Environment
Situation
What are the XML files that are stored in %USERPROFILE%\Application Data\SecureLogin\GroupPolicies used for?
What is the purpose of the XML files stored by SecureLogin
SML files and SecureLogin
Resolution
The .XML files contain SSO data such as application definitions, password policies and preferences that are defined at the Group Policy level. Group policy data is stored in 2 locations: Group Policy Template (GPT) and Group Policy Container (GPC). The GPC is stored is an AD container object, stored in the Domain naming context (Group Policies are named with a GUID).
The GPT is stored on the SYSVOL share which is replicated amongst all domain controllers. Within the GPT are a number of Directories for the various GP settings, again named with a GUID. Each Group Policy is identified by a GUID which links the GPT and GPC.
The group policy editor aggregates information from both the GPC and GPT into a single view for the administrator.
When the user logs in the list of group policies to process is constructed. Each policy has within it the name of the Group Policy processing module that understands how to apply the policy to the user. Normally this module takes the form of a DLL that is installed on the client workstation.
The integration of Windows Group Policy with SecureLogin SSO relies on the XML data exchange format introduced in version 3.51 to allow for the programmatic import and export of XML files.
Group Policies are applied in the following manner;
- The administrator opens a GPO and edits SecureLogin SSO settings
- The SecureLogin SSO GPO MMC extension writes out the configured settings in XML format to the SYSVOL share
- The user logs in to Windows and the Group Policy engine starts up
- The engine sees that the GPO requires the SSO Group Policy Extension client side DLL and activates it
- The SecureLogin GPO DLL downloads the XML file from the SYSVOL share and imports the data into the user’s data store (cache).
The GUID is the Unique Name of the Group Policy as viewable in the Group Policy Editor. There is a separate {GUID}.xml for each GPO you have ASL data configured against.
The meta_data.xml file contains the list of GPO’s to be applied to that SecureLogin user in the order they are to be applied (GPOs have a hierarchy too).