This section provides information on the following:
The following figure illustrates the dialog box for configuring Inactivity Timeout events:
This dialog box enables you to specify the inactivity timeout and configure a warning that is displayed just before the inactivity timeout is reached.
You can configure a.wav file that will be played when the warning is shown. You can also specify an .avi file to be played for the warning. To configure these features:
Click
.Select an option.
Browse to and select .avi or .wav files.
Click
.The warning message can accommodate .avi files that display images of any size.
The warning dialog box is displayed for the last few seconds of the inactivity timeout. You can specify the number of seconds that the warning dialog box is displayed. For example, if you set an inactivity timeout of thirty seconds and configure the warning dialog box to display for ten seconds, Secure Workstation displays the warning dialog box after twenty seconds of inactivity.
The following figure illustrates the dialog box for configuring a Device Removal event.
The Devices to Monitor for Removal section contains a list of devices that are registered with the Secure Workstation.
This dialog box enables you to specify which devices are included in the policy. If a device is included in the policy, it must be present during the user's session. If a device in the list is not present, Secure Workstation executes the lock action.
For SecureLogin 6.0 SP1, both the Universal Smart Card and pcProx Methods for NMAS can report device removal events to Secure Workstation.
Other NMAS partners have also implemented devices that can report device removal events to Secure Workstation. If you want to use a device that does not show up in the list, make sure that you have installed the NMAS Login Client Method for the device. If the device still doesn’t show up, check with the vendor of the device to ensure that it will work with Secure Workstation.
The following figure illustrates a Network Logout event:
A Network Logout event is triggered when a user logs out of the network. This event could be triggered by either Client32 or the LDAP Authentication Client, depending on which client is present.
One of the intended uses of the Network Logout event is to close programs that the user might have used for single sign-on through Novell SecureLogin. This event might also be used to display a login dialog box or run a script when the user logs out. For more information, see Section 8.5.6, The Post-Policy Command.
This event has a different set of lock actions than the other events. The Default Action list contains the following actions:
Log Out of the Workstation
Close all programs
Only Execute the Post-Policy Command
The Action for Terminal Services Clients list contains the following actions:
Log Out of the Workstation
Close All Programs
Disconnect the Session
Only Execute the Post-Policy Command
The Default Action list doesn’t include the following actions:
Lock the Workstation
This action has been omitted because of the behavior of the GINA. If a network connection isn’t present when the workstation is locked, the Client32 GINA won’t allow the workstation to be unlocked with an eDirectory authentication.
Log Out of the Network
This action has been omitted because it doesn’t make sense to log out of the network in response to a network logout event.
The Network Logout event is the only event that includes the Only Execute the Post-Policy Command action. This action is actually a substitute for the Log Out of the Network action that is available with other events. If you want to execute a Post-Policy Command on network logout, but not do anything else, use this action.
You can use the Post-Policy Command to display a login dialog box or run a script. For more information, see Section 8.5.6, The Post-Policy Command.
The Manual Lock event gives users the ability to manually trigger Secure Workstation. A user can manually trigger Secure Workstation either by clicking the Logoff button on the Quick Logon/Logoff Interface or by executing SWLock.exe in the System32 directory.
The following figure illustrates the Manual Lock dialog box.
To configure Manual Lock:
Select
from the main page, then click .Check the
check box.(Optional) Select an option from the
drop-down list.(Optional) Select an option from the
.The following figure illustrates the Advanced Settings dialog box.
To configure advanced settings, click
on Secure Workstation’s main dialog box.check box affects the way programs are shut down when Secure Workstation logs a user out of Windows. If this check box is selected, Windows terminates programs that do not respond to a "close" message in a timely manner. This setting logs the user out of Windows more quickly, but some programs might not get an opportunity to save their data before being terminated.
The
check box is similar, except that it controls the behavior of the action. When Secure Workstation closes programs, it always sends a Close message to each program to tell it to shut down. If the check box isn’t checked, Secure Workstation does nothing else to close the programs. The result is that some programs might not shut down.For example, if Microsoft Word* has an unsaved document, Secure Workstation might display a
dialog box.On the other hand, if the W
check box is checked, Secure Workstation checks to see if the programs are still running after the specified timeout. Any programs that are still running at this point are terminated and might not have a chance to save their data.You can use the
to specify which programs should be closed when Secure Workstation executes a Close All Programs action.Figure 8-2 The program list dialog box
If you select
, Secure Workstation closes only the programs listed.If you select
, Secure Workstation closes all programs except those specifically listed.NOTE:If you select explorer.exe, the process associated with the user’s desktop.
, SecureLogin closes every program in the user’s sessions except those listed. This closing includesSecure Workstation closes only the programs that the currently logged in Windows user has sufficient rights to close on his own. Programs that the user does not have rights to (such as a service running as the LocalSystem account) aren’t closed.
When Secure Workstation is running on a Terminal Server, only the programs in the current user's session are closed. Programs running in other users' sessions aren’t affected.
You don't need to specify the full path and name of each program in the program list. For example, instead of adding c:\winnt\system32\notepad.exe to the list, you could just add Notepad.exe.
However, if you don't specify the full path, the entry will correspond to all programs with that name, regardless of their path. For instance, listing Notepad.exe in the list without the path would match both c:\winnt\system32\notepad.exe, and c:\documents and settings\user\notepad.exe.
You can also use environment variables in the program list. For example, you could specify %systemroot%\System32\notepad.exe instead of c:\winnt\system32\notepad.exe.
The Post-Policy Command is a command that is executed after Secure Workstation executes the lock action. This feature was designed to display a login dialog box after a Close All Programs or Log Out of the Network action has been executed. However, you can use this feature to run any program or script. You must provide the full path and name of the program to run.
To display the login dialog box, use loginw32.exe for Client32. Use nldaplgn.exe for the LDAP Authentication Client. One of the programs is located in the system32 directory depending on the mode of installation.
If you have configured the Network Logout event, Secure Workstation restarts the program specified in the Post-Policy Command if it terminates before a user is logged in. This allows the login dialog box to be displayed again if a user clicks Novell Technical Information Document 3407572 - Registry Keys and Values Used By Secure Workstations
. For more information on configuring events for Secure Workstation, see