Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Created on ‎12-19-2008 01:13 AM

Disable " save username and password"

Hi, Does anyone know if it´s possible to disable the " save username and password" check box on the Fortinet SSL VPN standalone client ?? also if you can hard-code the server address into a .msi pakage ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
7024
0 Kudos
6 REPLIES 6
mbrowndcm
New Contributor III

Created on ‎12-24-2008 06:35 AM

just an idea you could rebuild the msi to set a registry key after installation of the SSL VPN Client. the key in question is HKEY_USERS\<SID>\Software\Fortinet\SSLVPNclient Which is a mirror of HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient (Usefull if you install it under a different user context)
The explicit keys' data are encrypted and located at: Username: HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient REG_SZ: DATA1 Password: HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient REG_SZ: DATA2 You can execute a batch script (using regini.exe) or a vbscript to adjust the permissions. Check out ORCA from microsoft to modify MSIs. Fortinet' s official stance:
11/24/2008 5:53:00 AM Matt Brown Hello, I' d like to be able to modify the SSL-VPN Client (ftp://pftpintl:F0rt1intl@support.fortinet.com/FortiGate/v3.00/MR7/SSL%20VPN%20Clients/FortiClientSSLVPN_3.0.384.msi) so that we can stop users from saving their passwords (similar to the modifications you can make in the Cisco VPN Client). Is this possible? Thanks, Matt 11/25/2008 9:41:00 AM Raymond Tew BK Hi Matt, As for now, following option is not available. I would suggest you to contact your Fortinet pre-sales representative, in order to submit a new Feature Request if this functionality is require. By submitting a feature request it might be able to include these features into our future releases. Since following is a none technical issue, may I have your permission to close the ticket ? Thanks.
Progress: I' m working on a solution right now: Use Resource Hacker to open the EXE, go to Dialog\102\1033. The following line is the object: CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 80, 161, 158, 10 However, removing this line, and compiling the and saving the EXE causes the EXE to crash upon execute. This is mostly due to something trivial, like the program is looking for SOMETHING there. [update] Original:
CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 80, 161, 158, 10
Test 1, remove the Window Style value WS_VISIBLE:
CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD | WS_TABSTOP, 80, 161, 158, 10
Test 2, move the check box off the visible section of the form (from y 161 to y 250):
CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD | WS_TABSTOP, 80, 250, 158, 10
See below for solution...
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
2957
0 Kudos
rwpatterson
Valued Contributor III
In response to mbrowndcm

Created on ‎12-24-2008 07:12 AM

From a jr. hacker, try removing just the visible, and tabstop options....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2957
0 Kudos
mbrowndcm
New Contributor III

Created on ‎12-24-2008 07:17 AM

From a jr. hacker, try removing just the visible, and tabstop options....
Glad to see someone else is working in NY... yes, i just realized I could just remove them totally... CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD, 80, 161, 158, 10 Does not hide the checkbox control. Let me try the other two tests... Solution (thanks rwpatterson) Change the following line:
CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 80, 161, 158, 10
to
CONTROL " Save user name and password" , 1015, BUTTON, BS_AUTOCHECKBOX | WS_CHILD, 80, 300, 158, 10
Compile, save EXE. MSI packaging: http://msdn.microsoft.com/en-us/library/aa370557.aspx http://msgoodies.blogspot.com/2005/03/extracting-files-from-msi.html http://www.petematheson.co.uk/?p=9
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
2957
0 Kudos
rwpatterson
Valued Contributor III
In response to mbrowndcm

Created on ‎12-24-2008 07:59 AM

LOL... I' m outta here by noon! Enjoy the holiday!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
2957
0 Kudos
mbrowndcm
New Contributor III

Created on ‎12-26-2008 10:56 AM

The server address and port are set in the registry... and the values are retrieved from the registry when the program loads. After setting the desired values, you can set the registry perms to deny write access to: HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient REG_SZ: ServerAddress HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient REG_SZ: ServerPort Also, you can modify the dialog mentioned previously with Resource Hacker as follows: Set the line directly below:
CONTROL " Server Address:" , -1, STATIC, SS_RIGHT | WS_CHILD | WS_VISIBLE | WS_GROUP, 7, 97, 66, 12 , 0x00001000
To:
CONTROL " vpn.toto.com:80443" , 1007, EDIT, ES_LEFT | ES_AUTOHSCROLL | ES_OEMCONVERT | ES_READONLY | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 80, 96, 163, 12
And (after a little more resource hacker tweaking) you get something like this: This value will be set upon first run of the ssl vpn client. The program probably works like this: 1) Generate form control textbox 2) Generate contents of textbox with given value: " vpn.toto.com:80443" 3) Query registry HKEY_CURRENT_USER\Software\Fortinet\SSLVPNclient ServerAddress and ServerPort 4) Values not found? Keep content of textbox from step 2. Values found? Parse and set contents of textbox to " ServerAddress:ServerPort" Good luck, Matt
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
" …you would also be running into the trap of looking for the answer to a question rather than a solution to a problem." - [link=http://blogs.msdn.com/b/oldnewthing/archive/2013/02/13/10393162.aspx]Raymond Chen[/link]
2957
0 Kudos
Carl_Wallmark
Valued Contributor

Created on ‎12-30-2008 12:17 AM

Thank you !!! Happy new-year !

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
2957
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.