Hi all,

Our primary network client is Windows XP SP2 with Novell Client in an
Active Directory domain. We have both desktop and portable PCs.
Desktop PCs have a very straightforward configuration because they are
always connected to the network.

[Background info: eDirectory 8.7.x on Novell NetWare 6.5 SP7, Active
Directory on Windows Server 2003 R2, Nsure Identity Manager to push
and synchronise credentials from eDirectory to Active Directory]

For the portable PCs we modified things a little bit. Portable PCs
may be connected to the network, or may be used independently. After
installing the Novell Client, we change the GINA back to msgina.dll.

This means that users see the standard Windows XP login box and
authenticate to Active Directory initially, but when the login
dialogue box disappears, the Novell Client splash screen appears and
the user is transparently authenticated to eDirectory and the login
script runs.

The end result is similar; user logs in with a single set of
credentials, gets authenticated to eDirectory and Active Directory,
and has their drives available.

However, because the Microsoft GINA is doing the initial login, it is
also caching Active Directory credentials. Now, if the portable PC is
taken away from the network, users who have *already* logged on in the
past can *continue* to logon with their standard network username and
password, without doing anything different; the Novell Client will
*try* to connect after the user has successfully logged in using
cached credentials, but fails "safe". We use local profiles on
portable PCs so they are always available.

Now, I'd like a similar end result on Windows Vista, but of course
there's no GINA. I've had a look at login profiles, but this doesn't
seem to give me the result I'm after.

Does anyone have any ideas?

Kind regards,