Using Exclude.Ini to customize which executables are watched (or not watched) by SecureLogin

  • 7940167
  • 19-Aug-2009
  • 08-Jan-2014

Environment

SecureLogin
SecureLogin SSO
All Versions

Situation

Question

How do I permanently exclude (or include) certain executables from SecureLogin? For example, a virus scanner that is always running in windows but we never want SSO enabled?

Resolution

Answer

SecureLogin will watch the executables you publish as SSO enabled in the Directory. You publish them at the OU level (e.g. OU=Users) and all users in that OU automatically inherit them. This is how most organizations determine which applications are SSO enabled and which aren’t.

In addition, there are other methods to temporarily deactivate SecureLogin or disable SSO for a particular application or a particular user for troubleshooting purposes. The exclude.ini method should only be implemented if advised by experienced SecureLogin administrators/consultants.

There is a way to permanently include or exclude executables (it only works for Windows applications (.exe) with SecureLogin. This allows you to determine which exe’s SecureLogin will NEVER watch (even if an application definition is written and published), or which it will ONLY watch for.

It is not often used, but maybe useful if you wish to exclude SSO from watching an executable that is constantly running (e.g, virus scanner) or determine a hard coded list SecureLogin will watch for.

  • For optimal performance, the following executables are excluded from SSO by default. They are hard coded and can be added back in using the methods described in this document.

msdev.exe

slbroker.exe

tlaunch.exe

slproto.exe

notes.exe

nswebsso.exe

nwadmn32.exe

nwadmnnt.exe

nwadmn95.exe

loginw95.exe

setup.exe

nwtray.exe

loginw32.exe

scrnlock.scr

wfica32.exe

mmc.exe

slwinsso.exe

slmanager.exe

sllock.scr

To permanently exclude or include specific windows applications from being watched by SSO, create an exclude.ini file in the SecureLogin directory. The exclude.ini file should contain a list of the application executables that you want to exclude. Even if a script is written for them, SSO will never watch these executables.

  • An example of a simple exclude.ini file would be (these files would be appended to the hard coded list that SecureLogin never watches):

finance.exe

passwordtest.exe

sun32.exe

explorer.exe

virusscanner.exe

By default, SecureLogin will exclude the listed applications in the exclude.ini file. If there are only a few applications that you want SSO enabled, type Include at the top of the file and then list the application executables that you want to include. Using this method, the hard coded list would still be excluded and these files would be the ONLY files ever watched by SecureLogin (any other SSO enabled published applications would be ignored by SecureLogin)

Include

secrem.exe

aurion.exe

A way of resetting the hard coded list so no executables are excluded by default is to type Nodefault at the top of the file and then Exclude the files you desire.

Nodefault

Exclude

msdev.exe

explorer.exe

slbroker.exe

tlaunch.exe

slproto.exe

notes.exe

nswebsso.exe

nwadmn32.exe

nwadmnnt.exe

nwadmn95.exe

loginw95.exe

setup.exe

nwtray.exe

loginw32.exe

Feedback service temporarily unavailable. For content questions or problems, please contact Support.