Hiding the Secure Login Client

Hi,

We have recently implemented the NW SSO 2.0 with Kerberos authentication (without Secure login server). Before we roll this out to end users, we feel if there is an option to hide the Secure login client from being displayed to end users. Many users have admin rights on their PC's and with secure login client we have options to choose the different certificates for SAPGUI to use for SSO. We basically want to use kerberos token to use for SSO to SAP systems but want to hide the secure login client to end users.

Can you please let me know if there is any options doing it?

Thanks

Thilip Kumar