1. Home
  2. Docs
  3. LDS Edition Administrator’s Guide
  4. Policies and Settings
  5. Computer Configuration\Software Settings

Computer Configuration\Software Settings

During installation of the DigitalPersona Administration Tools, the following nodes are created under the Computer Configuration\Software Settings node.

DigitalPersona Client (Summary)

These client settings can be found at the following location:

Computer Configuration/Software Settings/DigitalPersona Client.

These settings are used to configure and govern DigitalPersona LDS clients.

Category/- Subcategory     Setting name


Security

  • Authentication
    • Logon Authentication Policy
    • Enhanced Logon Authentication Policy
    • Session Authentication Policy
    • Kiosk Session Authentication Policy
  • Enrollment
    • Self Enrollment Policy
    • Kiosk Administration
    • Allow automatic logon using Shared Kiosk Account
    • Logon/Unlock with Shared Account Credentials
    • Prevent users from logging on outside of a Kiosk session
    • Kiosk Workstation Shared Account Settings
    • Kiosk Unlock Script

DigitalPersona Client (Details)

Security/Authentication

Settings that define DigitalPersona authentication policies are stored at:

Computer Configuration/Policies/Software Settings/DigitalPersona Client/Security/Authentication.

Logon Authentication Policy

The Logon Authentication Policy defines the credentials needed for authentication and logon to Windows. By default, all supported credentials are listed on the tab.

  • If enabled, only the specified authentication devices, in the specified combination, can be used for authentication.
  • If disabled or not configured, any Primary credentials can be used for authentication.

Primary and Secondary credentials

For the purposes of Logon authentication, DigitalPersona credentials are defined as Primary and Secondary credentials. Primary credentials such as Passwords, Fingerprints, Smart cards, Contactless cards and One-Time Passwords) are considered stronger (more secure) than Secondary credentials such as a Proximity card, PIN or Bluetooth device).

When selecting credentials to be used for the Logon Authentication Policy, the first credential must be a Primary credential. Additional (optional) credentials may be either Primary or Secondary credentials.

To add a credential or credential combination to the list

  • Enable the
  • Click the Add link just below the configuration buttons.
  • Click Apply.

To edit a credential or credential combination

  • Click the credential or credential combination and edit it using the dropdown lists provided.
  • Click Apply.

To delete a credential or credential combination

  • Click on the X that appears to the right of the item when hovering over it with your mouse.
  • Click Apply.
Enhanced Logon Authentication Policy

The Enhanced Logon Authentication Policy specifies the credentials or credential combinations that will be used to log on to or unlock the domain computers when any of the conditions specified on the Conditions tab are met. Note that this policy has no effect on DigitalPersona Kiosk clients.

  • If enabled, logon authentication requires the credentials or credential combinations specified in this policy whenever conditions selected on the Conditions tab are met. Note that when the specified conditions are met, this policy replaces the Logon Authentication Policy in force.
  • If disabled or not configured, the standard Logon Authentication Policy remains in force.

To configure the Enhanced Logon Authentication Policy

  1. Select Enabled and click the Add link in order to specify the required credential(s).
  2. Then specify the conditions that must be met for this policy to be applied.
Session Authentication Policy

The Session Authentication Policy defines the credentials needed to access Security applications during a Windows session. By default, all supported credentials are listed on the tab, and may be used in any combination. The distinction between Primary and Secondary credentials does not apply.

  • If enabled, only the specified combination of credentials in the Policy can be used for enrollment
  • If disabled, the user is not prompted to authenticate by DigitalPersona security applications during the Windows session. This configuration provides Single Sign-on The user logs on to Windows, and gains access to all security applications without being prompted to authenticate for each application.
  • If not configured, credentials will be controlled by local However, enrolling of credentials will still require authentication.

To add a credential to the list

  • Enable the
  • Click the Add link just below the configuration buttons.
  • Click Apply.

To edit a credential or credential combination

  • Click the credential or credential combination and edit using the dropdown lists.
  • Click Apply.

To delete a credential or credential combination

  • Click the on the X that appears to the of the credential when it is selected.
  • Click Apply.
Kiosk Session Authentication Policy

The Kiosk Session Authentication Policy defines the credentials that may be used to access Security applications during a DigitalPersona Kiosk session. By default, all supported credentials are listed on the tab.

  • If enabled, only the specified combination of credentials in the Policy can be used for authentication.
  • If disabled or not configured, credentials will be controlled by local GPOs.

To edit or delete a Credential from the list, click the arrow that appears to the right of the credential.

To add a credential to the list, click Add at the top of the list.

Security/Enrollment

Self Enrollment Policy

The Self Enrollment Policy specifies the list of credentials that can be self-enrolled on a client workstation. By default, all supported credentials are listed on the tab.

  • If enabled, only the specified credentials may be used for self
  • If disabled or not configured, any installed and supported credentials may be

Kiosk Administration

Settings that define DigitalPersona Kiosk policies are stored at:

Computer Configuration/Software Settings/DigitalPersona Client/Kiosk Administration.

Allow automatic logon using Shared Kiosk Account

Determines whether the automatic logon feature is enabled. Automatic logon uses the Kiosk Shared Account to log users on to the computer when the Windows operating system starts up. The Log On to Windows dialog box is not displayed.

If disabled or not configured, the automatic logon is disabled.

CAUTION: The automatic logon setting will allow any user to access a Windows session without interactive authentication when the Kiosk computer is restarted.

Logon/Unlock with Shared Account Credentials

If enabled, any user who knows the user name and password for the shared account that Kiosk uses can use those credentials to log on to or unlock the computer. If disabled or not configured, the shared account credentials cannot be used to log on to or unlock the computer.

Prevent users from logging on outside of a Kiosk session

When enabled, only those with administrator privileges are able to log on to any Kiosk workstation controlled by the GPO.

If disabled or not configured, users can log on to the Kiosk workstations as a local user outside of the Kiosk session.

Kiosk Workstation Shared Account Settings

In order for a DigitalPersona LDS Kiosk workstation to function correctly, this setting must be enabled and the Windows shared account information (user name, domain and password) specified.

If enabled, you can specify Windows shared account information for the governed kiosks. If disabled or not configured, Kiosk workstations affected by the GPO will not be operable.

Kiosk Unlock Script

Specifies a script file to run whenever a Kiosk session is unlocked by a new user.

By default, the script file should be located in the following directory on a Domain Controller:

%systemroot%\sysvol\sysvol\domain_DNS_name\scripts

Or, you can specify the full path to a shared folder which contains the script file.

DigitalPersona Server

This server setting can be found at the following location:

Computer Configuration/Software Settings/DigitalPersona Server.

Licenses

License information for DigitalPersona Server is stored at:

Computer Configuration/Software Settings/DigitalPersona Server/Licenses.

  • To add a license for a DigitalPersona LDS Server, right-click the License node and select Add license. Follow the instructions given in the DigitalPersona Activation