Registry Keys and Values Used by Secure Workstation

  • 3407572
  • 04-Dec-2007
  • 26-Apr-2012

Environment

Novell SecureLogin 3.51
Novell SecureLogin 6.0
Novell SecureLogin 6.1

Situation

This solution describes all registry keys and values used by Secure Workstation. Because the local policy is stored in the registry along with a list of DLLs that will be loaded by the Secure Workstation Service, Novell strongly recommends setting a restrictive ACL on all keys listed in this document

All keys listed here are relative to this key:

HKLM\SOFTWARE\Novell\NMAS\MethodData


Key: Secure Workstation

Description:This is the root key for the section of the registry used by Secure Workstation.


Values:

Debug, DWORD:If this value is non-zero, then Secure Workstation will output trace information using the OutputDebugString call. This trace information can be viewed using DebugView from sysinternals.com.


DebugLog, DWORD:If this value is non-zero, then Secure Workstation will write trace information to a set of log files for each of the Secure Workstation component. The log files can be found in <>\SWLog.
NOTE: This key redirects the information that is generated by DWORD Debug to a series of logs. Debug most be set in conjunction with this key.

SWAudit,
This registry value can be of any type. This registry value is required to integrate Secure Workstation with Novell Audit. With this registry configuration, the following events would be sent to Audit server from Secure Workstation (Subject to change):

Device removal

Inactivity timeout

Logout of Workstation

Key: Secure Workstation\RegisteredMethods

Description:Each sub-key of this key represents a device-removal plug-in for Secure Workstation.

Values:None.

Key: Secure Workstation\RegisteredMethod\<>

Description:Each sub-key of the registered methods key represents a registered device-removal plug-in for Secure Workstation. Each of these keys must contain the values listed below.

Values:

MethodID, DWORD:This value contains the NMAS method ID number for the plug-in.

RemovalDLL, String:This value contains the path and name of a DLL that implements the device removal plug-in for this method.

Key: Secure Workstation\Policy

Description:This key and its sub-keys contain the local workstation policy.

Values:

Flags, DWORD:This value contains flags specified in the local policy. The flags are:

0x01:Policy active flag.
0x02:Inactivity timeout flag.
0x04:Force logoff flag. If this flag is set, Secure Workstation passes the ESX_FORCE flag to ExitWindowsEx when logging out of Windows.
0x08:
Forcefully terminate applications. If this flag is set, Secure Workstation will call TerminateProcess on applications that do not terminate within a specified time period.
0x10:Display the "inactivity warning” dialog before taking the lock action due to an inactivity timeout.
0x20:
Execute a post-policy command.
0x40:If a post-policy command has been specified in both the local policy and the network policy, always use the command from the network policy. If this flag has not been set, then Secure Workstation will always use the command from the local policy in this case.
0x80:Close all programs when the network user logs off.

IdleTimeout, DWORD:Specifies the user inactivity timeout.

ConsoleLockAction, DWORD:Specifies the lock action that will be taken for a session connected to the local console. Possible values are:

0x01:Close all programs. May be combined with the "Logout of the Network” value.
0x02:Logout of the network (Client32 and/or the LDAP GINA). This may be combined with the "Close all Programs” value.
0x04:
Logout of Windows.
0x08:Lock the workstation or disconnect the terminal services session.

TerminalLockAction, DWORD:Specifies the lock action that will be taken for remote sessions. The possible values are the same as "ConsoleLockAction”.

DeviceFlags, DWORD:Specifies information about authentication devices to be monitored. Possible values are:

0x01:Monitor devices flag. Secure Workstation will not monitor any devices unless this flag is set.
0x02:Monitor all devices.
0x04:Use a device list. Monitor devices specified in the Secure Workstation\Policy\Devices key.

KillAppTimeout, DWORD:This value is used by the "Close all programs” lock action. If this "forcefully terminate applications” flag has been set, this is the amount of time Secure Workstation will wait for applications to close before forcefully terminating them.

WarnCountdown, DWORD:This value specifies the number of seconds a warning dialog should be displayed before an inactivity timeout event. This value cannot be more than "idleTimeout”.

InactivityFlags, DWORD:Specifies if a .wav or .avi file should be played with the inactivity warning dialog.


0x01:Play an AVI file on the dialog.

0x02:Play a WAV file when the dialog is displayed.

WarnAnimation, String:Specifies the path and name of an AVI file that will be displayed on the inactivity warning dialog.

WarnSound, String:Specifies the path and name of a WAV file that will be played when the inactivity warning dialog is displayed.

LockCommand, String:This is the post-policy command. The SMP will execute this command using CreateProcess after a close all programs and/or log out of the network lock action has been executed.

DevicePluseTime, DWORD:This value is used when detecting device removal after executing a close all programs lock action. Secure Workstation will continue enforcing the policy until the original device(s) are present in compliance with the policy or until a new user logs in. In order to detect the presence of the devices the service re-starts the device removal plug-ins at regular intervals.

This setting was created to handle the latency between the time when the service sends the plug-ins a startup message and the time when the plug-ins report that their device is not present. This value specifies the amount of time that Secure Workstation will wait to receive a "device removal” message before assuming that the device is present. The default for this value is 10 seconds.

PostPolicyCommandTimeout, DWORD:When a post-policy command has been configured, this value specifies how the command will be executed. For example, if loginw32.exe (displays the Client32 login dialog) has been specified as the post-policy command, then the administrator will probably want Secure Workstation to re-execute the command if a user cancels the dialog. However, if the post-policy command has been configured to execute a script, then the administrator may want to execute only once.

If this value is zero, Secure Workstation will execute the post-policy command only once. If this value is non-zero, then it specifies the number of seconds that Secure Workstation should wait to re-execute the post policy command after detecting that it has terminated.

UseClient32, DWORD:If this value is zero, then Secure Workstation will ignore Client32 connections. In this case, it will not monitor the Client32 connection, nor will it terminate any Client32 connections when executing the "Log out of the Network” lock action.

UseLDAPAuthClient, DWORD: If this value is zero, then Secure Workstation will ignore events from the LDAP Auth Client, and will not clear the LDAP Auth Client credentials.

NSWAdmin, String:This value specifies the name of a Windows user that will be used to administer Secure Workstation. When this user logs in, Secure Workstation will not enforce its policy. This feature can be used by an administrator to disable Secure Workstation if, for instance, a device specified in the policy is malfunctioning.

Client32PollInterval, DWORD:Specifies the amount of time in milliseconds that Secure Workstation will wait before polling the primary connection to see if the user has logged out.

LdapAuthPollInterval, DWORD:Same as Client32PollInterval, but applies to the LDAP Authentication Client.

DefaultFileLocation, String:When a .avi and/or a .wav file has been specified in the Network Policy, those files must be stored locally on the Workstation. This value specifies the directory where Secure Workstation will write those files. The default behavior is to write these files to the user’s profile directory. Note that these files will be created by a process running as the currently logged-in Windows user, so the Windows user must have write rights directory specified by this registry entry.

Key: Secure Workstation\Policy\Devices

Description: The device list associated with the local policy.

Values:0, 1, 2, …, DWORD: The names of the values in the device list are numbered starting with zero. The value is the NMAS method ID of each device removal plug-in specified in the policy.


Key: Secure Workstation\Policy\Process List

Description: The list of process associated with the "Close all Programs” lock action.

Values: include, DWORD:This value specifies if the values in the process list specify programs that should be closed, or programs that should be excluded. If this value is non-zero, then only the programs specified in the process list will be closed. If this value is not present or set to zero, all processes will be closedexceptthose specified in the process list.

0, 1, 2,…, DWORD:The names of values in the process list are numbered starting with zero. The value can be either the name of a process (nwtray.exe), the full path and name of a process (c:\winnt\system32\nwtray.exe), or the path and name of a process using environment variables (%systemroot%\nwtray.exe).

Key: Secure Workstation\Policy\Allowed Processes

Description: This key contains a list of processes that are allowed to communicate with the Secure Workstation service via its named pipe.

Values:0, 1, 2, …, DWORD: The names of the values this list are numbered starting with zero. The value is the full path and name of each executable that is allowed to communicate with the Secure Workstation service.