User account does not get removed on Windows shutdown

  • 7011579
  • 07-Jan-2013
  • 06-Nov-2013

Environment

Novell ZENworks Configuration Management 11.2 Policies
Microsoft Windows 7

Situation

The Dynamic Local User policy has been configured with Volatile User option enable and Enable Volatile User Cache option disabled.

The DLU created user account gets removed on user log off but not (always) on Windows shutdown.

Error message from zmd-messages.log:
"...
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() - this.IsUserNotExist : True] [] []
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API userName : <user name>] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API : ] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [SID is null, so not deleting the profile] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [GETLastError DeleteProfile call : 0] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [isProfileDeleted -1 : False] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() -1 Account has not been removed retValue : 2226] [] []
..."

Resolution

This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7012027

Cause

The ZCM agent does not have control over the Windows shutdown process and it can lose connection to user related registry information before it is able to remove the user account.

Additional Information

This issue has been fixed with implementing an user account cleanup routine. If the account deletion fails, it will be flagged for deletion in the registry. If on next login the same user authenticates, the account is removed before applying the DLU policy again. If a different user logs in , the other marked user account gets deleted after the desktop started up.

This is comparable to the Dynamic Administrator account cleanup routine.