5-24
Cisco Secure Desktop Configuration Guide
OL-8607-02
Chapter 5 Setting Up CSD for Microsoft Windows Clients
Configuring the Secure Desktop for Clients that Match Location Criteria
risk is a bigger issue than the deployment advantages of the alternative. Operating System
limitations may prevent CSD from enforcing prevention of desktop switching, even if you disable
this feature.
You can configure both the Secure Desktop component of CSD and Cisco SSL VPN Client (SVC)
to run simultaneously on client PCs. If you check this attribute, the SVC connection becomes
available to both.
•
Enable Vault Reuse—Check to allow users to close the Secure Desktop and open it again at a later
time. The Vault is a persistent desktop that is available from one session to the next. If you enable
this option, users must enter a password (up to 127 characters in length) when CSD creates the
Secure Desktop. This is useful if users are running the Secure Desktop on computers that are likely
to be reused; for example, a home computer. When a user closes the Secure Desktop, CSD does not
destroy the Vault. If you do not enable this option, CSD automatically destroys the Vault at the end
of each Secure Desktop session.
If unchecked, this attribute activates the following two attributes.
•
Suggest application uninstall upon Secure Desktop closing—Check to prompt the user and
recommend that the Secure Desktop be uninstalled when it closes. In contrast to the option below,
the user has the choice to refuse the uninstallation.
Note
Leave this option disabled if you want users to be able to use the Vault. Checking this option
uninstalls the Vault from the user's computer when the Secure Desktop closes.
•
Force application uninstall upon Secure Desktop closing—Check if you do not want to leave the
Secure Desktop application on untrusted computers after users are done using it. The Secure
Desktop uninstalls when it closes.
Note
Leave this option disabled if you want users to be able to use the Vault. Checking this option
uninstalls the Vault from the user's computer when the Secure Desktop closes.
•
Enable Secure Desktop inactivity timeout—Check to close the Secure Desktop automatically after
a period of inactivity.
Because CSD runs on the client machine, it detects real inactivity and closes the Secure Desktop to
avoid leaving anything behind.
If checked, this attribute activates the following attribute.
•
Timeout After—Choose the number of minutes (1, 2, 5, 10, 15, 30, or 60) to set the timeout period
if you checked the “Enable Secure Desktop inactivity timeout” attribute. This attribute is the
associated inactivity timer.
•
Launch hidden URL upon Secure Desktop closing—Check this box and enter a URL in the field to
make CSD automatically open a web page when the Secure Desktop closes.
•
Secure Delete—CSD encrypts and writes the Secure Desktop to the remote client’s disk. Upon
termination of the Secure Desktop, CSD converts all bits occupied by the Secure Desktop to all 0’s,
then to all 1’s, and then to randomized 0’s and 1’s. Choose the number of times for CSD to perform
this cleanup task. The default setting, 1 pass, meets the US Department of Defense (DoD) standard
for securely deleting files. Following the completion of the task the number of times specified,
CSD removes the pointer to the file (that is, performs a “Windows-delete”).
Note
Click
Apply All
to save the running CSD configuration.