10.1 Installing DAS

The ARS.exe is the center of DAS. You can configure this object with an independent set of instructions by using an XML document that is obtained through an entry in the Windows registry. The XML document can be obtained either locally on the workstation or through the directory services. The XML document is called the action file and the file is named actions.xml.

Each action is a set of configurable user-level operations such as mapping a drive, testing for establishing an authenticated connection to a directory, and running or shutting down an application. The flexibility of the code to test for conditions or have action triggers such as hot keys provides tremendous flexibility to change the behavior of the workstation to fit your needs.

After you have configured the ARS.exe object, its actions are available individually or in combination from any scripting interface that is available on Windows, for example, VBScript, JavaScript, login scripts, and batch files.

NOTE:If you have an earlier version of DAS or ARS installed on your workstations, uninstall these versions prior to installing the new version of DAS.

10.1.1 Installing DAS in an eDirectory Environment

  1. Log in to the workstation as an administrator.

  2. From the SecureLogin\Client, select the appropriate install package and double-click it to begin the install process. The Installation Wizard for SecureLogin is displayed.

  3. Click Next. The License Agreement page is displayed.

    The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\NetIQ\SecureLogin\.

  4. Accept the default folder or click Change and navigate to your desired folder.

  5. Select eDirectory as the directory where SecureLogin stores its data.

  6. Click Next. The protocols page is displayed

  7. Select how you want SecureLogin to access eDirectory.

    If the Novell Client is installed, the installation program recommends the Novell Client for Windows option. Otherwise, LDAP is recommended.

    This dialog box is displayed only if you have Novell Client for Windows installed on your machine. Otherwise, LDAP is auto-selected as the protocol.

  8. Click Next. The smart card option page is displayed.

  9. Click Yes if you want to use a smart card. If you do not want to use a smart card, proceed with Step 11.

    1. Select a cryptographic service provider from which SecureLogin requests PKI credentials through a Microsoft Crypto API.

    2. Select a PKCS#11 compatible library required for accessing the smart card, then click Next.

      This specifies the location of the Cryptographic Token Interface installed as part of the smart card vendor’s software. These API files are used by SecureLogin to communicate with the smart card.

  10. Click No if you do not want to use smart card support. Proceed with Step 11.

  11. Select the eDirectory features that you want to install, then click Next.

    You can select both Novell SecretStore Client and Novell NMAS Methods.

  12. Click Next.

  13. Select the NMAS Methods.

  14. Click Next. The installation features page is displayed.

  15. Select Install Desktop Automation Services.

    If you are installing DAS on a kiosk or shared desktop, deselect Start SecureLogin on Windows startup. By default, this option is selected.

    DAS handles starting and stopping for SecureLogin.

  16. Click Next. The location for the DAS configuration file page displayed.

  17. Select the location for the configuration file.

    If you choose Local, the registry settings set for ARS.exe use the actions.xml file located in the Program Files\NetIQ\SecureLogin\Desktop Automation Services folder of the workstation.

  18. Click Next. The program is ready to install.

  19. Click Install.

  20. Click Finish. By default, the Launch ReadMe option is selected

  21. You are prompted to restart your system. Select Yes to restart the system for Desktop Automation Services to take effect.

When you install DAS in eDirectory mode with the Novell Client, you might see an error indicating Error in parsing xml file during install appears. This occurs because the server or the specified config object is invalid.

To fix the problem, ignore the message and proceed with the install. After the installation or restart;

  1. Log in as an administrator.

  2. Set the ConfigObject and ConfigTree registries values correctly.

    The ConfigObject is the ArsControl Object and ConfigTree - Server or the Tree information. The registry settings are at HKLM\Software\Novell\Login\ARS.

  3. Run ARSControl /RegServer.

10.1.2 Installing DAS in Other LDAP Environments

  1. Log in to the workstation as an administrator.

  2. From the SecureLogin\Client, select the appropriate install package and double-click it to begin the install process. The Installation Wizard for SecureLogin is displayed.

  3. Click Next. The License Agreement page is displayed.

    The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\NetIQ\SecureLogin\.

  4. ccept the default folder.

    or

    Click Change and navigate to your desired folder.

  5. Select Novell eDirectory as the directory where SecureLogin stores its data.

  6. Click Next. The protocols page is displayed

  7. Select how you want SecureLogin to access eDirectory.

    If the Novell Client is installed, the installation program recommends the Novell Client for Windows option. Otherwise, LDAP is recommended.

    This dialog box is displayed only if you have Novell Client for Windows installed on your machine. Otherwise, LDAP is auto-selected as the protocol.

  8. Click Next. The smart card option page is displayed.

  9. Click Yes if you want to use a smart card. If you do not want to use a smart card, proceed with Step 11.

    1. Select a cryptographic service provider from which SecureLogin requests PKI credentials through a Microsoft Crypto API.

    2. Select a PKCS#11 compatible library required for accessing the smart card, then click Next.

      This specifies the location of the Cryptographic Token Interface installed as part of the smart card vendor’s software. These API files are used by SecureLogin to communicate with the smart card.

  10. Click No if you do not want to use smart card support. Proceed with Step 11.

  11. Select the install features that you want to install, then click Next.

    You can select both Novell SecretStore Client and Novell NMAS Methods.

  12. Click Next.

  13. Select the NMAS Methods.

  14. Click Next. The installation features page is displayed.

  15. Select Desktop Automation Services as the feature that you want to install.

  16. Click Next. The location for the DAS configuration file page displayed.

  17. Select the location for the configuration file.

    If you choose Local, the registry settings set for ARS.exe use the actions.xml file located in the Program Files\NetIQ\SecureLogin\Desktop Automation Services folder of the workstation.

  18. Click Next. The program is ready to install.

  19. Click Install.

  20. Click Finish. By default, the Launch ReadMe option is selected

  21. You are prompted to restart your system. Select Yes to restart the system for Desktop Automation Services to take effect.

10.1.3 Installing DAS in Active Directory, ADAM, or Standalone Environments

With this release of SecureLogin, you can install DAS in Active Directory mode, as well as in ADAM mode and standalone mode.

  1. Log in to the workstation as an administrator.

  2. From the SecureLogin\Client, select the appropriate install package and double-click it to begin the install process. The Installation Wizard for SecureLogin is displayed.

  3. Click Next. The License Agreement page is displayed.

    The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\NetIQ\SecureLogin\.You can accept the default folder or choose to change. To change, click Change and navigate to your desired folder.

  4. Accept the default folder. or choose to change. To change, click Change and navigate to your desired folder.

    or

    Click Change and navigate to your desired folder.

  5. Select the directory where SecureLogin stores its data.

    In this example, Microsoft Active Directory is selected.

  6. Click Next. The LDAP Authentication Setup page is displayed.

    As an Active Directory user, you can use DAS only with local configuration. The default value for the configuration file is Local.

  7. Select when you want to log in to LDAP.

    • If you select After successfully logging into Windows, you are prompted to associate the login user with your LDAP distinguished name.

    • If you select When SecureLogin starts, you are prompted to specify the LDAP server information.

  8. Click Next. The smart card option page is displayed

  9. Click Yes if you want to use a smart card. If you do not want to use a smart card, proceed with Step 11.

    1. Select a cryptographic service provider from which SecureLogin requests PKI credentials through a Microsoft Crypto API.

    2. Select a PKCS#11 compatible library required for accessing the smart card, then click Next.

      This specifies the location of the Cryptographic Token Interface installed as part of the smart card vendor’s software. These API files are used by SecureLogin to communicate with the smart card.

  10. Click No if you do not want to use smart card support. Proceed with Step 11.

  11. Select Install Desktop Automation Services as the install feature that you want to install.

    If you are installing DAS on a kiosk or shared desktop, deselect Start SecureLogin on Windows startup. By default, this option is selected.

    DAS handles starting and stopping for SecureLogin.

  12. Click Next. The location for the DAS configuration file page displayed.

  13. Select a location for the configuration file.

    If you choose Local, the registry settings set for ARS.exe use the actions.xml file located in the Program Files\NetIQ\SecureLogin\Desktop Automation Services folder of the workstation.

  14. Click Next. The program is ready to install.

  15. Click Install.

  16. Click Finish. By default, the Launch ReadMe option is selected

  17. You are prompted to restart your system. Select Yes to restart the system for Desktop Automation Services to take effect.

10.1.4 Installing DAS by Using the Modify Option

  1. Launch SecureLogin after you have successfully upgraded to or installed version 7.0. The Program Maintenance page appears.

  2. Select Modify, then click Next. The Custom Setup page appears.

  3. Select Desktop Automation Services then click Next.

  4. Click Install. DAS is installed.

DAS is installed in the same folder as SecureLogin. It is typically installed at C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services unless you choose a different destination folder for the installation.

After you have successfully installed DAS through the Modify option, DAS initializes the ConfigObject and ConfigTree registry keys, which are related to DAS network configuration.

To use the DAS XML script from the network, you must modify these registry keys.

  • For information on modifying the ConfigObject registry key, see ConfigObject.

  • For information on modifying the ConfigTree registry key, see ConfigTree.

10.1.5 Accessing DAS

After you install DAS, the services are available individually or in combination through a DAS executable that can be accessed from any scripting interface available on Microsoft Windows, such as VBScript, JavaScript, login scripts, and batch files.

Accessing DAS through the Command Line Utility

shortcut target = “C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe" startup

NOTE:If you set up the workstation to automatically log in and you want DAS to start automatically, place a DAS shortcut in the Windows Startup group under the Start > Programs > Startup file directory.

Accessing DAS through VBScript

<SCRIPT LANGUAGE = "VBScript"> Sub physiciansApps Dim as Set as = CreateObject("ARS.Control") ars.Execute("Run Physicians Applications") End Sub</SCRIPT>

Accessing DAS through JavaScript

You can launch a DAS action through a JavaScript within an HTML page and launch the applications, log out, and perform other defined actions.

  • To set up a link on the HTML page, specify the following:

                    <a href='javascript:var ars = new ActiveXObject("ARS.Control"); ars.Execute("Physicians_Application", null);'>Physicians Application Group</a>
                  
  • To set up a function call in the HTML page, specify the following:

                    function das_onclick_logout()
                     {var ars = new ActiveXObject("ARS.Control");
    ars.Execute("logoff", null);}
                  

    NOTE:You might get an ActiveX content warning from Internet Explorer 6.0 or later. To avoid the warning, select Tools > Internet Options > Advanced within Internet Explorer. Scroll down to the Security tab and select Allow active content to run in files on My Computer, then click OK.

Accessing DAS through Visual Basic

<Assembly: Guid("ABB6194C-DDEC-4369-8ADF-E29BB367ED0C")>Module Module1 Sub Main() Dim arsObj As ARS.IARS = New ARS.CARSControl arsObj.Execute("Run Physicians Applications") End SubEnd Module

10.1.6 Tips for Installing DAS

  • You can refresh the DAS configuration through the command line by using the ARS/refresh command. For example, ARS.exe/refresh refreshes ARS.exe.

    The other way to refresh the DAS configuration is to restart the ARSControl.exe process or reboot the workstation.

    The ARS/refresh command is better for managing your environments and does not force a reboot when you make an update to the actions.xml file.

  • You can close DAS through the command line byusing the ARS /shutdown command. For example, ARS.exe /shutdown shuts down the ARSControl.exe

  • Set up the actions.xml file by using the standard template provided in the Tools folder or modify the file based on the use case scenarios that you have developed with your users.

  • You can have different actions.xml files managed locally on the unique workstations in order to have special use cases and common workstations pointing to eDirectory.

  • Set up the workstation to have auto-admin login to a local workstation ID.

    For more information, see the Novell Cool Solutions Web site.

  • Provide a logout button in the Windows Quick Launch toolbar and provide a logout icon on the desktop for the convenience of users. You can also provide a hot key combination such as Ctrl+L.

    For example, you can use a shortcut target =“C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe” logoff. This is your shortcut properties target setting.

    Figure 10-1 Logoff Shortcut Option