Terminating Applications

The Force Termination of Non-Responding Applications When Logging Out of Windows check box affects the way that programs will be shut down when Secure Workstation logs a user out of Windows. If this box is checked, Windows terminates programs that don't respond to a "close" message in a timely manner. This setting logs the user out of Windows more quickly, but some programs might not get an opportunity to save their data before being terminated.

The Wait Before Starting to Terminate Applications When Closing All Programs check box is similar, except that it controls the behavior of the Close All Programs action. When Secure Workstation closes programs, it always sends a Close message to each program to tell it to shut down. If the Wait Before Starting to Terminate Applications When Closing All Programs check box isn't checked, Secure Workstation does nothing else to close the programs. The result is that some programs might not shut down.

For example, if Microsoft Word* has an unsaved document, Secure Workstation might display a Save As dialog box.

On the other hand, if the Wait Before Starting to Terminate Applications When Closing All Programs check box is checked, Secure Workstation checks to see if the programs are still running after the specified timeout. Any programs that are still running at this point are terminated and might not have a chance to save their data.

The following figure illustrates the dialog box that displays when Secure Workstation closes programs:

So that you can use Novell SecureLogin scripts to close applications, the dialog box shown in the Novell Secure Workstation Closing Programs figure is displayed while Secure Workstation is executing the Close All Programs action. This feature allows you to set a global variable in your script. The script can use the global variable to distinguish between Secure Workstation closing an application and the user closing an application.

The following figure illustrates a program list:

You can use the Program List to specify which programs should be closed when Secure Workstation executes a Close All Programs action. If you select Close Only the Programs Specified in the Program List, Secure Workstation closes only the programs listed.

If you select the Close All Programs Except Those Specified in the Program List, Secure Workstation closes all programs except those specifically listed.

NOTE:  If you select Close All Programs Except Those Specified in the Program List, SecureLogin closes every program in the user's sessions except those listed. This closing includes explorer.exe, the process associated with the user's desktop.

Secure Workstation closes only the programs that the currently logged in Windows user has sufficient rights to close on his own. Programs that the user does not have rights to (such as a service running as the LocalSystem account) aren't closed.

When Secure Workstation is running on a Terminal Server, only the programs in the current user's session are closed. Programs running in other users' sessions aren't affected.

You don't need to specify the full path and name of each program in the program list. For example, instead of adding c:\winnt\system32\notepad.exe to the list, you could just add Notepad.exe. However, if you don't specify the full path, the entry will correspond to all programs with that name, regardless of their path. For instance, listing Notepad.exe in the list without the path would match both c:\winnt\system32\notepad.exe, and c:\documents and settings\user\notepad.exe.

You can also use environment variables in the program list. For example, you could specify %systemroot%\System32\Notepad.exe instead of c:\winnt\system32\notepad.exe.

The Post-Policy Command

The Post-Policy Command is a command that is executed after Secure Workstation executes the lock action. This feature was designed to display a login dialog box after a Close All Programs or Log Out of the Network action has been executed. However, you can use this feature to run any program or script. You must provide the full path and name of the program to run.

To display the login dialog box, use loginw32.exe for Client32. Use nldaplgn.exe for the LDAP Authentication Client. Both programs are located in the system32 directory.

If you have configured the Network Logout event, Secure Workstation restarts the program specified in the Post-Policy Command if it terminates before a user is logged in. This allows the login dialog box to be displayed again if a user clicks Cancel.