1. Home
  2. Docs
  3. LDS Edition Installation Guide
  4. Configuration for use with DigitalPersona LDS Kiosk (Optional)

Configuration for use with DigitalPersona LDS Kiosk (Optional)

If your environment will include installations of DigitalPersona LDS Kiosk, you will need to specifically configure the DigitalPersona LDS Server for use with the DigitalPersona LDS Kiosk component.

After completing the procedures described in the preceding pages, follow these instructions for setting up and configuring the DigitalPersona LDS Server and environment for use with DigitalPersona LDS Kiosk.

  • Optionally, create an OU for each kiosk and assign computers to the kiosk See Creating the OU for the Kiosk below. By default, all computers in the AD domain are treated as a single kiosk. You may want to set up multiple, separate kiosks by using OUs.
  • Create a Shared Account in Active Directory and specify the account information either by GPO or on individual kiosk See the topics Kiosk Shared Account Settings and Adding Shared Account Settings Using GPO below.
  • Install DigitalPersona LDS Kiosk on See the DigitalPersona Kiosk Installation chapter in the DigitalPersona Client Guide.
  • Enroll user credentials. By default, DigitalPersona users are not allowed to enroll their own credentials, as user creation and credential enrollment are handled centrally through the DigitalPersona Attended Enrollment component. For more information, refer to the chapter DigitalPersona Attended Enrollment in the DigitalPersona Client

Configure Kiosk GPO settings

Kiosk Shared Account Settings

At the kiosk level, whether it is the domain or an OU, you must specify the kiosk Shared Account information. For more information, see the topic Adding Shared Account Settings Using GPO below.

Creating the OU for the Kiosk

When you install DigitalPersona LDS Server and DigitalPersona LDS Kiosk, the entire domain is considered as one kiosk unless you complete further configuration.

To create multiple kiosks in a domain, or to limit the usage of the kiosk to specific computers only, you should create an organizational unit (OU) for each kiosk and then assign computers to the OU. You might create several kiosks where each kiosk is associated with its own OU. If computers in the same OU are geographically located in different sites, each OU per site is a kiosk.

Specifying a Shared Account for the Kiosk

DigitalPersona LDS Kiosk requires an account, known as the Shared Account, that is specified on every kiosk computer. Account information includes the user name, domain name and password for an Active Directory account. You should have one Shared Account per kiosk with a Password never expires setting.

You can configure the kiosk Shared Account by supplying the kiosk Shared Account information through GPO settings, as described below.

If the kiosk Shared Account information is distributed through Group Policies settings, all computers that belong to the selected object level in Active Directory, such as OU, Domain, or Site, receive the kiosk Shared Account settings.

DigitalPersona LDS Kiosk automatically assigns the “Impersonate a client after authentication” user right to the kiosk Shared Account. This right allows programs that run on behalf of that user to impersonate a client. This right allows DigitalPersona LDS Kiosk to authenticate multiple users while using only one logon session for the Shared Account.

Adding Shared Account Settings Using GPO

The DigitalPersona Kiosk Shared Account setting is provided as part of the GPMC Extensions component of the DigitalPersona Administration Tools, a separate installation available in your DigitalPersona LDS product package.

This setting is located at Computer Configuration/Policies/Software Settings/DigitalPersona Client/Kiosk Administration.

You can use the Group Policy Management Editor to modify these settings. For the Kiosk Shared Account Settings, at the OU level for the kiosk, open the Kiosk Administration node and double-click Kiosk Workstation Shared Account Settings. Specify the following values:

  • Kiosk Shared Account user name
  • Kiosk Shared Account NetBIOS domain name
  • Kiosk Shared Account password

The Shared Account information will be enabled for all computers in the OU.