04-13-2010 10:36 AM
Just upgraded to the latest 6.5x version and noticed a new "Feature" Pop-up Setup Control - Warning. Anytime a Juniper executable gets loaded the user gets a popup warning with Always, yes and no. Although its nice to warn users, is there anyway to disable this feature? Aside from preloading the Trusted Server List to users.(KB15208)
04-13-2010 10:40 AM
No, there is not an option to disable the whitelist security feature, besides loading a file on the client before hand (as you have mentioned). This is a security feature that was added to protect users.
04-13-2010 11:59 PM
everytime the user logs in? i thought that would only pop up when the user initially installs the applications but that happens everytime the software (NC/HC) gets loaded? hell...
04-14-2010 07:16 AM - edited 04-14-2010 07:16 AM
If the user clicks 'Always' the server gets added to the user whitelist and they will not receive the pop-up in the future for that server.
04-15-2010 05:57 AM
Yea. The pop-up appears for Each of the Modules too. HostChecker, Juniper Installer, NC, etc... One warning for all should be enough. We usually prefer to minimize the user intervention. Especially with Windows 7, it has enough popup warnings itself.
04-22-2010 07:32 AM - edited 04-22-2010 07:40 AM
You can predeploy the whitelist.txt. We did this and it worked well. Only problem is it needs to go in the users app data folder. We automated this by using a wise script.
The script goes to the registry and pulls the APPData value:
Then you write the whitelist.txt file to:
This should eliminate the messages. If you're willing to give me the hostnames of your IVE's I can customize a install for you.
04-24-2010 08:08 AM
Thank for the suggestions in populating the whitelist for each client. My problem with that is that my users are mostly non-employees, so its's not as easy to deploy mods to their pcs. The other problem is that the user needs to really attempt to connect to the ssl vpn first in order for all the Juniper Directories to get created under the Users profile.
I think all of this effort really defeats the purpose of the SSL VPN process being "clientless" and not having to preload/maintain anything on the client pc.