I am running ZCM v10.3 and am preparing to migrate over to Active Directory. When I first setup ZCM, I created a DLU policy for my Windows 7 computers and its been working fine. However, its time to join my Windows 7 computers (running ZCM v10.3) to the AD Domain and I need to disable the DLU for the machines prior to joining the domain.

To do this I tried to exclude my test workstations from the DLU by adding the workstations to the exclusion list for the DLU Policy. My DLU policy is assigned to my Users so I used the "Excluded Workstation List" to attempt to prevent the DLU from applying to the workstation. This didn't work. I also tried the reverse by applying the DLU to the test workstation and adding users to the Exclusion list, but that didn't work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.

I reassigned the DLU to all my Users and tried to use the registry to check for the existence and value of hklm\software\novell\zcm\zenlgn\domainlogin=1, but that didnt work either. I updated the version, ran "zac cc" and ran "zac ref bypasscache" but it didnt work.

Actually, the registry keys (DomainLogin and eDIRLogin) didn't exist so i had to manually add it using an AD GPO. I added DomainLogin and eDIRLogin and assign hexadecimal value of 1 to each DWORD via GPO (FYI). At this point I'm not even sure if the values of these keys are supposed to be set automatically upon login or if the admins manually control the values. Its not clear to me from the documentation on the Novell site. (http://www.novell.com/documentation/...stem_admin.pdf, pg 274)
(DLU Policy Filters not working)

I turned on debug by issuing the command: "zac log level debug", and would've attached the log here, but I don't know how. If anyone needs to see the log, please send me a link on how to attach a log and I'll do so.

I've tried so many different settings and combinations but i'm still unable to get consistent results. At some point I was able to get the DLU Policy to show up in the ZCM Agent properties with the status of "Not Applied" or "Not Effective" or something to that effect. That was the first time I was able to log in without the DLU applying. However it wasn't consistent among other machines so i kept testing. As it stands now, I have removed any filters and exclusions and now my test machine is not receiving any DLU policy and it should because I assigned the DLU Policy to my entire user base. I am totally lost.

Any help is appreciated.