Novell Doc: Novell International Cryptographic Infrastructure (NICI) 2.7.6 Administration Guide

3.4 Windows Configuration

The NICI install creates and populates a key in the Windows registry. The location of the key is HKEY_LOCAL_MACHINE\SOFTWARE\Novell\NICI. The table below describes each value.

Table 3-3 Windows Key Values

Key	Type	Description
ConfigDirectory	String	Location of NICI configuration files
DAC	Binary	NICI module’s digital authentication code.
SharedLibrary	String	The name of the library, such as ccsw32.dll
Strength	String	U0 for strong, W1 for import restricted (no longer supported)
UserDirectoryRoot	String	(Optional). Name of a directory where user directories are created. Defaults to ConfigDirectory.
Version	DWORD	NICI version, such as 0x00002400 for 2.4.
NICISDI Sync Period	DWORD	NICISDI synchronization period in minutes, represented in hexadecimal.
EnableUserProfileDirectory	DWORD	NICI user files are created in the Application Data\Novell\NICI directory in the user’s profile directory.

Users’ directories are created, by default, in the <systemroot>\system32\novell\nici directory by the user’s name, for example, c:\winnt\system32\novell\nici\administrator. To change the root directory in which all user directories are created, edit the string type registry entry UserDirectoryRoot in the NICI registry key, and set it to the desired root directory. For example, use c:\documents and settings to create the NICI user configuration files in each user’s local profile path on a Windows 2000 system.

The username is the name of the user owning the process that started NICI. If it is a local user, NICI uses the username. If it is a remote or a domain user, NICI forms the username as the combination of username and domain separated by a dot (userName.domainName).

EnableUserProfileDirectory is not created by the NICI install, so it is disabled. If it is set, existing NICI user files might need to be copied or moved to the new location. If the user profile directory is enabled, NICI does not set the ACLs on this directory. It relies on existing security properties (ACLs, inheritance, and ownership) of the user’s profile directory. Use this option very carefully, because you can disclose all users’ NICI keys. NICI creates the Application Data\Novell\NICI directory if it is not present, and stores all NICI user files in this directory. This option is provided to enable the dynamic user creation/deletion feature in the Novell ZENWorks® product. It must be set manually or by another application’s install, such as ZENWorks.

The niciext.dlm module reads the nicisdi sync period value when DHost loads it. If the value does not exist, or if the period is zero, NICIEXT does not attempt to read it again. If the value exists and contains a non-zero period, the value is read once in a period before synchronization. You can disable the background synchronization process by deleting the value, or setting the period to zero.

The <systemroot>\system32\novell\nici\nicisdi.key file contains encrypted security domain keys as discussed in Section 4.0, NICISDI: Security Domain Infrastructure.

All users have read, execute, and create rights to the files in the NICI configuration directory (<systemroot>\Novell\NICI). NICI dynamically creates user directories upon first use of NICI by that user, and give full rights only to the user creating the directory.