[ngw] OT: Managing W2K workstations

Cameron Watts WattsC at sbdc.com.au
Wed Dec 12 02:02:38 UTC 2001


I am currently rolling out Win2k on a netware 5.1 network with 2 NT4
Servers and Zenworks for desktops 3. 
 
Heres a few of the problems I've had with doing the rollout and some of
the ways I attacked them, I cant say that my methods are the best way
however :)
 
I use the Zenworks Dynamic Local User policy. Which works great,
however I have had some problems with it. For instance if I use it to
"use netware credentials" it will create a windows 2000 user login on
the machine for each user that logs in. This is fine is only one users
logs into each workstation, however I have a constant change of users
using the same workstations. I had a lot of problems using this because
it did not keep my proxy settings (IE), groupwise post office IP address
and it sometimes caused problems with the Groupwise dictionaries. 
 
What I do to get around this is I "manage existing NT account" and
setup the user Administrator account on the workstations with a
password. I force the users to login to the win2k machine with
administrator and the standard password. This way each person logs into
the same profile and I dont get the problems I had above. However the
problem I am now having is the fact that any communication with NT
systems, or SQL ODBC driver trusted connections does not work because
the workstation reports the windows username of Administrator and not
the Netware username like the old Windows 98 machines did. 
At the moment I am still finding ways around this, some of our users
need to map drives to NT4 shares, the only way I've done this is to use
the "net use" command to map the drive, but specify the username and
password in the command. This is fine, except that 2 users require
different rights to the NT share, hence another net use command which I
hide in batch files which are called by the login script according to
which group they are in (to allow different rights)
 
So yes, Dynamic local user policy is a great way to go, but it needs to
be planned well. As long as your aware of the fact that you may have
problems using netware credentials and if you dont use them and you use
a default user profile then any microsoft maps etc will broadcast a the
win2k username and password instead of the netware one (hence asking for
a password) then you should be fine...
 
I'm far from an expert, and I'm still playing with possible solutions
to my problems, but I thourght you might want to know about some of the
traps I faced.
 
Thanks
Cameron Watts
wattsc at sbdc.com.au 

>>> Brian.Wredberg at udlp.com 12/12/2001 2:07:32 am >>>
We do the same except where we need to have our users authenticate to
an NT domain.  There seems to be an issue with the Dynamic Local User
and NT domain authentication so we had to make a separate container for
those users and exclude the DLU policy.

>>> Mark.Puchalski at Couzens.com 12/11/01 11:55AM >>>
We use Zen to set up dynamic local users on the few NT workstations we
have here.  We have no NT domain, as we're primarily a NetWare shop.

>>> Holly.Newman at KJMAIL.COM 12/11/2001 12:05:21 PM >>>
We're grappling with issues related to our W2K desktop rollout, and I
thought I'd start with the smartest group I know even though it isn't GW
related.  I've always avoided NT-based desktop OS's because of the
authentication problems.  But now I have no choice.  So this question is
this - how do you handle authentication of W2K workstations in a Novell
environment?  And how do you handle your portable users (laptops)
differently from your fixed users (desktops)?

1) No Domain: Manually create users on the workstations.

2) No Domain: use Zen/Workstation Manager to create users on the
workstations.

3) No Domain: combination of 1 and 2

4) Domain: administered separately from NDS

5) Domain: integrated using 3rd party product (Synchronicity)

6) Domain: integrated using Novell product (NDS for NT)

If you have any suggestions, please reply privately since this isn't a
GW topic.

Thanks,

Holly Newman
Network Services Manager
Kendall-Jackson Wine Estates
707-547-4742


--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML
development needs and product information.



----------------------------------------------------------------------
This message is a private communication.  If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it
to others.  Please notify the sender of the delivery error by replying
to this message, and then delete it from your system.  Thank you.


--
Visit http://www.ngwlist.com for help with the list.
Visit http://www.concentrico.net for GroupWise, NDS, or DirXML
development needs and product information.



------------------- TEXT.htm follows -------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>
<BODY style="MARGIN-TOP: 2px; FONT: 10pt Arial; MARGIN-LEFT: 2px">
<DIV>I am currently rolling out Win2k on a netware 5.1 network with 2 NT4 
Servers and Zenworks for desktops 3. </DIV>
<DIV>&nbsp;</DIV>
<DIV>Heres a few of the problems I've had with doing the rollout and some of the 
ways I attacked them, I cant say that my methods are the best way however 
:)</DIV>
<DIV>&nbsp;</DIV>
<DIV>I use the Zenworks Dynamic Local User policy. Which works great, however I 
have had some problems with it. For instance if I use it to "use netware 
credentials" it will create a windows 2000 user login on the machine for each 
user that logs in. This is fine is only one users logs into each workstation, 
however I have a constant change of users using the same workstations. I had a 
lot of problems using this because it did not keep my proxy settings (IE), 
groupwise post office IP address and it sometimes caused problems with the 
Groupwise dictionaries. </DIV>
<DIV>&nbsp;</DIV>
<DIV>What I do to get around this is I "manage existing NT account" and setup 
the user Administrator account on the workstations with a password. I force the 
users to login to the win2k machine with administrator and the standard 
password. This way each person logs into the same profile and I dont get the 
problems I had above. However the problem I am now having is the fact that any 
communication with NT systems, or SQL ODBC driver trusted connections does not 
work because the workstation reports the windows username of Administrator and 
not the Netware username like the old Windows 98 machines did. </DIV>
<DIV>At the moment I am still finding ways around this, some of our users need 
to map drives to NT4 shares, the only way I've done this is to use the "net use" 
command to map the drive, but specify the username and password in the command. 
This is fine, except that 2 users require different rights to the NT share, 
hence another net use command which I hide in batch files which are called by 
the login script according to which group they are in (to allow different 
rights)</DIV>
<DIV>&nbsp;</DIV>
<DIV>So yes, Dynamic local user policy is a great way to go, but it needs to be 
planned well. As long as your aware of the fact that you may have problems using 
netware credentials and if you dont use them and you use a default user profile 
then any microsoft maps etc will broadcast a the win2k username and password 
instead of the netware one (hence asking for a password) then you should be 
fine...</DIV>
<DIV>&nbsp;</DIV>
<DIV>I'm far from an expert, and I'm still playing with possible solutions to my 
problems, but I thourght you might want to know about some of the traps I 
faced.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Thanks</DIV>
<DIV>Cameron Watts</DIV>
<DIV><A 
href="mailto:wattsc at sbdc.com.au">wattsc at sbdc.com.au</A><BR><BR>&gt;&gt;&gt; 
Brian.Wredberg at udlp.com 12/12/2001 2:07:32 am &gt;&gt;&gt;<BR><FONT face=Arial 
size=2>We do the same except where we need to have our users authenticate to an 
NT domain.&nbsp; There seems to be an issue with the Dynamic Local User and NT 
domain authentication so we had to make a separate container for those users and 
exclude the DLU policy.<BR><BR>&gt;&gt;&gt; Mark.Puchalski at Couzens.com 12/11/01 
11:55AM &gt;&gt;&gt;<BR>We use Zen to set up dynamic local users on the few NT 
workstations we have here.&nbsp; We have no NT domain, as we're primarily a 
NetWare shop.<BR><BR>&gt;&gt;&gt; Holly.Newman at KJMAIL.COM 12/11/2001 12:05:21 PM 
&gt;&gt;&gt;<BR>We're grappling with issues related to our W2K desktop rollout, 
and I thought I'd start with the smartest group I know even though it isn't GW 
related.&nbsp; I've always avoided NT-based desktop OS's because of the 
authentication problems.&nbsp; But now I have no choice.&nbsp; So this question 
is this - how do you handle authentication of W2K workstations in a Novell 
environment?&nbsp; And how do you handle your portable users (laptops) 
differently from your fixed users (desktops)?<BR><BR>1) No Domain: Manually 
create users on the workstations.<BR><BR>2) No Domain: use Zen/Workstation 
Manager to create users on the workstations.<BR><BR>3) No Domain: combination of 
1 and 2<BR><BR>4) Domain: administered separately from NDS<BR><BR>5) Domain: 
integrated using 3rd party product (Synchronicity)<BR><BR>6) Domain: integrated 
using Novell product (NDS for NT)<BR><BR>If you have any suggestions, please 
reply privately since this isn't a GW topic.<BR><BR>Thanks,<BR><BR>Holly 
Newman<BR>Network Services Manager<BR>Kendall-Jackson Wine 
Estates<BR>707-547-4742<BR><BR><BR>--<BR>Visit <A 
href="http://www.ngwlist.com/">http://www.ngwlist.com</A> for help with the 
list.<BR>Visit <A 
href="http://www.concentrico.net/">http://www.concentrico.net</A> for GroupWise, 
NDS, or DirXML development needs and product 
information.<BR><BR><BR><BR>----------------------------------------------------------------------<BR>This 
message is a private communication.&nbsp; If you are not the 
intended<BR>recipient, please do not read, copy, or use it, and do not disclose 
it<BR>to others.&nbsp; Please notify the sender of the delivery error by 
replying<BR>to this message, and then delete it from your system.&nbsp; Thank 
you.<BR><BR><BR>--<BR>Visit <A 
href="http://www.ngwlist.com/">http://www.ngwlist.com</A> for help with the 
list.<BR>Visit <A 
href="http://www.concentrico.net/">http://www.concentrico.net</A> for GroupWise, 
NDS, or DirXML development needs and product 
information.<BR><BR></DIV></FONT></BODY></HTML>



More information about the ngw mailing list