Novell client security issue

I work in a school and we use Novell to log in on both Windows 7 and
Windows xp machines. On our Windows 7 machines we found a problem that I
dont know how to fix. So I tought I would post it here. Maybe someone
here has a fix. The problem is: If a user is logged in and locks the
machine, either trough the screensaver or trough Windows + L, and then
an other user logs in with a different Novell account, He gets to see
AND use the drive mappings of the account who had previously logged in.

Additional information: We use Novell OES 2 11 server and login with
Novell client 2 sp1. After the login we use autologon for Windows to
automate the Windows login process.

So if anyone have seen this problem and can help me with this.


-- 
sosanlx
------------------------------------------------------------------------



0
sosanlx
3/6/2012 10:36:02 AM
novell.netware.winnt-2x-xp 10573 articles. 1 followers. Follow

10 Replies
588 Views

Similar Articles

[PageSpeed] 48

Aditionally the user will also have the same environment as the previous
user. Document left open by the previous user will be left open or other
programs.


-- 
sosanlx
------------------------------------------------------------------------
sosanlx's Profile: http://forums.novell.com/member.php?userid=102899
View this thread: http://forums.novell.com/showthread.php?t=453027

0
sosanlx
3/6/2012 10:56:02 AM
On 06/03/12 11:56, sosanlx wrote:
>
> Aditionally the user will also have the same environment as the previous
> user. Document left open by the previous user will be left open or other
> programs.
>
>

This is normal behavior if local windows account is the same for both 
users. For example:


1. Startup the Win7 workstation
2. login to Novell Network with user A
3. login to workstation using the local user C
4. fast switch to user B (without disconnecting A)
5. login to Novell Network as user B using the Credential Provider
6. login to workstation using the same local user C

Actual Results:
Following the steps above, the Novell network connection is still 
available for the Novell user A instead of user B.


is that what you're seeing?
0
Mysterious
3/6/2012 11:12:15 AM
Mysterious;2179748 Wrote: 
> 
> 
> is that what you're seeing?

Yes when the workstation locks after user A has been using it and
Novell user B logs on (with the same Windows account beeing used) the
User B has the environment and network connections of user A


-- 
sosanlx
------------------------------------------------------------------------
sosanlx's Profile: http://forums.novell.com/member.php?userid=102899
View this thread: http://forums.novell.com/showthread.php?t=453027

0
sosanlx
3/6/2012 12:46:02 PM
On 06/03/12 13:46, sosanlx wrote:
>
> Mysterious;2179748 Wrote:
>>
>>
>> is that what you're seeing?
>
> Yes when the workstation locks after user A has been using it and
> Novell user B logs on (with the same Windows account beeing used) the
> User B has the environment and network connections of user A
>
>

in this case is working as design and this is how Microsoft Windows 7 
works but i'd expect that you've got the message on step 6:

"The specified Windows account is already logged in.  If you continue to 
login in with this account, you will connect to the existing session for 
this account.  Do you want to continue to login in with this account?"


Fast User Switching is a Microsoft-controlled feature which the Novell 
Client cannot control or override.  Microsoft intends that on a 
workstation-class Windows machine, there is only one logon session for a 
given Windows user account at any time.

If you try to perform a "switch user" or a "remote desktop" and specify 
the Windows account credentials for an already-running Windows logon 
session (regardless of what eDirectory credentials you may or may not 
have also specified during the same "switch user" or "remote desktop"), 
you will be (re)connected to that existing logon session "already in 
progress" rather than Windows creating a new independent logon session.

The Novell Client is able to /detect/ when it knows Windows is going to 
actually just re-connect you to an existing session rather than logging 
you on with the eDirectory and Windows credentials provided; but 
detecting what it thinks is going to happen & presenting the 
confirmation message is all we can do about it.

So yes, by the time you've completed step 6 and are viewing the Windows
desktop, you have now been successfully re-connected back to the 
existing logon session for Windows user "C" which is already running 0 
or more applications and is already logged into eDirectory as user "A".

The eDirectory credentials for user "B" provided during the "fast user 
switch" were essentially discarded, becuase once Windows realized you 
were specifying the Windows credentials for an already logged-on user 
session, there was no longer going to be a "new logon" taking place and 
reconnection to the existing session (in whatever state the existing 
session is in) is the expected outcome.

Note this is all specific to what Microsoft calls the "single-user 
terminal server experience"; i.e. workstation-class Windows 7, or 
workstation-class Windows Vista, which provide the "Fast User Switching" 
and "Remote Desktop" features.

Hope it helps

Gonzalo
0
Mysterious
3/6/2012 12:56:48 PM
Ok thank you for your response. 
If I understand correctly, there is no real way to fix this other than
making local Windows accounts for every specific user so everyone can
log in with their own Novell + Windows account? (which is not really a
possibility in our invironment)


-- 
sosanlx
------------------------------------------------------------------------
sosanlx's Profile: http://forums.novell.com/member.php?userid=102899
View this thread: http://forums.novell.com/showthread.php?t=453027

0
sosanlx
3/6/2012 1:26:01 PM
On 06/03/12 14:26, sosanlx wrote:
>
> Ok thank you for your response.
> If I understand correctly, there is no real way to fix this other than
> making local Windows accounts for every specific user so everyone can
> log in with their own Novell + Windows account? (which is not really a
> possibility in our invironment)
>
>


 From the novell client stand point of view, it is nothing it can be 
done as Microsoft designed in this way so may consider disabling fast 
user switching.

http://www.maxi-pedia.com/Disable+fast+user+switching+Windows+7
0
Mysterious
3/6/2012 1:32:24 PM
Ah I disabled the quick user switching. I cant select a different user
now after locking the computer. I guess this is a solution. The users
cant switch anymore but atleast it is secure.


-- 
sosanlx
------------------------------------------------------------------------
sosanlx's Profile: http://forums.novell.com/member.php?userid=102899
View this thread: http://forums.novell.com/showthread.php?t=453027

0
sosanlx
3/6/2012 1:46:01 PM
Thank you for your response. I did this now and it works.


-- 
sosanlx
------------------------------------------------------------------------
sosanlx's Profile: http://forums.novell.com/member.php?userid=102899
View this thread: http://forums.novell.com/showthread.php?t=453027

0
sosanlx
3/6/2012 1:46:01 PM
On 3/6/2012 4:36 AM, sosanlx wrote:
>
> I work in a school and we use Novell to log in on both Windows 7 and
> Windows xp machines. On our Windows 7 machines we found a problem that I
> dont know how to fix. So I tought I would post it here. Maybe someone
> here has a fix. The problem is: If a user is logged in and locks the
> machine, either trough the screensaver or trough Windows + L, and then
> an other user logs in with a different Novell account, He gets to see
> AND use the drive mappings of the account who had previously logged in.
>
> Additional information: We use Novell OES 2 11 server and login with
> Novell client 2 sp1. After the login we use autologon for Windows to
> automate the Windows login process.
>
> So if anyone have seen this problem and can help me with this.
>
>
This was an interesting post from the following perspective
1) What does the Novell Client do? What are its configurable features & 
settings?
2) Are there differences between the various Microsoft operating 
systems? What are these differences?
3) The title of the post is like most news headlines today completely 
misleading.
0
Richard
3/9/2012 2:08:48 PM
rdseepaul;2181002 Wrote: 
> On 3/6/2012 4:36 AM, sosanlx wrote:
> >
> > I work in a school and we use Novell to log in on both Windows 7 and
> > Windows xp machines. On our Windows 7 machines we found a problem
> that I
> > dont know how to fix. So I tought I would post it here. Maybe
> someone
> > here has a fix. The problem is: If a user is logged in and locks the
> > machine, either trough the screensaver or trough Windows + L, and
> then
> > an other user logs in with a different Novell account, He gets to
> see
> > AND use the drive mappings of the account who had previously logged
> in.
> >
> > Additional information: We use Novell OES 2 11 server and login with
> > Novell client 2 sp1. After the login we use autologon for Windows to
> > automate the Windows login process.
> >
> > So if anyone have seen this problem and can help me with this.
> >
> >
> This was an interesting post from the following perspective
> 1) What does the Novell Client do? What are its configurable features
> &
> settings?
> 2) Are there differences between the various Microsoft operating
> systems? What are these differences?
> 3) The title of the post is like most news headlines today completely
> misleading.

1. The Novell Client is your primary authentication 'device' between a
client (PC) and a Novell Server (NetWare or SLES).
2. You would not believe the Vast Chasms of differences between the
various Microsoft Operating Systems. (Please peruse Microsoft's site to
see them.
3. True enough - most titles do not convey the content of most
posting.

Leroy Joseph
Visual Click Software 
'eDirectory Management and Reporting | DSRAZOR for eDirectory'
(http://www.visualclick.com/content/dsrazor-for-edirectory.htm)


-- 
leroyjjr
------------------------------------------------------------------------
leroyjjr's Profile: http://forums.novell.com/member.php?userid=75462
View this thread: http://forums.novell.com/showthread.php?t=453027

0
leroyjjr
3/31/2012 8:06:02 PM
Reply:

Similar Artilces:

Netware Client Issue w/ XP
We have a shared XP computer used by multiple users. When users log on through the Netware Client, the Windows info under the client advanced tab seems to apply to a specific Windows user; hence, it prompts you with a screen asking if you want to change your Windows and Netware password everytime a new user logs on.....unless you are the Windows user specified under the advanced/windows tab. How can you make the client accommodate different Windows/Netware users without a logon fiasco everytime a different user logs on? Can you disable the Novell client as the default logon ...

Netware 4.1 windows xp or xp professional and which client
I have Netware 4.1 running on dos with dataflex and windows 98 machines. I am getting a Windows xp or xp professional machine. Any one know which one would work best for a dos based database system and would work with novell 4.1 and which client to use. We also have word and excel documents on the fileserver that are shared by the windows 98 workstations. We would like the xp or professional to run the dos stuff and also share the word and excel files. Thank You, Seth XP Professional is the one designed for networking environment. Although, I've seen reports that XP Home wor...

Windows XP Netware Client and Netware 4.11 server
I am having some odd problems with this combination. Most of our client machines are W98 and the login script seems to work just fine. The new Windows XP Pro computer I am trying to add to the network doesn't seem to behave the same as my W2K Pro computers using the same Novell Client. Login times and NetWare rescource access times were very long so I removed the IP support from the Novell Client, specified the 802.3 frame used by the 4.11 server and specified its actual network number in the NWLink protocol settings. That helped one login user: everything worked nicely, l...

Client 4.90SP2 vs. Microsoft's XP Netware Client
We run a database program that is having problems with the Netware client. Data corruption and performance are a problem. So, I tested the Microsoft Netware client vs. the Novell client and I am getting much better performnace from the Microsoft client. The Micorsoft client is 60 times faster during a 'post data' function. This translates from 15 seconds for Microsoft to 15 minutes for Novell! Is there anything I can do to speed up the Novell Client? Jerry Gunn Metamora High School Well, since you apparently need only IPX support (you didn't note which ver...

problem between xp home/netware client 4.83sp2 & win95 clients
This may not even be down to Netware, but I am trying to eliminate certain factors. we have 3 older PCs running Win95 v4.00.95b and the original Netware 32 client (it came with Intranetware 4.11) and one new machine that has WinXP Home and the Netware client 4.83sp2. At first everything was fine, then we had a problem with the new machine and we ended up re-installing XP Home and fitting a new network card. This seemed to be OK for a few days when we noticed these 3 older PCs started to lock up, with explorer.exe not responding and we had to switch them off to get them ...

security issues with iPrint client
Just found the following vulnerabilities, is there an iPrint client available for Windows XP that fixes the below security issues? - Secunia Research: Novell iPrint Client ActiveX Control Multiple Buffer Overflows ====================================================================== Secunia Research 25/08/2008 - Novell iPrint Client ActiveX Control Multiple Buffer Overflows - ====================================================================== Table of Contents Affected Software....................................................1 Se...

Windows XP Security Issues
Hello, I have read the description of the open sockets problems with XP on the GRC website, it seems to specify that the problem involves the Home version of XP. My question is this; What, if any, are the known security issues with the XP PRO version??? Does it have the same open socket vulnerability that the home version does? Ed "Ed" <ed.stapleton@percepta-crm.com> wrote in message news:a12j0v$75g$1@news.grc.com... > Hello, > I have read the description of the open sockets problems with XP on the > GRC website, it seems to specify that ...

Win98SE and XP security issue
I have been using the ICS feature in Windows 98SE. Does it need the patch related to the XP issue? The security notice wasn't clear to me on that. "Warren" <HWLennon@BellSouth.net> wrote in message news:9vudkc$2do2$1@news.grc.com... > I have been using the ICS feature in Windows 98SE. Does it need the patch > related to the XP issue? The security notice wasn't clear to me on that. If you have installed the ICS client from WinXP then you need the patch. If you have not installed the client from WinXP, then you are not vulnerable according to the bull...

XP Client and NetWare 5
Hi, all. Which version of client do u recommend to use with WIN XP SP2 and NETWARE 5.1 sp6??? Thanks -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ The latest, version 4.91 with SP2. Try earlier versions only if you have specific issues with this one. There are also a few post-SP2 patches available you might try in case of any such issues. Gerald Reynolds Leonardo Bidi wrote: > > Hi, all. > Which version of client do u recommend to use with WIN XP SP2 and > NETWARE 5.1 sp6??? > > Thanks > ...

Client brings up security issue
I've got a client who's considering upgrading from iChain to AM. They mostly do kiosk access, with many users sharing a single computer. They've discovered an issue in iChain that they consider a security hole. A user is logged in and has accessed an SSO-enabled web resource when the iChain timeout expires. When the user tries to access the iChain session again s/he is challenged for an id and password. Once entered, the SSO-enabled web resource is again available to the user. This is nice. If the iChain session times out, iChain will let you back into the SSO protected...

Client issues with WIN 2K/XP
We are currently using GW 5.5.4 (non EP). We have noticed that when we upgraded our desktop O/S from Windows 98 to WIN 2K (prof.) or XP (prof.) with MS Office 2000 Professional SP3, the Quick correct function arbitrarily changes some words to days of the week or names of months. Has anyone seen or heard of this? Thank you. Linda It's a W2k thing, the only fix is to disable quick correct Cheers Dave -- Dave Parkes [NSCS]}} Occasionally resident at http://support-forums.novell.com/ ...

Client Access
Hello all, My Client Access ODBC is giving unexpected results when used with Windows XP Professional OS. We use the Client Access ODBC in many places in our PowerBuilder apps and it is currently working with our NT workstations. I am using an XP Professional OS, which is what we are migrating to in the near future. Here is what I know. I am using PB7.03 Build 10009 and Client Access V5R2M0. The destination database is SQL2000. I can execute a SQL statement from the database painter and it returns all rows for the query. The same SQL statement as the source of a pipeline...

Wireless Router issue with NetWare Client
I apologize if this is the wrong forum. Please advise if so. I'm wondering if anyone has had an issue connecting to a NetGear Wireless router using the NetWare Client for Windows XP (4.9 sp2). I installed it without IPX as per Netgear's website but am still having issues connecting to our NetWare 5.1 server which is running both IPX and IP. Any assistance will be greatly appreciated. Thanks! Are you able to ping the server while on the wireless connection ? If so, can you launch the Novell GUI Login manually and attempt to connect ? If it fails, try replacing the server...

client trust issue with Windows XP
I have a peculiar situation, I just formatted a machine that had win98 on it and installed winXP Pro. Prior Client Trust ran from the startup group and life was good at least where Internet access was concerned. However now that I have XP installed the user complains that she can't access the Internet which is strange because I did when I set the machine up as I installed all the MS service packs and security updates. But sure enough when I visit her machine I can't browse either. There are only two local accounts on this machine, Administrator and her's. Her l...

XP pro with Netware and windows client
I have a user who used to logon to netware and then was prompted for a windows password. This worked fine. Recently all of a sudden it is now going straight to the windows logon. It is not part of a domain but a workgroup, There are windows 2003 servers in the network but not set up at all on this machine. Once I logon to windows It goes to netware and asked to logon to the netware network. I have to choose the server inwhich we only have one and then logon again. It is backwards to what I was doing before,. Please help. Thanks client. 4.9 and or 4.83 Burnabryan, Can ...

Web resources about - Novell client security issue - novell.netware.winnt-2x-xp

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Vegas Taco Joint Gets Burglarized, Makes Amazing Viral Video Ad From Security-Cam Footage
... restaurant that first opened in 2014, and attempted to rob the place after breaking in. Fortunately, Frijoles has a pretty good security-cam ...

Weaponization, iOS attacks and biometrics – the security landscape for 2016
... the time of year when companies inevitably turn to their crystal balls and try to predict what the coming year will have in store. Where security ...

How a security director used a rootkit to rig the lottery and steal millions of dollars
Not too long ago, Eddie Tipton was convicted of hacking into the Multi-State Lottery Association's computer system in order to rig a nearly $17 ...

Homeland Security to deport hundreds who immigrated illegally - Videos - CBS News
The Obama administration is moving ahead with a new crackdown on illegal immigration. CBS News has confirmed the Department of Homeland Security ...

Security footage shows 'taco thieves'
A Las Vegas restaurant was robbed. What it decided to do next is hilarious.

2015 trends: The evolution of password security
Why you should get on board with fingerprint sensors and two-factor authentication.

Resources last updated: 12/25/2015 4:44:52 AM