Environment
Novell SecureLogin
NSL7.0.3
Active Directory mode with GPO support
Situation
SecureLogin Settings made through Group Policy Object are not applied
Problem occurs if SecureLogin is installed through the command line
GPO settings are applied as expected if NSL is installed manually through the install Wizard
Problem occurs when SecureLogin is installed with the following command:
Msiexec /i "<path>\Novell SecureLogin.msi" /qn X_INSTALLTYPE="MAD" X_USEGPO="YES"
After installing with the above command the following missing items are observed:
- no UseGPO setting exists in the registry
- no slgpo.dll or slgpo.exe exist in file system on 32 bit workstaitons
- no slgpo64.dll or slgpo64.exe on 64 bit workstations
Resolution
Change the msiexec command to substitute X_USEGPO="Yes" for X_USEGPO="YES" as follows:
Msiexec /i "<path>\Novell SecureLogin.msi" /qn X_INSTALLTYPE="MAD" X_USEGPO="Yes"
Cause
Msiexec & msi conditions are case sensitive. As shown in the SecureLogin install doc, the proper case is "Yes"
Additional Information
Workaround:
1. Install SecureLogin manually on one workstation, make sure GPO settings are applied as expected.
2. From the working manual installation, copy the following files from
C:\Program Files\Novell\SecureLogin
slgpo.dll and slgpo.exe on 32 bit workstaitons
slgpo64.dll and slgpo64.exe on 64 bit workstations.
3. Copy the files from step 2 to workstations where SecureLogin was installed through the command line. (Note: It may be necessary to register the dll. Also, in testing at NetIQ slgpo.exe or slgpo64.exe did not seem to be needed. They are listed here simply for completeness)
4. From the working manual installation edit the registry and create a .reg export file from
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{2893059c-1175-11d9-8088-00e018f97d4d}]
5. Run the .reg file from step 4 on the problem workstaions to import the settings.
6. Edit the registry on the problem workstations and create and set to 1 the DWORD value UseGPO. This value should reside in the key HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin