Environment
Novell ZENworks Configuration Management
Dynamic Local User (DLU)
Roaming Profiles (RP)
Windows Group Policies (GPO)
Windows 7
Dynamic Local User (DLU)
Roaming Profiles (RP)
Windows Group Policies (GPO)
Windows 7
Situation
- Group Policies do not apply
- Corrupt Windows profile
- User has non-existent or incorrect rights various subkeys under HKCU\Software\Policies and/or HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Resolution
This is fixed in version 11.3.1 - see KB 7015288 "ZENworks Configuration Management 11.3.1 - update information and list of fixes" which can be found at https:// www.novell.com/support/search.do?usemicrosite=true&searchString=7015288
Workaround:
Have the local user profile removed on each user logoff using the DLU policy Volatile user option.
This requires the DLU Volatile User cache to be disabled. This can be done at:
ZCC > Policies > [DLU Volatile User Policy] > Details > Volatile user > Enable Volatile User cache
Have the local user profile removed on each user logoff using the DLU policy Volatile user option.
This requires the DLU Volatile User cache to be disabled. This can be done at:
ZCC > Policies > [DLU Volatile User Policy] > Details > Volatile user > Enable Volatile User cache
Cause
DLU creates a new SID at each login. If a user visits a machine where the user is cached (already exists) the existing SID will clash with the new SID.
Status
Reported to EngineeringAdditional Information
Note: There could be many possible causes giving the symptom of Windows Group Policies not being correctly applied. In this case, the following must all be true:
- Windows 7 (or Vista)
- Dynamic Local User set to use Volatile User Cache or Volatile user option not enabled
- Roaming Profiles
- Windows Group Policies
- A user will always be able to log in correctly to a machine that they have not logged in to before (or longer than the Volatile Cache period)
- A user will never be able to log in correctly to a machine that they have logged in to before (within the Volatile Cache period)
- Once a user's Roaming Profile becomes broken, it stays broken
- The problem can be prevented by setting the Volatile Cache to off
- Create a user that has Dynamic Local User, Windows Group Policy and Roaming Profile Policies assigned
- Log the user in to Machine A and Windows Group Policies will be correctly applied; logout
- Log the user in to Machine B and Windows Group Policies will be correctly applied; logout
- Log the user in again to Machine A and and Windows Group Policies will NOT be correctly applied; Registry keys in Situation, above, will either be missing or permissions will be wrong; i.e. Assigned to a SID rather than a user