SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


dynamiclocaluser
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

dynamiclocaluser [2013/05/04 14:19] (current)
sjoerd created
Line 1: Line 1:
 += Dynamic Local User =
  
 +If you log into a windows workstation using the Novell client you are only logged into eDirectory. Not into the workstation itself, which has it's own user database, called the Security Access Manager (SAM) Database. That's why you get a second login window, to login into windows. To prevent that from happening (the second login, that is) you could enable the Dynamic Local User policy. A Dynamic Local User (DLU) is a user object that is temporarily or permanently created in the workstation’s SAM database. The DLU is a ZENworks feature and is covered in this article. ​
 +
 +The DLU policy is used in case multiple users share a single workstation,​ with a terminal server or when the sysadmin is just lazy. For me, the most important feature is that after imaging a workstation,​ the workstation can be automatically imported into the tree, and with that done, when you log in it just works. So even when users have their own workstation there is no good reason to not have dynamic local user enabled. There is however a situation in which you don't want a DLU policy. That is the case you have an Active Directory domain and the workstations are joined into that domain. In this setup the domain takes care of the local account. You don't want to use the domain setup and the DLU policy at the same time. In my experience the DLU policy does not use the local domain account which means users get a different account than before. The configuration is rather straight forward and flexible enough to adjust to your own needs.
 +== Configuration ==
 +Most of the configuration is done in the main policy screen. In consoleone, go to the user policy package you want to edit, select the platform you want to set dynamic local user policy for, and click properties: \\
 +{{dlumain.gif}} \\
 +* Enable Dynamic Local User
 +** Turns the policy on or off
 +* Manage existing user account (if any)
 +** If there is already a local user account with the supplies credentials use that account
 +* Use eDirectory credentials
 +** Use the eDirectory username and password to create the local account
 +** Volatile user (Remove user after logout)
 +*** Enabled by default, determines if the account should be deleted after logout.
 +Notice that the volatile option is by default enabled. So, in case you don't want to use the eDirectory credentials the account is always removed on logout. Also notice that volatile also applies to existing user accounts, meaning that these are also removed in case you don't want to use the eDirectory credentials.
 +* User name
 +** Cannot contain more than 20 characters.
 +* Full name 
 +** The users full name.
 +* Description
 +** This is optional and could contain information about the account to help to identify the account.
 +* Member of
 +** Add the groups the user account should be made member off.
 +==== Best Practice ====
 +Usually I select:
 +* Enable Dynamic Local User
 +* Manage existing user account (if any)
 +* Use eDirectory credentials
 +* Member of
 +** Users; for normal end users
 +** Administrators;​ for sysadmins and power users
 +=== Additional Configuration ===
 +You could restrict the DLU policy to a specific workstation or workstations:​ \\
 +{{dlurestrictions.gif}} \\
 +It's also possible to assign or restrict local file rights to managed user accounts: \\
 +{{dlufiles.gif}} \\
 +
 +[[http://​www.novell.com/​documentation/​zenworks7/​dm7admin/​index.html?​page=/​documentation/​zenworks7/​dm7admin/​data/​a777rvc.html|Novell documentation]] \\
 +
 +{{tag>​zenworks edirectory}}
dynamiclocaluser.txt · Last modified: 2013/05/04 14:19 by sjoerd