Environment
Situation
Question
How do I permanently exclude (or include) certain executables from SecureLogin? For example, a virus scanner that is always running in windows but we never want SSO enabled?
Resolution
Answer
SecureLogin will watch the executables you publish as SSO enabled in the Directory. You publish them at the OU level (e.g. OU=Users) and all users in that OU automatically inherit them. This is how most organizations determine which applications are SSO enabled and which aren’t.
In addition, there are other methods to temporarily deactivate SecureLogin or disable SSO for a particular application or a particular user for troubleshooting purposes. The exclude.ini method should only be implemented if advised by experienced SecureLogin administrators/consultants.
There is a way to permanently include or exclude executables (it only works for Windows applications (.exe) with SecureLogin. This allows you to determine which exe’s SecureLogin will NEVER watch (even if an application definition is written and published), or which it will ONLY watch for.
It is not often used, but maybe useful if you wish to exclude SSO from watching an executable that is constantly running (e.g, virus scanner) or determine a hard coded list SecureLogin will watch for.
- For optimal performance, the following executables are excluded from SSO by default. They are hard coded and can be added back in using the methods described in this document.
msdev.exe
slbroker.exe
tlaunch.exe
slproto.exe
notes.exe
nswebsso.exe
nwadmn32.exe
nwadmnnt.exe
nwadmn95.exe
loginw95.exe
setup.exe
nwtray.exe
loginw32.exe
scrnlock.scr
wfica32.exe
mmc.exe
slwinsso.exe
slmanager.exe
sllock.scr
To permanently exclude or include specific windows applications from being watched by SSO, create an exclude.ini file in the SecureLogin directory. The exclude.ini file should contain a list of the application executables that you want to exclude. Even if a script is written for them, SSO will never watch these executables.
- An example of a simple exclude.ini file would be (these files would be appended to the hard coded list that SecureLogin never watches):
finance.exe
passwordtest.exe
sun32.exe
explorer.exe
virusscanner.exe
By default, SecureLogin will exclude the listed applications in the exclude.ini file. If there are only a few applications that you want SSO enabled, type Include at the top of the file and then list the application executables that you want to include. Using this method, the hard coded list would still be excluded and these files would be the ONLY files ever watched by SecureLogin (any other SSO enabled published applications would be ignored by SecureLogin)
Include
secrem.exe
aurion.exe
A way of resetting the hard coded list so no executables are excluded by default is to type Nodefault at the top of the file and then Exclude the files you desire.
Nodefault
Exclude
msdev.exe
explorer.exe
slbroker.exe
tlaunch.exe
slproto.exe
notes.exe
nswebsso.exe
nwadmn32.exe
nwadmnnt.exe
nwadmn95.exe
loginw95.exe
setup.exe
nwtray.exe
loginw32.exe