Userc.C and Product.ini Configuration Files
|
Note - This section is only relevant for SecureClient.
|
Introduction to Userc.C and Product.ini
The VPN administrator can use the Packaging Tool to produce customized SecuRemote/SecureClient packages for distribution to end-users. The Packaging Tool changes the behavior of SecuRemote/SecureClient by changing the values of the properties in the Userc.C and Product.ini files contained in the package.
However, not all of the properties in these files can be changed using the Packaging Tool. It is possible to changes the behavior of SecuRemote/SecureClient by manually editing the Userc.C and Product.ini files in the SecuRemote/SecureClient package, before distributing the package to end users.
The Userc.C File
The Userc.C configuration text file contains has three sections. Global, Managers, and Security Gateways.
- Global— Properties that are not specific to the site (managed by a single Security Management server) or to the peer Security Gateway. It does not change on the client machine. To change the Global Properties section of the objects database, do not make any manual changes to the Global section of userc.C. Either edit the SmartDashboard Global Properties, or use the DBedit command line or the graphical Database Tool on the Security Management server.
- Managers — Properties that apply per Security Management server. Updated whenever the end user performs a Site Update.
- Security Gateway— Properties that are specific to a particular Security Gateway. Updated whenever the end user performs a Site Update.
The section of the file where each parameter resides is indicated in the Userc.C file parameter tables (below), in the column labeled Location in Userc.C.
Structure of Userc.C
The Userc.C configuration text file contains has three sections. Global, Managers, and Security Gateways.
- Global— Properties that are not specific to the site (managed by a single Security Management server) or to the peer Security Gateway. It does not change on the client machine. To change the Global Properties section of the objects database, do not make any manual changes to the Global section of userc.C. Either edit the SmartDashboard Global Properties, or use the DBedit command line or the graphical Database Tool on the Security Management server.
- Managers — Properties that apply per Security Management server. Updated whenever the end user performs a Site Update.
- Security Gateway— Properties that are specific to a particular Security Gateway. Updated whenever the end user performs a Site Update.
The section of the file where each parameter resides is indicated in the Userc.C file parameter tables (below), in the column labeled Location in Userc.C.
How Userc.C Is Automatically Updated
When the Security Policy is installed on the Security Gateways, the objects database is also installed on the Security Gateways. The part of the database that relates to remote clients is sent to the Topology Server on the Security Gateway. When the clients perform a Site Update, they are actually downloading the Topology information from the Topology server, which updates the Managers and Security Gateway sections of userc.C on the clients. The file is stored on the client machine in the SecuRemote\database directory. The parameters appear in the options section.
How to Manually Edit Userc.C
Do not make any manual changes to the Global section of userc.C .
Manually edit the Managers and Security Gateway sections of userc.C as follows:
- Extract
userc.C from the original SecuRemote/SecureClient tgz format installation package. - Edit the
userc.C parameters, as needed.Important - SecuRemote/SecureClient performs minimal syntax checking for the userc.C file. If a parameter is edited incorrectly, the file may become corrupted, and sites may need to be redefined.
- Recreate the
tgz file.
The Product.ini file
The Product.ini configuration text file contains mostly properties that relate to the package installation. The properties are fixed. The Product.ini file is read only upon installation of the SecuRemote/SecureClient.
To change products.ini use the Packaging Tool, or if necessary, edit the file manually as follows:
- Extract
products.ini from the original SecuRemote/SecureClient tgz format installation package. - Perform the required manual editing of products.ini.
- Recreate the tgz file. This is the SecuRemote/SecureClient package for end-users.
Userc.C File Parameters
The following lists describe the parameters included in the Userc.C configuration file, arranged by the features that the parameters relate to.
SecureClient
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
default_ps (n.n.n.n) — Specifies the IP address of the default Policy Server. If this property exists, SecureClient will automatically log on to the Policy Server (with IP n.n.n.n) when it is launched, relieving the user of the need to manually log on to the Policy Server — Global.manual_slan_control (true, false) — Disabling this property will remove the Disable Policy menu items from the Policy menu — Global.allow_clear_in_enc_domain (true, false) — If enabled, unencrypted connections will be accepted by SecureClient NG over Encrypt desktop rules and by SecureClient 4.1 running Encrypted Only or Outgoing and Encrypted policy, as long as both the source and the destination IP addresses are in the encryption domain of a single Security Gateway — Global.disable_stateful_dhcp (true, false) — As long as this attribute is false, DHCP packets will be allowed by SecureClient regardless of the enforced Desktop Security policy. If you set this attribute to true, DHCP will be allowed only if the Desktop Security policy allows it explicitly. This requires SecureClient version 4.1 to run a policy of Allow All and SecureClient NG to have DHCP enabled through specific rules — Global.block_conns_on_erase_passwords (true, false) — If true, the Close VPN option will replace Erase Password in the SecureClient's Passwords menu and the button will appear in the toolbar. Selecting Close VPN or clicking the above button will result in blocking all encrypted connections — Managers.enable_automatic_policy_update (true, false) — Specifies whether Automatic Policy Update is enabled or not — Managers.silent_policy_update (true, false) — If true, the client will not prompt the user to update the policy upon client startup, even if the time specified in automaic_policy_update_frequency has passed. The client will still attempt to update the policy after successful key exchange — Managers.PS_HA (true, false) — Use backup Policy Servers on logon failure — Managers.- PS_LB (true, false) — If true will randomize policy server — list so not all clients will try to connect to the same policy server — Managers.
LB_default_PS (true, false) — If true, when default_ps(x.x.x.x) is set it will go to a random Policy Server in the same site (found by examining topology) — Managers.no_policy (true, false) — Indicates disable policy state — Global.policy_expire (60) — Timeout of policy, in minutes. This property can also be controlled in SmartDashboard — Managers.retry_frequency (30) — If logged in to a Policy Server, but failed to re-logon after half the expiry time, this parameter (in seconds) specifies the amount of time before retrying logon. On each attempt all Policy Servers are tried — Managers.automaic_policy_update_frequency (10080) — Controls how frequently (in seconds) SecureClient should update policy files — Managers.suppress_all_balloons (true, false) - which controls all balloon messages. If the flag is set to true, no message balloons are displays. If false, all balloons are displayed. Note that the balloon's messages will still appear in the .tde files and will be logged in the Status Dialog's MessageViewer.sdl_browse_cert (true, false) - When set to false, the browse certificate in "change authentication" is disabled. When set to true, the browse dialog in SDL mode is restricted, you can only browse files, not create, change or launch applications.disconnect_when_in_enc_domain (true, false)- If the client is connected to a site, and an interface appears with an IP address located within one of the Security Gateway's VPN domains, the client is disconnected. A message balloon explains why.open_full_diagnostic_tool (true, false) - When set to false, SC will open only log-view of diagnostic. When set to true, SC will open full diagnostic. In any case, the full diagnostic tool will open from the start menu.tt_failure_show_notification (true, false) - If fail_connect_on_tt_failure is false, (meaning that a connection will succeed even though tt failed) then a string notification of tt-failure will show in the connection progress details because of this flag.simplified_client_route_all_traffic (true, false) - This attribute determines whether the Simplified Client performs connections using route-all-traffic or not.scv_allow_sr_clients (true, false)- If set to true, SecuRemote clients, which by default are not SCV verified, will send a verified state to the enforcing Security Gateway.use_profile_ps_configuration (true, false) - Set to true to enable remote users to connect to one Security Gateway and logon to a Policy Server behind another Security Gateway.force_route_all_in_profile (true, false) — If set to true, profiles created by the user will have the "route all traffic" option selected and grayed in the profile creation/edit dialog. - Globalenable_mode_switching (true, false) - If set to true, client has the option to switch between Extended View and Compact View.
HotSpot Registration
Encryption
|
Note - indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
use_cert (true, false) — Specifies whether Use Certificate will be checked in the IKE Authentication window — Global.use_entelligence (true, false) — Specifies whether SecuRemote should attempt to use the Entrust Entelligence toolkit, if installed — Global.entrust_inifile — Full path to a non-default entrust.ini file, to be used by SecuRemote/SecureClient when working with entrust certificates — Global.certfile — Name of the last certificate used — Global.gettopo_port (264) — Which port to use for topology update — Global.pwd_erase_on_time_change (true, false) — Performs Erase Passwords when the user changes the system clock — Global.force_udp_encapsulation (true, false) — Indicates whether UDP encapsulation is used (transparent, and active profile in connect mode). Also used in Connect Mode to create the default profile — Global.support_tcp_ike (true, false) — Indicates whether TCP over IKE is used (transparent, and active profile in connect mode). Also used in Connect Mode to create the default profile — Global.support_tcp_ike (true/false/use_site_default) — Determine whether or not to attempt IKE over TCP — Security Gateway.support_ip_assignment (true, false) — Indicates whether Office Mode is used (transparent, and active profile in connect mode). Also used in connect mode to create the default profile — Global.ChangeUDPsport (true, false) — If the value of both flags ChangeUDPsport and force_udp_encapsulation is true, a random source port is used for IKE packets, and another random source port is used for UDP encapsulation packets — Global.uencapport (2746) — Specifies the port to be used on the UDP encapsulated packets when using UDP encapsulation — Security Gateway.ChangeIKEPort (true, false) — If true, do not bind to port 500. Instead, use router port and use address translation to make it seem as if the connection originated from port 500. This parameter allows other client applications (such as IPSO and Microsoft) to use that port. Note if the port is taken, another port will be used — Global.send_clear_traffic_between_encryption_domains (true, false) — if true and the source and the destination are behind encryption domains (not same domains), packets will be sent clear. This feature is enabled only if a single site is defined — Managers.send_clear_except_for_non_unique (true, false) — If true, send_clear_traffic_between_encryption_domains will not function for IP addresses which are defined as NAT private addresses.send_clear_except_for_specific_addresses (true, false)— If true, send_clear_traffic_between_encryption_domains will not function for IP addresses which are defined in send_clear_except_for_address_group — Managers.send_clear_except_for_address_group — Address group specification for send_clear_except_for_specific_addresses — Managers.dns_encrypt (true, false) — Overwrites the encrypting attribute received in the topology in the dnsinfo section. disable_split_dns_when_in_om (true, false) — Disable split DNS when in Office Mode — Global.disable_split_dns_when_disconnected (true, false) — Disable split DNS when disconnected — Global.disconnect_on_IKE_SA_expiry (true, false) — In connect mode, if the IKE timeout expires and this property is true, disconnect instead of erasing the passwords — Global.renew_users_ica_cert (true, false) — Specifies whether users be able to renew their certificates (explicitly or implicitly) — Managers.renew_users_ica_cert_days_before (1-1000) 60 — How many days before expiration to start and perform an implicit renewal — Managers.upgrade_fp1_and_below_users_ica_cert (true, false) — Whether or not to implicitly renew certificates that were issued before NG FP2 — Managers.ike_negotiation_timeout (36) — Determines the maximum time in seconds that the IKE engine will wait for a response from the peer before timing out. This is the maximum interval between successive packets, and not the maximum negotiation lifetime — Managers.phase2_proposal (large, small) — Determines the size of the proposal sent by the client in Quick Mode, packet 1. This property is for backwards compatibility. NG FP3 and higher clients use phase2_proposal_size — Managers.phase2_proposal_size (large, small) — Determines the size of the proposal sent by NG FP3 or higher clients in Quick Mode, packet 1. If the value is missing the value of phase2_proposal is taken instead. NG FP3 clients will try a large proposal after a small proposal attempt fails — Managers.vpn_peer_ls (true, false) — In a MEP fully overlapping encryption domain configuration, if this property is TRUE, a Security Gateway will be chosen randomly between the MEP Security Gateways and will be given priority — Managers.ike_support_dos_protection (true, false) — Determines whether the client is willing to respond to a DoS protection request, by restarting Main Mode using a stateless protection. Equivalent to the SmartDashboard Global Property: Support IKE DoS Protection from unidentified Source — Managers.sr_don't_check_crl (true, false) — Do not check the CRL of the certificate — Managers.crl_start_grace (610200) — SecuRemote/SecureClient may accept CRLs that are not yet valid — Managers.crl_end_grace (1209600) — SecuRemote/SecureClient may accept CRLs that have recently expired — Managers.site_default_tcp_ike (true, false) — Determines the site default for attempting IKE over TCP. Each Security Gateway has a property: "supports_tcp_ike" (true, false or use_site_default). If the value is set to 'use_site_default' then the management property site_default_tcp_ike is used by the client to determine whether to attempt IKE over TCP or not — Managers.suppress_ike_keepalive (true, false) — If the IPsec keepalive is turned on, and the value of the property "suppress_ike_keepalive" is false, empty UDP packets will be sent to the Security Gateway (destination port 500). The UDP keepalive packets are sent only if there is an IKE SA with the peer and if UDP encapsulation was chosen — Managers.default_phase1_dhgrp — This field indicates which DH group to use for IKE phase 1 before the client has a topology. If the flag does not exist, group 2 will be used — Global.to_expire (true, false) — Whether or not to have a timeout for the phase2 IKE authentication. This property can also be controlled in SmartDashboard — Managers.expire (120) — Timeout of IKE phase2. This property can also be controlled in SmartDashboard — Managers.ICA_ip_address — The IP address of the Internal CA — Global.allow_capi (true, false) — Allow the disabling of CAPI storage to Internal CA registration — Global.allow_p12 (true, false) — Allow the disabling of p12 file storage to Internal CA registration — Global.trust_whole_certificate_chain (true, false) — This attribute improve connectivity where there is a Certificate hierarchy, and the CA trusted by the Security Gateway is a subordinate CA (not necessarily a direct subordinate) of the client trusted CA. Without this flag, both the Security Gateway and the client must trust exactly the same CA — Global.is_subnet_support (true, false) — If turned on, IPsec SA will be valid for a subnet, otherwise it will be valid for a specific address — Security Gateway.ISAKMP_hybrid_support (true, false) — If turned on, when the authentication pop up appears, the user will have the option to choose between Hybrid mode and certificates as an authentication mode. (Otherwise the user will have the option to choose between certificates and pre-shared secret) — Security Gateway.resolve_multiple_interfaces (true, false) — If 'resolve_interface_ranges' (static interface resolving) is disabled or failed, and this property is turned on, then dynamic interface resolving will be done when addressing this Security Gateway. In this case the interfaces of the Security Gateway will be probed once — Security Gateway.interface_resolving_ha (true, false) — If dynamic interface resolving is used (see resolve_multiple_interfaces) and this property is turned on- the interfaces of the Security Gateway will be probed per connection to see if they are live — Security Gateway.isakmp.ipcomp_support (true, false) — If the peer Security Gateway is a least NG and the client is SecureClient (and not SecuRemote) then: — If the client is in "send small proposal" mode and this property is turned on then IP compression will be proposed. (If the client is in "send large proposal" mode then IP compression will be offered regardless of the value of this property) — Security Gateway.supports_tcp_ike (use_site_default) — If IKE over TCP is configured on the client AND either this property is 'true' or it's 'use_site_default' and site_default_tcp_ike is 'true', then IKE phase 1 will be done over TCP — Security Gateway.supportSRIkeMM (true, false) — When the authentication method is PKI, if this property is false, Main mode is not supported — Security Gateway.
Multiple Entry Point
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
resolver_ttl (10) — Specifies how many seconds SecuRemote will wait before deciding that a Security Gateway is down — Global.
active_resolver (true, false) — Specifies whether SecuRemote should periodically check the Security Gateway status. Active Security Gateway resolving may cause the dial-up connection to try to connect to an ISP. Turning this property off will avoid problems associated with this behavior — Global.
resolver_session_interval (30) — Specifies for how many seconds the Security Gateway status (up or down) remains valid — Global, Managers.
Encrypted Back Connections
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
keep_alive (true, false) — Specifies whether the Security Gateway will maintain session key information for the Client, to allow encrypted back connections at any time. This property can also be controlled in SmartDashboard — Global, Managers.keep_alive_interval (20) — When keep_alive is true, SecuRemote will ping the Security Gateway every n seconds, where n is the number specified by the keep_alive_interval property. This property can also be controlled in SmartDashboard — Global.
Topology
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
topology_over_IKE (true, false) — Specifies whether New Site in SecuRemote will use IKE to authenticate the user. If this property is set to true, IKE will be used, either using Hybrid Authentication (i.e., any authentication method chosen in the Authentication tab of the user properties) or using certificates. If this property is set to False, SSL will be used (as in version 4.1), and users will need IKE pre-shared secret or certificate configured to define a new site — Global, Managers.encrypt_db (true, false) — Specifies whether the topology information in userc.C is maintained in encrypted format — Global.silent_topo_update (true, false) — Used for backwards compatibility, when working with servers that do not pass the property per site. This property can also be controlled in SmartDashboard — Global, Managers.silent_update_on_connect (true, false) — Tries to perform an update with the Security Gateway to which a connection is being attempted, before connecting (applies to IPSO clients) — Global.update_topo_at_start (true, false) — If the timeout expires, update the topology upon start up of the SecuRemote/SecureClient GUI application — Global, Managers.
NT Domain Support
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
no_clear_tables (true, false) — Setting this property to true will enable the opening of new encrypted connections with the Encryption Domain after SecuRemote/SecureClient has been closed by logoff or shutdown, as long as encryption keys have been exchanged, and are still valid. This may be necessary when using a Roaming Profile with NT domains, since the PC tries to save the user's profile on the Domain Controller during logoff and shutdown, after SecuRemote/SecureClient has been closed by Windows. This feature should be used in conjunction with "keep_alive" (see Encrypted Back Connections), to ensure that valid encryption keys exist at all times — Global.connect_domain_logon (true, false) — Global. Setting this attribute to true enables clients using Connect Mode to log on to a Domain Controller via SDL. The user should do the following in order to logon to the Domain Controller:- Log on to the local Windows machine.
- Connect to the organization.
- Logoff and log back on (within five minutes after logoff) to the protected Domain Controller, using the encrypted connection.
|
Note -
- Enabling this setting will keep the client Connected to the organization for five minutes after the user logs off Windows.
- This feature was introduced before SDL in connect mode was introduced. In versions where SDL is supported, this property is used only for domain roaming profile support.
|
sdl_main_timeout (60000) — In connect mode this property specifies the amount of time to wait for user to successfully connect or cancel the connect dialog — Global.
Miscellaneous
|
Note - Bold indicates the default value. Global, Managers, or Security Gateway indicates the location in Userc.C. See The Userc.C File. Do not manually edit Global properties.
|
enable_kill (true, false) — Specifies whether the user can Stop SecuRemote/SecureClient. If this option is set to false, Stop VPN-1 SecuRemote or Stop VPN-1 SecureClient does not appear in the File menu or when right-clicking on the system tray icon — Global.use_ext_auth_msg (true, false) — Specifies whether SecuRemote/SecureClient will show custom messages in the authentication window upon success or failure. The messages should be placed in a file named AuthMsg.txt located in the SecuRemote directory (typically in Program Files\CheckPoint). See the AuthMsg.txt file in the SecuRemote package for more details — Global.use_ext_logo_bitmap (true, false) — Specifies whether SecuRemote/SecureClient will show a custom bitmap in the authentication window. The file should be named logo.bmp and should be placed in the SecuRemote directory (usually located under Program Files\CheckPoint) — Global.guilibs — Used to specify SAA DLL, and is documented in this context — Global.pwd_type (now, later) — Used internally to indicates now or later auth dialog state. Do not modify — Global.connect_mode_erase_pwd_after_update (true, false) — Erase password after a site update in Connect Mode. Used with silent_update_on_connect — Global.disable_mode_transition (true, false) — Do not enable user to switch between modes via GUI or command line — Global.connect_api_support (true, false) — Indicates SecuRemote/SecureClient mode. Set to true in order to work with the Connect API — Global.connect_mode — Indicates SecuRemote/SecureClient mode. True for connect mode — Global.allow_clear_traffic_while_disconnected (true, false) — Topology is not loaded when disconnected, ensuring that there are no popups on the LAN when disconnected — Global.stop_connect_when_silent_update_fails (true, false) — If trying to connect in silent_update_on_connect mode, and the topology update fails, the connection will fail — Global.go_online_days_before_expiry (0) — The number of days before Entrust automatic key rollover (certificate renewal). Zero equals never — Global.go_online_always (true, false) — When true, will attempt the LDAP (entrust.ini) protocol after successful IKE negotiation — Global.implicit_disconnect_threshold (900) — When losing connectivity on physical adapter, SecuRemote/SecureClient keeps the connected state for the amount of time (in seconds) specified by implicit_disconnect_threshold. If the time elapses, or if connectivity resumes with a different IP address, SecuRemote/SecureClient disconnects. This is useful in network environments with frequent network disconnection, such as wireless — Global.active_test — Active tests configuration — Global.log_all_blocked_connections — Used internally to indicates the mode, and reflects the state of the GUI checkbox. Do not modify — Global.cache_password — Used internally to save the state of the checkbox called "Remember password, as per site settings". Do not modify — Global.dns_xlate (true, false) — Turn off the split DNS feature. May be needed in versions prior to NG FP3. In later versions, split DNS is not used by default when in Office Mode — Global.FTP_NL_enforce (0, 1, 2) — Indicates the strictness of the FTP inspection (0 -no check, 1- default check: Multiple newline characters allowed, 2-strict check: no multiple newline characters allowed — Global.show_disabled_profiles (true, false) — In connect mode, if the IKE timeout expires and this property is TRUE, disconnect instead of erasing the passwords — Global.post_connect_script — Specify full path for a script that SecuRemote/SecureClient will run after a connection has been established (Connect Mode only) — Managers.post_connect_script_show_window (true, false) — Specifies whether or not the post-connect script will run in a hidden window — Managers.list_style — How the site icons are presented in the main frame window — Global.mac_xlate (true, false) — Needs to be set to true to support Split DNS where traffic to the "real" DNS server may not be routed the same way as traffic to the "split" DNS server. The most common scenario is "real" DNS server on the same subnet as the client. Split DNS modifies the IP destination of the packet, but not the MAC destination. With mac_xlate set to true, the MAC destination address is set to the address of the default Security Gateway — Global.mac_xlate_interval — How frequently a check is made for the default Security Gateway's MAC address (see mac_xlate) — Global.sda_implicit (true, false) — The working mode of the Software Distribution Agent (SDA). True = implicit, false = explicit — Global, Managers.sda_imlicit_frequency — The frequency (in minutes) with which the Software Distribution Agent (SDA) connects to ASD server to check for updates — Global, Managers.sr_build_number, sr_sw_url_path, sr_sw_url_path_9x, sr_build_number_9x, sr_sw_url_path_nt,sr_build_number_nt, sr_sw_url_path_w2k,sr_build_number_w2k — On the Security Management server machine, the names are desktop_sw_version, desktop_build_number, etc. These attributes help SecureClient decide if it needs to upgrade itself — Managers.install_id_nt,install_id_9x,install_id_w2k — Installation IDs — Managers.
Product.ini Parameters
The following are the parameters included in the Product.ini configuration file.
Parameter (bold indicates the default)
|
Meaning
|
OverwriteConfiguration=0/1
|
Sets the value for Update or Overwrite choice during upgrade. The default value (0) means Update is chosen.
|
ShowUpdateOverwrite=0/1
|
Show the Update or Overwrite window to the user during installation. If the window is not shown to the user, the value placed in OverwriteConfiguration will be used.
|
PathAskUser=0/1
|
Show the Choose Installation Destination window to the user during installation. If the window is not shown to the user, the default value chosen by InstallShield will be used (usually this will be C:\Program Files\CheckPoint\SecuRemote).
|
DesktopSecurityAskUser=0/1
|
Show the Desktop Security window to the user during installation. If the window is not shown to the user, the value placed in DesktopSecurityDefault will be used.
|
DesktopSecurityDefault=0/1
|
Sets the value for Desktop Security installation. A value of 1 means that SecureClient will be installed, while a value of 0 means that SecuRemote will be installed.
|
InstallDialupOnly=0/1
|
Sets the value for binding to All Adapters or to Dialup Adapters only. A value of 0 means that the installation will bind to All Adapters.
|
ShowNetworkBindings=0/1
|
Show the Adapter Bindings window to the user during installation. If the window is not shown to the user, the value placed in InstallDialupOnly will be used.
|
ShowReadmeFile=0/1
|
Show the Readme window to the user - this window asks the user whether he/she would like to view the readme file before finishing the installation. A value of 0 means that the window will not be shown to the user, and the readme file will not be read during installation.
|
ShowBackgroundImage=0/1
|
Determine whether the background image will be displayed during installation.
|
ShowSetupInfoDialogs=0/1
|
Determine whether informative InstallShield dialogs (which require no user interaction) will be displayed.
|
DisableCancelInstall=0/1
|
An option to disable the Cancel operation from the installation dialogs.
|
ShowRestart=0/1
|
Determine whether Do you want to restart dialog will be shown.
|
RestartAfterInstall=0/1
|
0 - Do no restart after installation, 1- Restart after installation.
|
ShowRebootWarning=0/1
|
Suppress the message "The installation will complete after reboot".
|
IncludeBrandingFiles=0/1
|
Determines whether the files authmsg.txt and logo.bmp (used for customizing the Authentication dialog) will be copied during installation. See the userc.C options section for more details on use_ext_auth_msg and use_ext_logo_bitmap.
|
EnableSDL=0/1
|
Sets the value of Secure Domain Logon (SDL) during installation. If the value is 1, SDL will be enabled during installation.
|
SdlNetlogonTimeout (Seconds/0)
|
Set timeout for the operating system Net Logon, if 0 do not change the current value.
|
Support3rdPartyGina=0/1
|
SecuRemote Client NG allows using third party GINA DLLs for authentication. If this property is not selected, the Windows GINA DLL will be used by default. Enabling this property may conflict with SDL operation if a third party GINA DLL is used.
|
EnablePolicyView=0/1
|
Enable the Policy View in the SecureClient Diagnostics application.
|
EnableLogView=0/1
|
Enable the Log View in the SecureClient Diagnostics application.
|
EnableDiagnosticsView=0/1
|
Enable the Diagnostics View in the SecureClient Diagnostics application.
|
ShowKernelInstallation=0/1
|
Determines whether or not the driver installation dialog is displayed.
|
OverwriteEntINI=0/1
|
Determines whether existing entrust.ini files will be overwritten by the entrust.ini files in the installation. A value of 1 indicates that the existing entrust.ini file will be overwritten.
|
DefaultPath (Full path)
|
Default: C:\Program Files\CheckPoint\SecuRemote.
|
ConnectMode=0/1
|
Set default client mode: 0 - transparent, 1- connect mode.
|
|
|