SecureLogin does not honor GPO settings

  • 7012529
  • 31-May-2013
  • 01-Jun-2013

Environment

Novell SecureLogin
NSL7.0.3
Active Directory mode with GPO support

Situation

SecureLogin Settings made through Group Policy Object are not applied 
Problem occurs if SecureLogin is installed through the command line
GPO settings are applied as expected if NSL is installed manually through the install Wizard
Problem occurs when SecureLogin is installed with the following command:
 
Msiexec /i "<path>\Novell SecureLogin.msi" /qn X_INSTALLTYPE="MAD" X_USEGPO="YES"

After installing with the above command the following missing items are observed: 
- no UseGPO setting exists in the registry
- no slgpo.dll or slgpo.exe exist in file system  on 32 bit workstaitons
- no slgpo64.dll or slgpo64.exe on 64 bit workstations

Resolution

Change the msiexec command to substitute  X_USEGPO="Yes" for X_USEGPO="YES" as follows:

Msiexec /i "<path>\Novell SecureLogin.msi" /qn X_INSTALLTYPE="MAD" X_USEGPO="Yes"

Cause

Msiexec & msi conditions are case sensitive.  As shown in the SecureLogin install doc, the proper case is "Yes"

Additional Information

Workaround:

1. Install SecureLogin manually on one workstation, make sure GPO settings are applied as expected.
2. From the working manual installation, copy the following files from  
C:\Program Files\Novell\SecureLogin 
slgpo.dll and slgpo.exe   on 32 bit workstaitons
slgpo64.dll and slgpo64.exe on 64 bit workstations.

3.  Copy the files from step 2 to workstations where SecureLogin was installed through the command line.     (Note:  It may be necessary to register the dll.  Also, in testing at NetIQ slgpo.exe or slgpo64.exe did not seem to be needed.  They are listed here simply for completeness)
4. From the working manual installation edit the registry and create a .reg export file from 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{2893059c-1175-11d9-8088-00e018f97d4d}]

5. Run the .reg file from step 4 on the problem workstaions to import the settings.

6. Edit the registry on the problem workstations and create and set to 1 the DWORD value  UseGPO.  This value should reside in the key HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin