be prevented by setting the Volatile Cache to off
Steps to reproduce:
  1. Create a user that has Dynamic Local User, Windows Group Policy and Roaming Profile Policies assigned
  2. Log the user in to Machine A and Windows Group Policies will be correctly applied; logout
  3. Log the user in to Machine B and Windows Group Policies will be correctly applied; logout
  4. Log the user in again to Machine A and and Windows Group Policies will NOT be correctly applied; Registry keys in Situation, above, will either be missing or permissions will be wrong; i.e. Assigned to a SID rather than a user

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7010457
  • Creation Date:16-JUL-12
  • Modified Date:24-JUL-14
    • NovellZENworks Configuration Management

Did this document solve your problem? Provide Feedback