Environment
Novell ZENworks Configuration Management 11.2 Policies
Microsoft Windows 7
Microsoft Windows 7
Situation
The Dynamic Local User
policy has been configured with Volatile User option
enable and Enable Volatile
User Cache option disabled.
The DLU created user account gets removed on user log off but not (always) on Windows shutdown.
Error message from zmd-messages.log:
"...
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() - this.IsUserNotExist : True] [] []
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API userName : <user name>] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API : ] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [SID is null, so not deleting the profile] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [GETLastError DeleteProfile call : 0] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [isProfileDeleted -1 : False] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() -1 Account has not been removed retValue : 2226] [] []
..."
The DLU created user account gets removed on user log off but not (always) on Windows shutdown.
Error message from zmd-messages.log:
"...
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() - this.IsUserNotExist : True] [] []
[DEBUG] [10/10/2012 13:21:22.171] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API userName : <user name>] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DeleteProfile API : ] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [SID is null, so not deleting the profile] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [GETLastError DeleteProfile call : 0] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [isProfileDeleted -1 : False] [] []
[DEBUG] [10/10/2012 13:21:22.187] [1124] [ZenworksWindowsService] [39] [] [dlu policy] [] [Inside DLUUserObject Logout() -1 Account has not been removed retValue : 2226] [] []
..."
Resolution
This is fixed in version 11.2.4 - see KB 7012027 "ZENworks
Configuration Management 11.2.4 - update information and list of
fixes" which can be found at
https://support.microfocus.com/kb/doc.php?id=7012027
Cause
The ZCM agent does not have control over the Windows shutdown
process and it can lose connection to user related registry
information before it is able to remove the user account.
Additional Information
This issue has been fixed with implementing an user account
cleanup routine. If the account deletion fails, it will be flagged
for deletion in the registry. If on next login the same user
authenticates, the account is removed before applying the DLU
policy again. If a different user logs in , the other marked user
account gets deleted after the desktop started up.
This is comparable to the Dynamic Administrator account cleanup routine.
This is comparable to the Dynamic Administrator account cleanup routine.