I have a quick question with regards to Dynamic Local User setup and a particular problem I am having. Unfortunately I can't give to much detail as to why or how this problem is occurring just basically hoping someone has had a similar experience and might be able to point me in the right direction.

I have windows xp client machines with sp3, novell client 4.91 sp5, and Zenworks 7 sp1 hp3, on a Netware 6.5 sp7 server.

I have configured DLU as follows
Enable Dynamic Local User: Yes
Manage Existing Account: Yes
Volatile User: Yes
Use Edirectory Credentials: No
I have specified the name of my windows profile the dlu should use.

on the machine I have set the Zenworks options to Cache the profile for 9999 days, so essentially the profile is not volatile.

The problem I am experiencing is that when a user logs in the policy does not appear to apply and the user is granted administrator access to the machine as they appear to be using the administrator's profile on the machine, although I have set them to be a member of the user access level. It is a highly intermittent problem and I have been trying to determine what are the common factors in it's cause. For example a class of students could all logon at a similar time and 1 out of 30 might have this problem, and the users affected is always random, so it is not the same user.

I have copied the desired profile to the default profile of the machine as well. As I thought this might be a factor.

Some theories:

The policy is associated via the ou context as follows erc.students.Year11 with ERC being the root context and students and year 11 are ou's below this context I wasn't sure if the ou's could be causing a problem.

Another thought was possibly the profile was locked and Zen can't get access to it so it defaults over to the admin account?

As many users are using the same policy possibly the policy files were in use when a user was trying to login and apply them therefore they are not applied.

Or possibly something to do with the zen cache.

As you can see I am clutching at straws and would appreaciate any feedback or insight into this problem. Invarialbly the next student to login on the same workstation, the policy applies fine.