Logging on to Windows 98

This section discusses how to configure logon for Windows 98 computers.

Understanding System Logon

There are two levels of system logon on Windows 98 computers:

Log on to Windows 98 by using a user name and password.
With Windows 95, you logged on to the computer using the Windows Logon. Windows 98 provides a new option called Microsoft Family Logon. If user profiles are enabled and Microsoft Family Logon has been configured, Microsoft Family Logon lists all users for that computer. For more information about the Microsoft Family Logon, see "Configuring Microsoft Family Logon" later in this chapter. For more information about user profiles, see Chapter 7, "User Profiles."
Log on to a Windows NT domain, NetWare network, or another network for which you are using a 32-bit, protected-mode networking client.

Windows 98 provides a single unified logon prompt that allows the user to log on to all networks and Windows 98 at the same time. The first time a user starts Windows 98, there are separate logon prompts for each network, as well as one for Windows 98. If these passwords are made identical, the system logon prompt for Windows 98 is not displayed again.

Note

The Passwords option in Control Panel provides a way to synchronize logon passwords for different networks so they can be made the same if one is changed. For more information, see Chapter 9, "Security."

Windows 98 also includes a related feature, called password caching. With password caching, when a user logs on to other networks with different passwords and chooses to save them, the passwords are stored in a password cache. Thereafter, the user sees only the Windows 98 logon prompt, or no prompt, even if the Windows 98 password is different from the password for the primary network client. You can enable password caching for a network client simply by selecting the check box for the Save this password in your password list option on the logon prompt for your network client (if the check box appears). You can also enable password caching later, by using the following procedure:

To set up password caching of network passwords

In Control Panel, double-click Network.
In Primary Network Logon, select Windows Logon, and then click OK.
In Control Panel, double-click Passwords, click Change Windows Password, and then click OK.
Make your Windows password blank, and then click OK two times.
Restart your computer.
When asked for a password to log on to Windows 98, enter a password, and then press OK.
For each network prompt, enter your network password and make sure the check box for Save this password in your password list is selected.
Note
This check box does not appear for Client for NetWare Networks unless you are using Service for NetWare Directory Services. Therefore, to use password caching with Client for NetWare Networks, you must install Service for NetWare Directory Services.

The next time you log on to Windows 98 using that password, Windows 98 uses the passwords stored in this cache to log the user on to other networks, you do not need to type any additional passwords.

You can also configure Windows 98 to perform an automatic or "silent" logon, by opening the user’s password file with a blank password. To do so, follow the procedure above, but instead of entering a password in Step 5, simply click OK. On subsequent boots, you will not need to log on either to Windows 98 or to the network.

You might choose this configuration, for example, for peer servers that are physically secure from user access and that must be able to automatically recover from power outages or other failures without user intervention.

If you are concerned about users compromising network security by using automatic logon, you can disable this feature by using system policies. For more information, see Chapter 9, "Security."

The following procedures describe how to log on to Windows 98 and to Microsoft and NetWare networks.

To log on to Windows 98 when no network logon has been configured

When the Welcome to Windows dialog box appears, type the user name and password.

The following screen appears.

Windows 98 uses this logon information to identify the user and to find any user profile information. User profiles define user preferences, such as the fonts and colors used on the desktop, and access information. For more information on user profiles, see Chapter 7, "User Profiles."

To log on to Windows 98 on a Microsoft network for the first time

When the Enter Network Password dialog box appears after starting Windows 98 for the first time, type the user name and password.
Note
This dialog box appears without the Domain box unless your computer is configured to log on to a Windows NT domain. For information, see Chapter 16, "Windows 98 on Microsoft Networks."

For network logon on a Microsoft network, type the name of the Windows NT domain, LAN Manager domain, or Windows NT computer that contains the related user account.
After the user name and password pair are validated by the network server, the user is allowed to use resources on the network. If the user is not validated, the user cannot gain access to network resources.
If you do not already have a Windows password for this computer or if your Windows password and network password are different the first time Windows 98 starts, the Set Windows Password dialog box appears, prompting you to type the user name and password defined for Windows 98.

To log on to Windows 98 on a NetWare network for the first time using Client for NetWare Networks

The following dialog box appears if you are running Service for NetWare Directory Services (Microsoft’s service for accessing Novell Directory Services):

To log on, type your user name and password.
– Or –
If you are not running Service for NetWare Directory Services, the following dialog box appears instead:

To log on to a NetWare network using Client for NetWare Networks, type your user name, password, and the name of the NetWare server, which is the preferred server where the related user account is stored.
If you are running Service for NetWare Directory Services, click the Advanced button and verify that the correct context and tree are selected.
After the user name and password pair are validated by the NetWare server, the user can use resources on the network. If the user is not validated, the user will be prompted to type a password when connecting to a NetWare server during this work session.
If you do not already have a Windows password for this computer or if your Windows password and network password are different the first time Windows 98 starts, the Set Windows Password dialog box appears, prompting you to type the user name and password defined for Windows 98.

To log on to Microsoft or NetWare networks after the first time

The next time this computer is started, Windows 98 displays the name of the last user who logged on and the name of the domain or preferred server used for validation. If the same user is logging on again, only the password for the network server or domain needs to be entered. If a different user is logging on, that user’s unique user name and password must be entered. If the passwords are the same for the network and Windows 98, the second dialog box for logging on to Windows 98 does not appear again.

Configuring Microsoft Family Logon

Microsoft Family Logon is a new feature that works in combination with user profiles to prevent any user from gaining access to your computer unless you have configured a user profile for that user. Before you can use or configure Microsoft Family Logon, you must enable user profiles. (For more information about enabling user profiles, see "User Profiles and Windows 98 Logon" later in this chapter.) Windows 98 includes a new way to enable user profiles: the Users option in Control Panel. If you enable user profiles with this option, Microsoft Family Logon will be automatically enabled. If you already have user profiles enabled on your computer, however, you can configure Microsoft Family Logon by using the Network option in Control Panel. This section describes both methods of configuring Microsoft Family Logon.

To enable user profiles with the Users option in Control Panel

In Control Panel, double-click Users.
A wizard appears and asks you to enter a user name and password. After you do so, it automatically enables user profiles and installs the Microsoft Family Logon Client.

To configure Microsoft Family Logon if you have already enabled user profiles

In Control Panel, double-click Network, and then click Add.
In the Select Network Component Type dialog box, select Client, and then click Add.
In the Manufacturers box, select Microsoft.
In the Network Clients box, select Microsoft Family Logon, and then click OK.

You must restart the computer for the changes to take effect. If you have selected a network logon as your primary logon, you will see only the Enter Network Password dialog box when you restart.

If you have selected the Microsoft Family Logon as your primary logon, and if user profiles have been enabled, the Enter Password dialog box appears:

If your Windows password and your network logon password have not been synchronized, you will also see the Enter Network Password dialog box.

Just as with Windows logon, if your user name and password for Microsoft Family Logon are the same as your user name and password for your network, you will not need to perform both a system logon and a network logon.

Configuring Network Logon

If you install either Client for Microsoft Networks or Client for NetWare Networks, you can configure a computer running Windows 98 to participate on a Windows NT or NetWare network.

Before you can access domain resources on a computer running Windows 98, however, you must have a Windows NT domain controller or NetWare server on the network that contains user account information for the Windows 98 user. (A Windows NT or NetWare server is not necessary for a peer-to-peer network.) For more information about setting up permissions on a Windows NT or NetWare server, see the administrator’s documentation for the server. For related information, see Chapter 16, "Windows 98 on Microsoft Networks" and Chapter 17, "Windows 98 on Third-Party Networks."

The validation of a user’s network password at system startup might not be required for accessing network resources later during that work session. However, the logon script can run only in one of two circumstances:

During system startup.
If your computer is configured to use Dial-Up Networking only, and there is no active network adapter installed that forces network components to load on system startup, a logon script can run after you connect to a network using Dial-Up Networking.

Because those are the only two cases in which logon scripts can be run if you are using a Microsoft-provided network client, they are the only times at which user profiles and system policies can be downloaded on the local computer. (However, profiles and policies are disabled by default over Dial-Up Networking connections and require special configuration to be enabled.) Therefore, proper network logon is extremely important.

The following sections provide information about configuring network logon for computers on Windows NT and NetWare networks when using a 32-bit, protected-mode network client. You can also use system policies to control network logon options, as summarized at the end of this section. For more information about enforcing logon password requirements, see Chapter 9, "Security."

Tip

Logon validation controls only user access to network resources, not access to running Windows 98. To require validation by a network logon server before allowing access to Windows 98, you must use system policies. For information, see "Setting Network Logon Options with System Policies" later in this chapter.

Notice, however, that Windows 98 security cannot prevent a user from starting the computer by using Safe Mode or a floppy disk. If you require complete user validation before starting the computer in any way, use Windows NT as the sole operating system.

Configuring Logon for Client for Microsoft Networks

When the computer is configured to use Client for Microsoft Networks as the Primary Network Logon, you can specify Microsoft Windows NT logon options in the Network option in Control Panel. This section discusses these options.

If your network includes a Windows NT domain, you can configure your computer to automatically validate you on the specified domain during the logon process. If this option is not configured, you cannot access most network resources. If this option is configured and you do not provide a correct password, you will not have access to most network resources.

You can also specify whether you want to automatically establish a connection for each persistent connection to a network resource or verify whether to reestablish connections at system startup. You can also specify basic network logon options in custom setup scripts used to install Windows 98.

For complete procedures for configuring network logon and persistent connections for Client for Microsoft Networks, see Chapter 16, "Windows 98 on Microsoft Networks." For more information about defining network logon options in custom setup scripts, see Chapter 3, "Custom Installations." For more information about controlling network logon by using system policies, see Chapter 8, "System Policies."

Configuring Logon for NetWare Networks

Each Windows 98 user must have an account on the NetWare server before being able to use its files, applications, or print queues. The NetWare server account contains user credentials (a user name and password).

With Client for NetWare Networks, there is no real-mode logon before Windows 98 starts, just the single, unified logon prompt for Windows 98 that allows users to log on to the system and to all networks at the same time. The first time a user starts Windows 98, there are two separate logon prompts: one for Windows 98 and one for the NetWare preferred server. If the two passwords are the same, the second logon prompt for Windows 98 is not displayed again. If you are using password caching, only the Windows 98 dialog box is displayed.

Like Client for NetWare Networks, Novell Client for Windows 95/98 uses a protected-mode logon instead of a real-mode logon. However, unlike Client for NetWare Networks, Novell Client for Windows 95/98 does not cache passwords in a PWL file. Thus, you will see separate logon prompts unless you set Novell Client for Windows 95/98 as the Primary Network Logon.

If the computer uses a Novell-supplied real-mode network client, network logon occurs in real mode and uses all the NetWare configuration settings that were in place before Windows 98 was installed. There are no required changes. However, the logon prompt for Windows 98 always appears when these clients are used because the unified logon process is not available.

Passwords on Windows 98 and NetWare Servers

If you are using a protected-mode network client, maintaining the same user name and password for both Windows 98 and the NetWare network makes it easier for network administrators to coordinate user accounts. For more information about passwords, including brief information on changing passwords on a NetWare server, see Chapter 9, "Security."

To configure Client for NetWare Networks for network logon, you need to specify whether Client for NetWare Networks is the Primary Network Logon. If Client for NetWare Networks is the primary network logon, the following happens:

System policies and user profiles are downloaded from NetWare servers, if you use these features.
Users are prompted first to log on to a NetWare server for validation when Windows 98 starts (before being prompted to log on to any other networks).
The last login script runs from a NetWare server.

Tip

When you start Windows 98 with Client for NetWare Networks configured as the Primary Network Logon, Windows 98 automatically prompts you to provide logon information, such as your password on the NetWare server.

Therefore, you should never run the Novell-supplied Login.exe utility from a batch file or at the command prompt when you are using Client for NetWare Networks.

When you designate Client for NetWare Networks as the Primary Network Logon, you can also specify a preferred NetWare server. Windows 98 uses the preferred server to validate user logon credentials and to find user profiles and system policy files. You can change the preferred NetWare server at any time.

With Client for NetWare Networks, you can log on only to specific servers, not to the NDS tree. However, with Service for NetWare Directory Services, you can log on to either the NDS tree or to specific bindery-based servers. The following sections explain how to use Client for NetWare Networks and Service for NetWare Directory Services to log on to NetWare servers and to the NDS tree.

Configuring Client for NetWare Networks to Log on to a NetWare Network

The following procedure describes how to configure Client for NetWare Networks to log on to a NetWare network. If you use a NETX or VLM client, you can configure the setting for the preferred server using Net.cfg or using the /ps option (/ps=server) in Startnet.bat, Autoexec.bat, or wherever you start NETX or VLM. For more information, consult your Novell-supplied documentation.

Note

In the Windows 98 Resource Kit, NETX is used to refer to the Novell NetWare workstation shell for NetWare version 3.x; VLM (Virtual Loadable Module) is used to refer to the workstation shell for version 4.x.

To use a NetWare server for network logon

In Control Panel, double-click Network.
Select Client for NetWare Networks in the Primary Network Logon dialog box.
Double-click Client for NetWare Networks in the list of installed components.
In the General tab set values for the configuration options, as described in Table 18.1.

Table 18.1 Client for NetWare configuration options

Property	Meaning

Preferred Server	Designates the name of the NetWare server that appears automatically in the Network Logon dialog box. Windows 98 obtains the NetWare login script from this server, unless you specify a different NetWare server in the Enter Network Password dialog box. This is also the server used to store user profiles and system policies, if these are used on your network. The Preferred Server setting applies to the computer, not for individual users. If you are running Service for NetWare Directory Services, this setting will be used only if the preferred server is a 4.x server in the same NDS tree that you are logging on to. If you want to log on to a bindery-based server when running Service for NetWare Directory Services, follow the procedures outlined in "Configuring Microsoft Service for NetWare Directory Services to Log on to a NetWare Bindery Server" to log on to a NetWare bindery server.
First network drive	Specifies the first drive letter that you want assigned to the first NetWare network connection.
Enable login script processing	Specifies that this computer will process NetWare login scripts when a user logs on to the network.

If the preferred server has been specified, Client for NetWare Networks attempts to connect to the preferred server rather than the first server that responds to the Get Nearest Server broadcast. Client for NetWare Networks also attempts a number of server connections in case the client computer cannot establish a connection with the preferred server.

Configuring Microsoft Service for NetWare Directory Services to Log on to the NDS Tree

This section describes how to configure Service for NetWare Directory Services to log on to the NDS tree. For more information about Service for NetWare Directory Services and how to install it, see Chapter 17, "Windows 98 on Third-Party Networks."

To log on to an NDS tree, you must select a default context and a preferred NDS tree. The default context determines what the user will be able to see and use in Network Neighborhood. You can also configure a preferred server by following the procedure in "Configuring Client for NetWare Networks to Log on to a NetWare Network," earlier in this chapter. For more information about configuring the default context and directory tree, see Help.

The logon context is the context where your user object is located. In many cases, a user’s default context and logon context will be the same, so he or she can log on without using a full or partial distinguished name.

Depending on how your directory tree is set up, a user who travels to other locations in your organization (such as other people’s offices or other sites) may need to log on from a different context from the one that contains his or her user object. You may want to encourage such users to type their full distinguished name when they log on. They may also need to change the context they are logging on to. For information on changing the logon context, see Chapter 17, "Windows 98 on Third-Party Networks."

Note

When a user logs on using a different logon context than the computer’s default context, the current context does not switch to the user’s logon context, but the container script from the user’s logon context is run. For example, suppose Ann has a user object in the APPS container object. She logs on to a machine whose default context is set to MARKETING, using the full distinguished name .CN=ANN.O=APPS. Even though her logon context is APPS, the current context stays in MARKETING, but the APPS container login script is run.

Logging on to a NetWare Bindery Server using Microsoft Service for NetWare Directory Services

If you want to log on to a bindery server instead of to an NDS directory tree, you can do so at system startup.

To log on to a bindery server

Restart your computer
In the Enter Network Password dialog box, enter your name and password and then click the Advanced tab.
Click Log in to a bindery server.
Select a bindery server, and then click OK, and then click OK again.

Configuring Novell Client for Windows 95/98 to Authenticate to NDS Trees and Servers

You are first prompted to authenticate to an NDS tree when you log on to Windows 98. However, you can also authenticate to other NDS trees or NetWare servers during the same session, so you can be authenticated to more than one NDS tree at once.

To authenticate to NDS Trees and NetWare servers

Right-click the server or tree you want to attach to.
In the context-sensitive menu, click Authenticate.
If prompted, specify your user name and password for the tree or server you are authenticating to.

To view the trees and servers you are authenticated to

Right-click Network Neighborhood, and then click NetWare Connections.

To view a specific connection

From Network Neighborhood, right-click a server or tree.
In the context-sensitive menu, click WhoAmI.

Setting Network Logon Options with System Policies

The network administrator can define system policies to enforce requirements for network logon. For example, you may want to make sure that users cannot access the local computer without network validation, or you may want to disable password caching.

Note

System policies are not installed on Windows 98 by default. For more information, see Chapter 8, "System Policies."

For network logon in general, use the following policies:

Logon Banner, to specify a caption and other text, such as a legal notice, to be displayed before the logon dialog box appears.
Require Validation By Network For Windows Access, to specify that each logon must be validated by a server before access to Windows is allowed.

For Client for Microsoft Networks, use the following policies:

Log On To Windows NT, to specify that this computer can participate in a Windows NT domain.
Display Domain Logon Validation, to display a message when the domain controller has validated user logon.
Disable Caching of Domain Password, to specify that no caching is used for the network password. However, do not enable the Quick Logon features when password caching has been disabled using system policies. The Quick Logon feature requires password caching to function properly.

For Microsoft Client for NetWare Networks, use the following policy:

Disable Automatic NetWare Logon, to specify that when Windows 98 attempts to connect to a NetWare server, it does not automatically try to use the user’s network logon name and password and the Windows logon password to make the connection.

For Microsoft Service for NetWare Directory Services, use the following policies:

Preferred Tree, to specify the preferred NDS tree.
Default Name Context, to specify the default context.

For more information about these policies and others that enforce password requirements, see Chapter 8, "System Policies."

If a computer has the Microsoft Remote Registry agent installed, you can use System Policy Editor to remotely set network logon options on individual computers without using system policies. This is useful in cases in which you have not previously enforced logon requirements using system policies but you want to make sure that network logon is configured properly on a specific computer.

Using Logon Scripts

This section summarizes some information about using logon scripts on Windows NT and NetWare networks. For details about using logon scripts for a push installation of Windows 98, see Chapter 4, "Automated Installations."

Using Logon Scripts with Microsoft Networking

This section summarizes how to use logon scripts for Windows 98 on Windows NT networks.

Logon scripts are batch files or executable files that run automatically when a user logs on to a computer running either Windows NT, Windows 98, or MS-DOS. Logon scripts are often used to configure users’ working environments by making network connections and starting applications.

There are several reasons that you might want to use logon scripts:

You want to manage part of the user environment (such as network connections) without managing or dictating the entire environment.
You want to create common network connections for multiple users.

To assign a user a logon script, designate the path name of the logon script file in the user’s account on the server. Then, whenever that user logs on, the logon script is downloaded and run. You can assign a different logon script to each user or create logon scripts for multiple users.

To create a batch-file logon script, create an MS-DOS batch file. (For more information about creating batch files, see your MS-DOS documentation.)

A logon script is always downloaded from the server that validates a user’s logon request. For users with accounts on Windows NT server domains that have one or more backup domain controllers and a primary domain controller, any one of the domain controllers can authorize a user’s logon attempt. To ensure that logon scripts always work for users, you should be sure that logon scripts for all user accounts in a domain exist on every primary and backup domain controller in the domain. You can do this by using the Windows NT Replicator service.

Home directories on Windows NT networks are used to store user profiles and can also serve as private storage spaces for users. To ensure access to user profiles, you should assign each user a home directory on a server. You can also assign users home directories on their own workstations (although this means that users will not have access to their user profiles from other computers).

Using the Windows Scripting Host to Run Logon Scripts

The Windows Scripting Host is a tool that allows you to run scripts natively on Windows 95, Windows 98, or Windows NT version 4.0 or later. If you are a network administrator and you want to run a logon script on Windows NT Server 4.0 or later, you can write that script using the Microsoft Visual Basic Scripting Edition or the Microsoft JScript scripting engine, then run it using the Windows Scripting Host. The Windows Scripting Host supports several features commonly used in logon scripts, such as mapping drives and printers and managing your users’ environments, so it can help you automate routine logon tasks.

For more information about the Windows Scripting Host, see Chapter 23, "System and Remote Administration Tools." See also http://www.microsoft.com/management/scrpthost.htm.

Using Login Scripts on NetWare Networks

NetWare clients that support NDS use the NDS login script when connecting to NDS. When connecting in bindery mode, they use the bindery login script. Bindery clients always use the bindery script.

Login scripts are stored differently on NetWare 3.x servers using bindery services than on NetWare 4.x servers using NDS. On a bindery server, the system login script is stored in the Net$log.dat file in the \Public directory, and individual user login scripts are stored in the Login file in Mail subdirectories that correspond to the users’ internal IDs. On an NDS server, the Container, Profile, and User login scripts are stored in the NDS database as properties of those objects.

The network administrator can use SYSCON for NetWare 3.x bindery-based servers or NETADMIN or NWADMIN for 4.x servers to edit login scripts for any NetWare-compatible client running under Windows 98.

The issues related to running login scripts depend on whether the computer is configured with Client for NetWare Networks or uses a Novell-supplied network client.

Running Login Scripts with Client for NetWare Networks

If the computer is running Client for NetWare Networks, the special Windows 98 Login Script Processor runs the login script after the user completes entries in the network logon dialog box during system startup. If you are also running Service for NetWare Directory Services, your computer can make NDS-based connections and can use the NDS login script if you log on as an NDS user. If you are not running Service for NetWare Directory Services, Client for NetWare Networks makes only bindery connections.

When a computer running Client for NetWare Networks but not Service for NetWare Directory Services connects to a NetWare 4.x server, the server must be running bindery emulation, so that the login scripts can be accessed in the same way as on a bindery server. If bindery-type login script files are not available, you can create login scripts by enabling bindery emulation on the server, then using NETADMIN to create accounts.

The Windows 98 Login Script Processor runs NetWare system and user login scripts, using commands in these scripts, such as MAP and CAPTURE, to make global changes to the system environment. For example, a script might include SET statements or PATH statements to specify search drives.

The login script appears in a window if the user’s login script contains the WRITE, DISPLAY, FDISPLAY, PAUSE, or WAIT commands.

You can use any NetWare or MS-DOS command (in conjunction with NetWare login script commands) in a login script, except those that load TSRs. The Windows 98 Login Script Processor operates in protected-mode, so loading real-mode TSRs from a login script is not possible because login scripts are run after all real-mode actions are completed at system startup. Any TSR that is run from a login script is loaded in a single virtual machine, which is subsequently shut down when login script processing is completed. In these cases, the Login Script Processor displays an error message.

For loading components, such as backup agents, you can use protected-mode equivalents in Windows 98 instead of running TSRs. If you need to run a TSR to support an application, use one of the options described in the Table 18.2.

Table 18.2 Loading TSRs with Client for NetWare Networks

What the TSR must support		Where to load the TSR


With NDIS 3.1 drivers:
All applications created for MS-DOS or Windows, without IPX/SPX support		Autoexec.bat
All Windows-based applications that require IPX/SPX support¹		Winstart.bat in the \Windows directory
All MS-DOS- based applications that require IPX/SPX support²		At the command prompt before running the application
With ODI drivers:
All applications created for MS-DOS or Windows with IPX/SPX support		After the entry that loads IPXODI in Autoexec.bat or Winstart.bat

¹ The IPX/SPX-compatible protocol (NWLINK) is loaded after real mode is complete but before login scripts are processed, so this protocol is available for TSRs loaded from Winstart.bat. ² The TSR must be loaded in each separate virtual machine for each application that requires that TSR before the application is loaded. This can be done in a batch file used to run the application.

The network administrator might want to warn users that, in the following circumstances, the Login Script Processor can display special windows and messages, and that this is not an error condition:

When the login script runs, a message announces that the operating system is processing login scripts. The user can click a button to see details. However, if any statement in the script writes to the screen or if there is a PAUSE statement, the Login Script Processor window appears and displays all subsequent statements as they run.
If a #DOS_command statement is included in the script, a special virtual machine is used to process the command. An MS-DOS Prompt window appears while the command is running and then closes automatically when the command is complete.

The following list presents some tips for testing and running login scripts with Client for NetWare Networks:

Insert PAUSE statements frequently in the scripts you are testing so that you can study each screen of information as it appears in the Login Script Processor window.
While testing scripts, check carefully for script errors that appear in the Login Script Processor window.
Insert PAUSE statements following any text that you want the user to read during system logon.
Note
The Windows 98 Login Script Processor can handle any documented NetWare login script commands. Any undocumented variations on NetWare commands might not be processed as legal statements.

You can make persistent connections (using the same drive letter each time) to NetWare volumes and directories by using the Windows 98 user interface. Using persistent connections eliminates the need for some NetWare MAP commands in login scripts. However, if persistent connections are made to a server, you should avoid using the ATTACH command in login scripts.

Running Login Scripts with Novell-Supplied Clients

If a computer is running the Novell-supplied Novell Client for Windows 95/98, login scripts are processed when you log on to a NetWare network. (Logging on is different from authenticating to either a NetWare server or an NDS tree, which you can also do after logging on to the network.)

If you are running Novell Client for Windows 95/98, if you run an external command in your login script, such as "send /a=n" the MS-DOS box does not automatically close when the program terminates.

If a computer is running the Novell-supplied NETX or VLM networking client, login scripts are processed as they were before Windows 98 was installed.

With NETX or VLM, login scripts are run in real mode during system startup. Therefore, all statements and TSRs will run as expected and be available globally for all applications created for Windows or MS-DOS.

Important

Users running a Novell-supplied real-mode client should always log on to the NetWare server before running Windows 98. Otherwise, many operational problems will occur. For example, if a user instead logs on at the command prompt while already running Windows 98, then all the drive mappings created by the login scripts will be local only to that virtual machine.

User Profiles and Windows 98 Logon

The notes in this section provide a brief overview of the logon process in Windows 98. User profiles can be enabled in three ways:

From the Users option in Control Panel.
From the Passwords option in Control Panel.
From the System Policy Editor.

If user profiles are enabled, then a network or Windows logon dialog box will always appear at system startup (even if the user’s password is blank) because the user must be identified so the operating system can load the correct profile.

If user profiles are not enabled, what happens in the logon process depends on the setting specified in the Primary Network Logon box in the Network option in Control Panel. If the Primary Network Logon setting is for a network provider, such as Client for NetWare Networks or Client for Microsoft Networks, then an Enter Network Password dialog box will always appear at system startup if the network is active. These network providers cannot allow automatic logon without the user entering a password because the provider does not know which network account the user wants to use.

If the user selects Windows Logon as the value in the Primary Network Logon box in the Network option in Control Panel, then the Windows Logon dialog box will appear first, followed by logon dialog boxes for any other network providers. In this case, if the user has entered a Windows password but has cached the network passwords, the user needs to enter only the Windows password. If the user has configured the computer to perform an automatic logon by using password caching, the user will not need to enter a password to gain access to Windows 98 or the network. (For more information about password caching, see "Understanding System Logon," earlier in this chapter.)

If the user selects Microsoft Family Logon from the value in the Primary Network Logon box in the Network option in Control Panel, and user profiles are enabled, then the Microsoft Family Logon dialog box appears.

Note

The administrator can use system policies to restrict users’ access to the Passwords option in Control Panel or to require a minimum password length to prevent automatic logon using blank passwords.