This feature allows the Client to automatically select performing awhen the available network connectivity fails to meet specific criteria, or when simply no network connectivity is available at all.
Theoption in the Novell Client for Windows XP/2003 functioned purely on "Does Windows know of one or more active network interfaces?" to decide whether or not to automatically select the login option. While this approach was useful in many cases, scenarios where the workstation was still connected to a network over which the eDirectory servers were not accessible (such as a home broadband network) could prevent the feature from engaging. The fact this feature decided to enable or disable the option before any logon attempt occurred could also be a limitation, if Windows was still in the process of starting up and more Windows network interfaces arrived after had already made its decision.
The Client for Windowsfeature, when enabled, improves upon both of these points. Instead of any Windows network interface, it is now possible to specify specific Windows network categories (for example, Work, Home, and Public) for which a is preferred. Additionally, specific names assigned to Windows networks (for example, Network 1, Network 2, My Office, and so on) can be specified for more granular control.
Finally, thefeature does not make its decision about whether to proceed with a Logon or automatically switch to until the user actually initiates a logon attempt. Thereby permitting the maximum time possible for additional network interfaces to arrive or be detected before the feature makes its decision.
Thefeature, when enabled, also maintains the basic "if no Windows network interfaces are available, perform a Computer Only Logon instead of Logon" functionality. This functionality can be used even without having to specify any Windows network names or categories.
At the next available opportunity, the Client will add configuration of thefeature into the Client Properties configuration interface. Until then, this feature can be enabled by directly editing the described registry configuration.
Log on to the Windows machine with administrative privileges.
Edit the registry and navigate to the existing \HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login\ key.
Create a subkey named \HKEY_LOCAL_MACHINE\Software\Novell\Login\Computer Only Logon If Not Connected\ now exists., such that a key path of
Under thekey, create the following entries:
A DWORD (32-bit) value named. If the value of this entry is set to 1, the feature is enabled. If this value does not exist or is set to 0 (zero), the feature is disabled.
Optionally, create a Multi-String (not String) value named. This Multi-String can be set to one or more of the following values, which correspond to the names Windows uses to describe network categories: , and .
Optionally, create a Multi-String named. This Multi-String can contain a list of one or more names that have been assigned to networks identified by Windows. For example, , , , and so on.
Optionally, create a DWORD(32 bit) value named. If the value of this entry is set to 1, the and values will be interpreted as criteria for networks which CAN access eDirectory servers, and when networks matching these criteria are present the Client should attempt a normal Logon. If the Use Lists for Novell Logon value does not exist or is set to 0 (zero), the and values will be interpreted as criteria for networks which CAN NOT access eDirectory servers, and if all connected networks match this criteria the Client should skip the eDirectory login attempt and proceed immediately with a Computer Only Logon instead. Continue reading the description below of the and values for additional explanation.
Thefeature takes effect when the value is set to 1, even if the or values are not defined. When the feature is enabled, at minimum the Client will automatically perform a Computer Only Logon instead of a Logon if Windows reports there are not any active network interfaces when the logon attempt is initiated.
If theis defined, the Client will query Windows to determine what category each identified network belongs to ( , , or ). When the value does not exist or is set to 0 (zero), the names which Windows network categories the feature should assume CAN NOT access eDirectory servers, and assumes any non-matching connected networks CAN access eDirectory servers. When the value is set to 1, the N names which Windows network categories the feature should assume CAN access eDirectory servers, and assumes any non-matching connected networks CAN NOT access eDirectory servers.
If theis defined, the Client first performs the processing described above if the is defined. After matching the active network categories against the , the Client will additionally match the network names against the . When the value does not exist or is set to 0 (zero), the names individual Windows networks the feature should assume CAN NOT access eDirectory servers, regardless of what Windows network category the named networks belong to. When the value is set to 1, the names individual Windows networks the feature should assume CAN access eDirectory servers, regardless of what Windows network category the named networks belong to.
After completing both theprocessing (if defined) and the processing (if defined), and after considering the meaning of those lists in relation to the value (if defined), if the feature has ultimately determined there is ONE OR MORE connected networks which CAN access eDirectory servers, a Logon attempt will be permitted to proceed normally and attempt an eDirectory login. If the feature ultimately determined that ALL of the connected networks CAN NOT access eDirectory servers, a Logon attempt will skip the eDirectory login attempt and proceed immediately with a Computer Only Logon instead.
For example, assume thehas been configured with and , and the has been configured with , and the value does not exist or is set to 0 (zero). During the next logon attempt, Windows reports a network and also a network named . Even though based on the alone a Logon would have been permitted to attempt eDirectory login due to presence of the category network, because the network is named and this network name appears in the , the Client will actually consider that none of the active networks detected by Windows can access eDirectory servers. Attempting a Logon would result in the Client skipping the eDirectory login attempt and would proceed with a Computer Only Logon instead.
Logout of Windows, or reboot the machine.
Select thelink on the Windows logon page, if the Client login is not already in mode. If mode is explicitly selected, the feature does not need to engage.
NOTE:By default, the Client remembers whetheror was last used, and will default to that mode during the next logon. If you want the Client to always come up in mode and then just let the automatically decide whether a Logon attempt is actually appropriate, change the setting from to in the tab of the Client Properties.
Now attempt to logon in Logon mode. Once you enter your password and click, the Client will begin the processing of querying Windows for connected network names and categories, and matching those names and categories again any configured and values.
If the Client determines there are one or more active Windows networks present over which a Logon attempt will be appropriate, the Client will simply proceed with normal Logon processing of attempting to login to both eDirectory and the Windows account.
If the Client determines that all of the active Windows networks match criteria indicating that cannot access eDirectory servers, or if Windows reports there simply are not any active Windows networks, even though the Client was in Logon mode when the logon attempt was initiated, the eDirectory login will be transparently skipped, and only the Windows account logon attempt will be made.
Note in cases where the Windows account password is not the same as the eDirectory account password – for example, because the Windows account password was normally supplied from a Novell ZENworks Dynamic Local User (DLU) policy, or the password was expected to be retrieved by NMAS-based Single Sign-On – the Windows-only account logon attempted bywill not be able to succeed using the eDirectory password.
In this case, the Client will still skip the eDirectory logon attempt and will perform just a Computer Only Logon, but the user will have to manually enter their Windows account password. This is only an issue in cases which otherwise would have retrieved their Windows account passed from eDirectory-based sources.