How to configure Dynamic Local User
(Last modified: 29Oct2002)
This document (10058297) is provided subject to the disclaimer at the end of this document.
How to configure Dynamic Local User
Novell ZENworks for Desktops 2
Novell ZENworks for Desktops 3.0
The Novell client needs to be installed on the workstations with the Workstation Manager Service. The client needs to be the recommended versions to run with the specific installation of ZENworks.
Create an NT User Policy Package and associate it to Users, Groups, or Users Containers.
Enable the Dynamic Local User Policy and click Details.
Below are the settings configurable in the Dynamic Local User policy. A description of each setting is given.
-Enable Dynamic Local User
Enables creation of a User object that resides either temporarily or permanently in the workstation's Security Access Manager (SAM) database. NWGINA requires that you specify whether a local user is to be created. If this box is not checked, NWGINA does not create a user in the local SAM. Instead, NWGINA attempts to find an existing NT user with the credentials indicated in the Windows NT tab of the NWGINA login interface. If Enable Dynamic Local User is enabled, then NWGINA gets the NT Username from the NT Configuration object and queries the local SAM to see if the Username already exists. If it does exist, NWGINA authenticates the user to the NT workstation and access is granted. If the Username does not exist, NWGINA creates the user in the local workstation SAM.
If Windows NT password restriction policies are set on the local workstation, Dynamic Local User will not be used. Dynamic Local User is not meant to be used in a Domain Environment.
-Manage Existing NT Account (if any)
Allows management through the existing NT account. Click if the User object you want to manage already exists. Workstation group assignments specified by Workstation Management will be implemented, including changing the account from nonvolatile to volatile when the user logs in to the account. The account will also be removed from the workstation after the user logs out.
If this check box and the Volatile User check box are both marked, and the user has a permanent local account that uses the same credentials specified in NDS, the permanent account will be changed to a volatile (temporary) account. The account will be managed, but will be removed when the volatile user cache age is reached.
Any settings you change here overwrite the current account settings at the NT workstation.
If this option is not enabled, Workstation Management cannot manage the existing User object.
-Use NetWare Credentials
Enables logging through the user's NetWare credentials instead of NT credentials. When creating the NT user account, NWGINA can use either the same credential set used for NDS authentication or a predetermined credential set specified in the NT Configuration object. When using NetWare credentials to create the workstation NT user account, NWGINA queries the user's NDS account for the login name, full name, and description. The password for the NT user account is the same as that for the NDS user account.
If NetWare credentials are not used, the account is always volatile and is not accessible. Full Name and Description can also be included to provide a complete user description. If you don't use NetWare credentials and the User object does not already exist (as indicated by the Manage Existing Accounts check box), the User object is created as a volatile User object, which means that the User object will be automatically deleted. This will be apparent because the Volatile User check box will be automatically enabled if the Use NetWare Credentials check box is not enabled.
-Volatile User (Removed after Logout)
Specifies the use of a volatile user account for NT login. The user account that NWGINA creates on the local workstation can be either a volatile or a nonvolatile account. The account will be removed as soon as the user logs out, unless Volatile Cache is enabled on the client. This setting is configured on the Workstation Manager service from the. Network properties. Set the amount of days the account is to be kept on the workstation. If the users logs in again to the workstation before the specified amount of time expires, it will reset the amount of time to keep the profile on the workstation. However, if the amount of time expires without a subsequent login for the user, the profile will be deleted and the next time they login, the user will get a Default Profile.
Identifies the name of the NT user.
Identifies the user's complete name.
Enter any additional information that helps the administrator to further identify this user account.
Lists the groups of which this user is a member. When NWGINA creates the NT workstation user, it can provide group membership to any NT user groups. The groups that the user is added to are listed in the Members Of list. The default configuration is for the user to be added to the Users group. Other groups can be added by selecting the group and clicking Add. Groups can be removed by selecting the group and clicking Delete.
-Not Member Of
Lists available groups where this user has not been assigned as a member.
Opens the Custom Groups page where you can add a new custom group, delete an existing custom group, and view or modify properties of an existing custom group..
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.