9.4 Applications Excluded for Single Sign-On

Although Novell SecureLogin facilitates you to enable single sign-on for Windows, Web, and Java applications; some applications cannot be enabled for single sign-on. The applications that cannot be enabled include certain installers, Novell SecureLogin and Windows system files. Enabling these applications might affect your computer’s performance or create a security risk.

These applications are hard-coded and are excluded from single sign-on.

Table 9-4 Applications excluded from Single Sign-On

setup.exe

Nwadmn95.exe

acsagent.exe

_isdel.exe

loginw95.exe

adamconfig.exe

msiexec.exe

NWTray.exe

rdbgwiz.exe

MSDEV.exe

loginw32.exe

ProtocomSysTray.exe

devenv.exe

scrnlock.scr

ac.aac.run.exe

SLBroker.EXE

MMC.EXE

SLBroker64.EXE

tlaunch.exe

slwinsso.exe

slwinsso64.exe

SLProto.exe

SLManager.exe

SLManager64.exe

nswebsso.exe

sllock.scr

tlaunch64.exe

Nwadmn32.exe

ConsoleOne.exe

SLProto64.exe

Nwadmnnt.exe

SLLauncher.exe

9.4.1 Modifying the List

Although the applications disabled for single sign-on are hardcoded, you can modify the behavior by creating a text file at the <Novell SecureLogin Install path> For example, at C:\Program Files\Novell\SecureLogin\ and name it exclude.ini.

NOTE:Despite its extension, the exclude.ini file is not in an .ini file format.

You can open this file in any text editor and make the changes. You can extend or modify the list.

You can modify the file in the following ways:

Extending the List of Applications

If you want to disable more applications apart from the hardcoded applications, add the names of the application to the exclude.ini file. For example, you can add grpwise.exe to the exclude.ini file. With this, GroupWise is also disabled for single sign-on.

NOTE:If you add an existing application to the list of applications in the exclude.ini file, it does not impact the original list. For example, if you add SLProto.exe to the exclude.ini file, it does not impact the function although it is listed twice.

Including Applications for Single Sign-On

If you want to enable only a set of applications for single sign-on, use Include keyword in exclude.ini file

In the exclude.ini file add the Include keyword to enable an executable for single sign-on. By including the Include keyword, the list is converted to an include list.

For example, when you add

Include

Trillian.exe

Trillian application is enabled for single sign-on. The next time you log in, you are prompted to enable single sign-on.

Disabling the Default Behavior

If you want to define a custom list for disabling the applications for single sign-on, include the NoDefault keyword. When you include the NoDefault keyword, the hardcoded applications are overrided.

For example, if you modify the list as:

NoDefault

NMCL32.exe

the hardcoded applications that are disabled for single sign-on is not read by Novell SecureLogin. Instead, the executables listed with the NoDefault keyword in the exclude.ini file are considered and all the applications listed in the file are disabled for single sign-on.