This section includes information you need to know if you plan to deploy the Desktop Management Agent in your network environment:
Make sure that the workstations where you install the Desktop Management Agent meet the minimum requirements for hardware and installed software. For more information, see "User Workstation Requirements" in "Preparation" in the Novell ZENworks 6.5 Desktop Management Installation Guide.
The Desktop Management Agent installation lets you install various Desktop Management components on a one-time basis; that is, if you want to add or delete any of the components installed by the Agent in an earlier installation, you can use the Modify option that is available in the maintenance dialog box of the Desktop Management Agent setup.
The version of the Desktop Management Agent that shipped with the original ZENworks for Desktops 4 Program CD (setup.exe) is no longer supported. You must not attempt to upgrade from that version of the Desktop Management Agent.
You can upgrade ZENworks for Desktops 3.2 SP3 functionality to ZENworks 6.5 Desktop Management using the ZENworks 6.5 Desktop Management Agent installation, and you can upgrade the ZENworks for Desktops 4.0.1 Desktop Management Agent (and its functionality) by installing the ZENworks 6.5 Desktop Management Agent.
Installing the 6.5 version of the agent uninstalls older versions of the agent and enables ZENworks 6.5 functionality on your managed workstations.
For more information, see "Upgrading Workstations" in "Upgrade" in the Novell ZENworks 6.5 Desktop Management Installation Guide.
If you want to modify the Desktop Management Agent for your network users, you can do so when you create the Desktop Management Agent installation for the workstations and after you import the workstations. This section includes information for both options:
If the Novell Client is not present on the installing workstation when you are installing the Desktop Management Agent, the installation program displays the Workstation Manager Settings dialog box. This dialog box can be customized. For more information about the customization options, see "Customizing the Agent Login" in the Novell ZENworks 6.5 Desktop Management Installation Guide.
If you deploy the Desktop Management Agent in your network environment, you can customize the login GINA (that is, the graphical interface used for authentication) and the Welcome dialog box with your own company identity. To replace the Novell bitmaps on the Desktop Management Agent Login dialog box or the Resident Workstation Welcome dialog box, use the Workstation Policy Package > Desktop Management Agent policy. For more information, see ZENworks Desktop Management Agent Policy (Workstation Package). The workstation must be imported into the eDirectory tree in order for these dialog boxes to access the customized bitmaps. When you change the bitmaps that are accessed through this policy, the new graphics are accessed when the scheduled system event occurs.The Login dialog box bitmap is sized at 390 x 75 pixels and the Welcome dialog box bitmap is sized at 320 x 195 pixels. The Welcome dialog box attribute is stored in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NWGINA
The Login dialog box attribute is stored in the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\LgnXtier
NOTE: You can also log in from the Application Explorer in the Windows system tray. The graphical interface of this login GINA cannot be customized. For more information, see Logging in Locally to the Workstation.
You can automate the logon process for selected Windows 2000/XP users by using the Windows Registry Editor (regedit.exe) to enter user ID and password credentials in the Registry database. The result for the user will be immediate access to the desktop and network resources without the need to pause to enter logon information.
NOTE: You can bypass the AutoAdminLogon process and log on as a different user by holding down the Shift key after a logout or after a workstation reboot.
Using AutoAdminLogon opens your network to a serious security risk. It exposes user IDs and passwords and it lets any user who starts the workstation use the embedded credentials to obtain access to the workstation and network files---even if the workstation is locked. We recommend that you review the Microsoft* recommendations regarding when to use AutoAdminLogon before you implement it. For more information, see TID 10052847 in the Novell Support Knowledgebase.
IMPORTANT: If you install the Novell Client 4.9 SP1a for Windows 2000/XP on a workstation that already has the Desktop Management Agent installed and then set up AutoAdminLogon, you will receive a login error because of a conflict between AutoAdminLogon and Novell Modular Authentication Services (NMASTM), installed by default by Novell Client 4.9 SP1a.
To work around the problem after the Client is installed, right-click the red N icon in the desktop system tray > click Novell Client Properties > Advanced Login > uncheck NMAS Authentication.
This section contains the following information:
Start the Registry Editor (regedit.exe).
WARNING: Using the Registry Editor incorrectly can cause serious, system-wide problems that might require reinstalling Windows 2000/XP to correct them.
Locate the specified Registry keys and set the values as indicated.
If a value does not exist, click Edit > New > String Value, type the name of the value, then press Enter. All the values should be string values except for AutoAdminQueryNDS, which must be a DWORD value instead of a string value.
IMPORTANT: For a Windows logon only, if no DefaultPassword string is specified, the value of the AutoAdminLogon key automatically changes from 1 (True) to 0 (False), disabling the AutoAdminLogon feature after the first autoadminlogon session has occurred.
Exit the Registry Editor and log out of Windows 2000/XP.
This section lists the options you can choose from when you set up AutoAdminLogon.
In addition to these options for setting up AutoAdminLogon, you can also disable it. For more information, see Disable AutoAdminLogon. You should also be careful to use these options only for setting up user names and passwords if you want AutoAdminLogon to work properly. Be careful to caution users against resetting their own passwords. For more information, see Changing Passwords in NetWare Login with AutoAdminLogon.
Use this option to allow users to go directly to the desktop upon workstation bootup. Users will not be authenticated to eDirectory. The effect is similar to the user authenticating by checking the Workstation Only checkbox in the Windows logon dialog box.
Use this option to allow users to go directly to the desktop upon workstation bootup. No login prompts for Windows authentication or eDirectory authentication (Client or Agent) are displayed. Users will be authenticated to eDirectory and to the Windows workstation. All Desktop Management policies and applications are delivered to the workstation.
Location profiles let you save a user's specific login information. The profile automatically sets up login information such as the user's name, server, tree, context, login script, and other applicable information so that the user does not have to type this information.
NOTE: The NT Credential information in the Location Profile is not used. The NT user information in the registry is used instead.
Use this option to allow users to go directly to the desktop upon workstation bootup. No login prompts for Windows authentication or eDirectory authentication are displayed. Users will be authenticated to eDirectory and to the Windows workstation. All Desktop Management policies and applications are delivered to the workstation.
Use this option to allow users to go directly to the desktop upon workstation bootup. Users are authenticated to eDirectory according to the credentials entered in the registry, but they are authenticated to the Windows workstation according to the configuration of the DLU policy (no credentials for Windows are entered in the registry).
Location profiles allow you to save a user's specific login information. The profile automatically sets up login information such as the user's name, server, tree, context, login script, and other applicable information so that the user does not need to type this information. In this case, the location profile must specify an eDirectory user with Dynamic Local User (DLU) privileges on the Windows 2000 workstation.
Use this option to allow users to go directly to the desktop upon workstation bootup. Users are authenticated to eDirectory according to the credentials entered in the registry, but they are authenticated to the Windows workstation according to the configuration of the DLU policy (no credentials for Windows are entered in the registry).
The following settings are applicable only if the workstation has only the Novell Client installed. They are not applicable if only the Desktop Management Agent is installed.
This option authenticates the user to the Windows workstation according to the credentials entered in the registry, but the login to NetWare will require the user to enter his or her eDirectory credentials.
This is the behavior setting for logon to the Windows workstation and to eDirectory. The user is prompted for Windows workstation credentials and eDirectory credentials in order to authenticate.
| Registry Key | String Name | Enter This Value |
|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ |
AutoAdminLogon |
0 |
HKEY_LOCAL_MACHINE\SOFTWARE\Novell\ Login |
AutoAdminLogon |
0 |
If AutoAdminLogon is enabled, be careful when running the NetWare Login utility from the icon in the NetWare (Common) group. When run as a standalone utility from the icon, NetWare Login does not recognize that the workstation is running AutoAdminLogon.
If the primary connection's password expires when running NetWare Login from the icon, the user will be given the chance to synchronize all NetWare and Windows passwords. Make sure that users do not synchronize the Windows password, because NetWare Login does not update the Registry setting for AutoAdminLogon.
Although you can change the login password for the Desktop Management Agent using an applet in the Windows Control Panel, doing so doesn't affect the password setting in the Windows registry. If you change the password using the applet but you don't change it in the registry, AutoAdminLogon settings will fail.