CRYPTOLogon Agent. for Windows Domain Logon Authentication. Deployment Guide. Copyright , CRYPTOCard Corporation, All Rights Reserved.
|
|
- Vanessa Robbins
- 8 years ago
- Views:
Transcription
1 CRYPTOLogon Agent for Windows Domain Logon Authentication Deployment Guide
2 Table of Contents 1. OVERVIEW SINGLE AUTHENTICATION MODE (MS-GINA REPLACEMENT) DUAL AUTHENTICATION MODE (MS-GINA FILTER) LOCAL MACHINE LOGON TERMINOLOGY CRYPTOLOGON FEATURES AND DEPLOYMENT CONSIDERATIONS INTEROPERABILITY COMPATIBILITY OPERATION TYPICAL LOGON SEQUENCE CRYPTOLOGON SECURITY FEATURES DEPLOYMENT CONSIDERATIONS DEPLOYMENT METHODS INSTALLATION PREREQUISITES INSTALLATION SEQUENCE STEP 1 - RADIUS SERVER CONFIGURATION FOR SINGLE OR DUAL AUTHENTICATION MODE FOR EASYRADIUS: FOR FUNK STEEL-BELTED RADIUS: FOR CISCO SECURE: STEP 2- ADDITIONAL RADIUS SERVER CONFIGURATION FOR SINGLE AUTHENTICATION MODE ONLY FOR EASYRADIUS: FOR FUNK STEEL-BELTED RADIUS: FOR CISCO SECURE ACS RADIUS: CRYPTOLOGON INSTALLATION TYPICAL INSTALLATION CUSTOM INSTALL For assistance mailto:support@cryptocard.com i
3 4. USING CRYPTOLOGON USING CRYPTOLOGON IN DUAL AUTHENTICATION MODE USING CRYPTOLOGON IN SINGLE AUTHENTICATION MODE TROUBLESHOOTING ON WINDOWS ON REDHAT ON SOLARIS LOGGING ON TO MULTIPLE DOMAINS IN SINGLE AUTHENTICATION MODE For assistance ii
4 1. Overview CRYPTOLogon is a strong user authentication agent for Windows NT, 2000, and XP based computers. It provides two-factor authentication for LANs (Windows domain) and local machine logon. It can be used in one of two modes: 1.1 Single Authentication Mode (MS-GINA replacement) In this mode, an End-user is required to authenticate against a CRYPTOAdmin SPT Server, using their CRYPTOCard token. The End-user is immediately logged onto the domain after a successful CRYPTOCard authentication. Single Authentication Mode is ideal where there will be no requirement for the End-user to be aware of a Microsoft User Name / Password. In this mode, a token will be used to access the network regardless of the location of the Enduser in the network. It provides the End-user with a single, universal logon method from any point in the network. The user will not need to know a Microsoft User Name / Password and will therefore not be required to periodically change their password although they retain their network access and privileges. In Single Authentication mode the MS-GINA module is replaced with the CRYPTOCard CCGina module. Note that some 3rd party applications also perform an MS-GINA replacement (such as some VPN clients), which will conflict with Single Authentication mode. If this is a concern then Dual Authentication Mode should be selected. 1.2 Dual Authentication Mode (MS-GINA filter) In this mode, a user is required to authenticate against a CRYPTOAdmin SPT Server using their CRYPTOCard token. After the successful CRYPTOCard authentication, the user must then provide their Microsoft User Name / Password to complete the logon process. Dual Authentication Mode is most commonly employed if it is desirable to have a different logon method depending on the location of the user. For example, Dual Authentication Mode could require both CRYPTOCard authentication and Microsoft User Name / Password for remote access to Terminal Server but require only Microsoft User Name / Password for local access to the same facility. Dual Authentication Mode can be used with existing MS-GINA or any 3 rd party (e.g. VPN Client) GINA module. 1.3 Local Machine Logon CRYPTOLogon also protects access to the local machine. Once installed an ST-1/EUS Software or SC-1/EUS Smart Card token is required to logon to the local machine and gain access to the desktop. These tokens may also be used for VPN, Web server and all other authentication requirements. For assistance mailto:support@cryptocard.com 1
5 1.4 Terminology Shared Secret: an alphanumeric string (key) that will be used to encrypt communications between the RADIUS Client (in this case the CRYPTOLogon enabled workstation) and the RADIUS Server. It is recommended that each client use a unique key. Token Name: The token name is the name assigned to a token in the CRYPTOAdmin Server. Though not mandatory, it is recommended that the Windows User Name and the token name be identical to minimize CRYPTOLogon configuration. EUS: The term EUS will be used throughout this document to refer to functionality common to all supported token types (ST-1, SC-1). ST-1/EUS: The term ST-1/EUS will be used to distinguish implementation or usage specific to the ST-1 software token. SC-1/EUS: Collectively the SC-1 and EUS are referred to as SC-1/EUS. The term SC-1/EUS will be used to distinguish implementation or usage specific to the SC-1 smart card token. SC-1: The term SC-1 refers to tokens that are installed on a smart card. The SC-1 smart card interface with the end-user computer is either a USB reader or a PC Card (PCMCIA). The EUS provides the application level interface between the SC-1 token and the end-user, agent or plug-in. ST-1: The term ST-1 refers to tokens that are installed on the end-user computer. This token type is strictly a software token. The EUS provides the application level interface between the ST-1 token and the end-user, agent or plug-in. Collectively the ST-1 and EUS are referred to as ST-1/EUS. KT-1: The term KT-1 refers to a hardware token that can be placed on a key chain. RB-1: The term RB-1 refers to a hardware token which resembles a calculator. End-user: The end-user is the person that will use a token to gain access to a CRYPTOCard protected network. In the context of this document, end-users do not have administrator rights on the domain or the local computer. For assistance mailto:support@cryptocard.com 2
6 2. CRYPTOLogon Features and Deployment Considerations 2.1 Interoperability CRYPTOLogon is available for Windows NT4, 2000, and XP based systems. However, operating system support for smart cards is not yet universal, therefore the SC-1 is available for a smaller range of computing environments. The following chart reflects interoperability at time of publication. CRYPTOLogon Interoperability Token Type CRYPTOLogon Installation Environment ST-1/EUS SC-1/EUS KT-1/RB-1 Windows NT 4.0 SP6 Windows 2000 (SP3 required for SC-1) Windows XP SP1 Windows 2000 Terminal Server Windows Citrix Metaframe Server 2.2 Compatibility CRYPTOLogon can be used with any CRYPTOCard token type. Either an ST-1/EUS or SC- 1/EUS must be installed on computers that will be used when not connected to the LAN. Computers that are always connected to the LAN are not required to have the /EUS tokens installed. CRYPTOLogon provides advanced functionality, security and interoperability and is designed for use with the CRYPTOAdmin 5.32 SPT Authentication Server. The ST-1 application and tokens prior to Version 5.32 cannot be used with CRYPTOLogon version Earlier versions of ST-1 tokens can be upgraded for use with the EUS as required. The upgrade does not require tokens to be reissued. 2.3 Operation CRYPTOLogon is invoked during system boot and any interactive logon (Ctrl+Alt+Del). In addition to domain logon, it is configurable to require an authentication to unlock a workstation or terminate a screen saver. If using the SC-1/EUS Smart Card, CRYPTOLogon may be configured to lock the workstation when the smart card is removed. It may be further configured to allow only the locking user to unlock the workstation or allow any user with a valid CRYPTOCard token to do so. The latter functionality is useful in shared workstation environments such as nursing stations. Only by re-authentication can the keyboard be unlocked. For assistance mailto:support@cryptocard.com 3
7 2.4 Typical Logon Sequence Single Authentication Mode: User unlocks token with secret security PIN. Token generates a new, one-time password. Password is automatically (ST-1/EUS or SC-1/EUS) or manually (RB-1, KT-1) entered into CRYPTOLogon dialogue box. The actual user experience will vary depending on the token type from fully transparent with EUS tokens to manual input of onetime password with hardware tokens. The CRYPTOAdmin SPT Server authenticates the user and returns an access accept to CRYPTOLogon. In Single Authentication mode the End-user is now logged onto the domain. If using Dual Authentication Mode the End-user is now required to enter their Microsoft User Name / Password for authentication against the Domain Controller. The End-user is now logged onto the domain. Note that if the computer is not connected to the domain the End-user must enter the tokens secret security PIN (ST-1/EUS or SC-1/EUS) to enable the token, allowing the computer to continue booting. 2.5 CRYPTOLogon Security Features CRYPTOLogon provides the following features which can be modified to suit your network security needs. CRYPTOLogon Security Features Y standard feature set according to security policy Hardware Tokens EUS Tokens Token specific features RB-1 KT-1 ST-1 SC-1 Select a Domain Name Separator Character Y Y n/a n/a Display Default Username Y Y n/a n/a Don t Display the Last Username Y Y n/a n/a Enable CRYPTOCard Options Button n/a n/a Y Y Enable Shutdown Button Y Y Y Y Lock Workstation on Removal n/a n/a n/a Y Logoff Workstation on Removal n/a n/a n/a Y Lock Workstation on Screensaver Timeout Y Y Y Y Default Shutdown Setting: Restart or Shutdown Y Y Y Y User Filter Choice: Checkbox to allow user to choose Windows Authentication after successfully logging on to the CRYPTOAdmin SPT Server. Y Y Y Y Legal Notice Caption Y Y Y Y Legal Notice Text Y Y Y Y Shutdown workstation without logging off. Y Y Y Y For assistance mailto:support@cryptocard.com 4
8 2.6 Deployment Considerations An end-user or administrator can apply new ST-1/SC-1 tokens but administrator rights are required to remove or reapply a token to the EUS. A CRYPTOCard token is locked when the number of consecutive incorrect PIN attempts threshold is exceeded. A locked token cannot be re-enabled. Locked tokens are replaced by removing and re-issuing the token. Function Software Token (ST-1/SC-1) End-user Hardware token (RB-1/KT-1) Software Token (ST-1/SC-1) Administrator Hardware token (RB-1/KT-1) Install CRYPTOLogon Yes Yes Yes Yes Install EUS Yes Yes Yes Yes Apply token Yes n/a Yes n/a Reapply/Reinitialize token No No Yes Yes Delete/Rename token No No Yes Yes Unlock token No No No No 2.7 Deployment Methods Deployment of CRYPTOLogon requires the following: 1. Installation of CRYPTOLogon and a CRYPTOCard ST-1/EUS or SC-1/EUS on any computer that will be used when disconnected from the LAN. This can be done using standard practices including local installation, Microsoft SMS, drive ghosting etc. 2. Delivery of the CRYPTOCard tokens to the end-user / machine. For software tokens this can be accomplished by any practical means including local installation or Initialization of the CRYPTOCard token using the initial deployment PIN. The PIN can be delivered to the end user using any practical means. If using electronic deployment it is good practice to use separate delivery of the initialization file from the initial deployment PIN. CRYPTODeploy is an optional web based enrolment system for CRYPTOCard applications and software and hardware tokens. It provides for both Push and Pull deployment. Push provides the administrator with the facility to deliver a CRYPTOCard application and the tokens to pre-approved end-users. Pull provides a method for end-users to request a token and upon approval, receive the token and the CRYPTOCard application. In both cases, the user is directed by to a unique URL for one-time pick-up and installation of either a CRYPTOCard Application or a ST-1/SC-1 token. A separate provides the initial deployment PIN required to complete the installation. The URL is invalidated after installation of the CRYPTOCard token. Contact sales@cryptocard.com for more information about CRYPTODeploy. For assistance mailto:support@cryptocard.com 5
9 3. Installation 3.1 Prerequisites The following systems must be installed and functioning prior to installing and testing CRYPTOLogon: 1. CRYPTOAdmin SPT Server must be installed with one of the following RADIUS servers: easyradius (included with CRYPTOAdmin SPT Server), Cisco Secure ACS v2.6+ or Funk Steel Belted RADIUS The End-user (NT/2000/XP) must be able to logon to the domain using standard Microsoft user name / password. 3. The End-user must have a valid CRYPTOCard token issued by the CRYPTOAdmin SPT Server. Any token type can be used however either an ST-1/EUS or SC- 1/EUS token must be installed if the computer will be used when disconnected from the LAN. Refer to the SC-1/EUS and ST-1/EUS Token Deployment Guide for installation instructions. 4. For Single Authentication Mode Only: An account called cryptocard with an initial password of or "1111,AAAA,zzzz", (whichever is compatible with your password policy) must be configured on the domain controller. This account must have the right to modify domain passwords. Normally it is sufficient to add the cryptocard account to the Account Operators group. Bear in mind, if a user is part of a group which has more rights than that of the account operator, the cryptocard account will not be able to reset the users password. This account is not required for Dual Authentication Mode. 5. The following information is also required: IP Address of the RADIUS server, port number used by the RADIUS server and the shared secret. 6. Install CRYPTOLogon in Single Mode if upgrading a previous CRYPTOLogon implementation. 3.2 Installation Sequence Configure RADIUS Server for CRYPTOLogon Install EUS based tokens if required Install CRYPTOLogon Agent For assistance mailto:support@cryptocard.com 6
10 3.3 Step 1 - RADIUS Server Configuration for Single or Dual Authentication Mode Every CRYPTOLogon enabled workstation must be registered as a RADIUS Client with the RADIUS Server. Be sure to verify the RADIUS Port values. The values should be either 1645 or For easyradius: Edit the clients file. On Windows systems it can be found in: \Program Files\CRYPTOCard\CRYPTOAdmin\server On Solaris / Linux systems it can be found in: /etc/cryptocard directory. Include the IP address and shared secret for each CRYPTOLogon enabled workstation. By default, the shared secret is testing123 without the quotes. A network bit mask can be used to define a group of IP addresses. For example, /24 testing123 will enable the entire class C subnet using shared secret of testing /24 testing123 localhost testing testing For Funk Steel-Belted Radius: Register each CRYPTOLogon enabled workstation as a RAS Client in Funk SBR For Cisco Secure: Register each CRYPTOLogon enabled workstation as a NAS client in Cisco Secure ACS. You must also create an account in Cisco Secure ACS that matches each CRYPTOCard Token Name. RADIUS Server configuration is complete for Dual Authentication Mode implementations. Go to Section 3.5 CRYPTOLogon Installation For assistance mailto:support@cryptocard.com 7
11 3.4 Step 2- Additional RADIUS Server Configuration for Single Authentication Mode Only For easyradius: A default entry must be created in the easyradius users file. On Windows systems it can be found in: \Program Files\CRYPTOCard\CRYPTOAdmin\server On Solaris / Linux systems it can be found in: /etc/cryptocard directory. A DEFAULT entry applies to all users. DEFAULT entries would be placed at the bottom of the users files: DEFAULT Auth-Type = CRYPTOCard NT-Domain = MyDomain Note: Only one Domain can be specified per DEFAULT entry. If you need to configure multiple domains, refer to the Troubleshooting Section. If a CRYPTOCard token name does not match the NT Username, an entry must be placed in the users file. User entries are normally placed at the top of the users file but can be placed at the bottom. Cryptocardtokename Auth-Type = CRYPTOCard NT-Username = bob, NT-Domain = MyDomain More configuration examples can be found in the users file. For assistance mailto:support@cryptocard.com 8
12 3.4.2 For Funk Steel-Belted Radius: Each CRYPTOCard Token must be part of a CRYPTOAdmin group and an identical profile must be created in Steel-Belted Radius. The profile must have a Filter-ID attribute in the Return-List that specifies the NT domain for those users. The graphic shows the Steel-Belted Radius administrator GUI. Since the end-user has a CRYPTOCard token account in the CRYPTOCARD group, a CRYPTOCARD profile has been created, that specifies that these users be from the MyDomain Windows NT domain. For assistance mailto:support@cryptocard.com 9
13 3.4.3 For Cisco Secure ACS Radius: The profile must have a Filter-ID attribute that specifies the NT domain for that user. If the token name is not the same as the NT username, then a Filter-ID attribute for the NT username must also be included. The graphic shows the Cisco Secure setting for a CRYPTOCard token account. Since this end-user has a CRYPTOCard token with a different name from their NT account, their NT username is included (shown here as NTusername ). Furthermore, the NT domain that this user is from is specified as MyDomain. These attributes can be set both at the group level and at the user level. Therefore, the NT domain can be specified at the group level in Cisco Secure, and NT usernames can be specified as needed, at the user level. For assistance mailto:support@cryptocard.com 10
14 3.5 CRYPTOLogon Installation The CRYPTOLogon install package requires Microsoft MSI Installer software. Windows NT 4.0 does not include this product by default. Select Typical to install CRYPTOLogon in Dual Authentication Mode with no End-user options. Select Custom to install CRYPTOLogon in Single Authentication Mode or to add End-user options to Dual Authentication Mode Typical Installation Registry Settings Dual Authentication Mode forces users to authenticate to the CRYPTOAdmin SPT Server prior to authenticating to a Microsoft Domain controller. (FilterMode = 1) Workstation is locked on removal of SC-1 Smart Card or screen saver activation. (LockWorkStnOnRemoval = 1; LockWorkStnOnTimeout = 1) For assistance mailto:support@cryptocard.com 11
15 3.5.2 Custom Install Registry Settings Setup Screen if SC-1 Smart Card Token is selected. Enable Options button: permits End-user to enable/disable lock workstation on screen saver activation or on SC-1 smart card removal. Enable Shutdown button: display/hide shutdown button Allow Any User to Unlock Desktop: by default workstation can only be unlocked by current End-user. If selected, any valid CRYPTOCard Token can unlock workstation. Maximum Unlock Attempts: maximum incorrect consecutive Token PIN attempts permitted by CRYPTOLogon. If exceeded End-user is Logged Off. This value should be lower than the maximum number of incorrect consecutive PIN attempts permitted for ST-1 or SC-1 token. For assistance 12
16 4. Using CRYPTOLogon 4.1 Using CRYPTOLogon in Dual Authentication Mode Once the workstation has rebooted you will be prompted with a CRYPTOCard Secure Password Logon Window. The CRYPTOCard logon screen will vary depending on the type of token being used. For Software or Smart Card tokens, CRYPTOLogon will query the CRYPTOCard EUS and a list of all available tokens will appear in the Token Name drop down box. Select your token, enter the PIN and Click on OK. For Hardware tokens such as the RB-1 and the KT-1, enter the User name and response then click on OK. If all tokens types were selected during the installation, you will be able to choose the token type by selecting the Use Hardware Token or Use Software Token buttons. Software or Smart Card Token Hardware Token Once authenticated to the CRYPTOAdmin SPT server, a Microsoft Windows logon screen will appear. For assistance mailto:support@cryptocard.com 13
17 4.2 Using CRYPTOLogon in Single Authentication Mode Once the workstation has rebooted you will be prompted with a CRYPTOCard Secure Password Logon Window. The CRYPTOCard logon screen will vary depending on the type of token being used. For Software or Smart Card tokens, CRYPTOLogon will query the CRYPTOCard EUS and a list of all available tokens will appear in the Token Name drop down box. Select your token, enter the PIN and Click on OK. For Hardware tokens such as the RB-1 and the KT-1, enter the User name and response then click on OK. If all tokens types were selected during the installation, you will be able to choose the token type by selecting the Use Hardware Token or Use Software Token buttons. Software or Smart Card Token Hardware Token The End-user is logged onto the domain after a successful authentication. If the RADIUS Server cannot be found (i.e. the computer is disconnected from the LAN), the End-user must first complete the CRYPTOCard Logon and then enter their Microsoft password for the local machine. Note that the End-user cannot use a cached password to logon to the domain account. For assistance mailto:support@cryptocard.com 14
18 4.3 Troubleshooting Troubleshooting connection problems If you are experiencing continuous authentication failures, try running the CRYPTOAdmin service and easyradius service in the foreground On Windows From the Services icon in the Control Panel, stop both the CRYPTOAdmin and easyradius services. Open a Command Prompt and go to the \ Program Files \ CRYPTOCard \ CRYPTOAdmin \ Server directory. Enter the command radiusd sfxxyz l stdout without the quotes. The screen should display the message Ready to process requests. This will send all output to the screen. This allows you to see in real-time all activity occurring on the RADIUS Server On RedHat From a console type /etc/rc.d/init.d/radiusd stop. Then type /etc/rc.d/init.d/radiusd start debug. The screen should display the message Ready to process requests On Solaris From a console type /etc/init.d/radiusd stop. Then type /etc/init.d/radiusd start debug. The screen should display the message Ready to process requests. Place CRYPTOLogon in debug mode. Open the registry editor then go to: HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\CRYPTOLogon\CurrentVersion Create a new string value called Debug. The value data is deadca. Restart the workstation. If using a Third Party RADIUS server refer to its troubleshooting documentation. 4.4 Logging on to multiple domains in Single Authentication Mode. Hardware token users using Single Authentication Mode on Windows workstations can log on to multiple domains. The default domain separator character (a period) can be used to specify an alternate domain. For assistance mailto:support@cryptocard.com 15
19 Example: Bob.mydomain The domain name character value can be changed in the registry. Open the registry editor then go to: HKEY_LOCAL_MACHINE\SOFTWARE\CRYPTOCard\CRYPTOLogon\CurrentVersion Modify the DomainSeparatorCharacter value data and specify the character to use as a separator. If you encounter a problem that cannot be solved using the tips above, contact support@cryptocard.com or call us at (800) or , Monday through Friday 8:30 am to 5:00 pm EST. For assistance mailto:support@cryptocard.com 16
Cisco VPN Concentrator Implementation Guide
Cisco VPN Concentrator Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationUsing RADIUS Agent for Transparent User Identification
Using RADIUS Agent for Transparent User Identification Using RADIUS Agent Web Security Solutions Version 7.7, 7.8 Websense RADIUS Agent works together with the RADIUS server and RADIUS clients in your
More informationSystem Area Manager. Remote Management
System Area Manager Remote Management Remote Management System Area Manager provides remote management functions for its managed systems, including Wake on LAN, Shutdown, Restart, Remote Console and for
More informationAgent Configuration Guide for Microsoft Windows Logon
Agent Configuration Guide for Microsoft Windows Logon Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All
More informationNetwork Connect Installation and Usage Guide
Network Connect Installation and Usage Guide I. Installing the Network Connect Client..2 II. Launching Network Connect from the Desktop.. 9 III. Launching Network Connect Pre-Windows Login 11 IV. Installing
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationRSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationSELF SERVICE RESET PASSWORD MANAGEMENT GPO DISTRIBUTION GUIDE
SELF SERVICE RESET PASSWORD MANAGEMENT GPO DISTRIBUTION GUIDE Copyright 1998-2015 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any
More informationAdministration Guide ActivClient for Windows 6.2
Administration Guide ActivClient for Windows 6.2 ActivClient for Windows Administration Guide P 2 Table of Contents Chapter 1: Introduction....................................................................12
More informationStrong Authentication for Microsoft Windows Logon
Strong Authentication for Microsoft Windows Logon with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationSSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.
Contents Introduction... 2 Prepare Work PC for Remote Desktop... 4 Add VPN url as a Trusted Site in Internet Explorer... 5 VPN Client Installation... 5 Starting the VPN Application... 6 Connect to Work
More informationBlackShield ID Best Practice
BlackShield ID Best Practice Implementation Guide for a Complex Network Document Scope This document is designed to demonstrate best practice when implementing and rolling out a two-factor authentication
More informationJuniper Networks SSL VPN Implementation Guide
Juniper Networks SSL VPN Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationHow To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net 3.5.1 (Net 2) On A Gmaalto.Com Web Server
Application Note: Integrate Juniper SSL VPN with Gemalto SA Server SASolutions@gemalto.com October 2007 www.gemalto.com Table of contents Table of contents... 2 Overview... 3 Architecture... 5 Configure
More informationPassword Manager Windows Desktop Client
Password Manager Windows Desktop Client EmpowerID provides an extension that allows organizations to plug into Password Manager to customize the Windows logon experience beyond that supplied by the standard
More informationExternal Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More informationHOTPin Integration Guide: DirectAccess
1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility
More informationHow To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The
1-bay NAS User Guide INDEX Index... 1 Log in... 2 Basic - Quick Setup... 3 Wizard... 3 Add User... 6 Add Group... 7 Add Share... 9 Control Panel... 11 Control Panel - User and groups... 12 Group Management...
More informationNetIQ Advanced Authentication Framework - Client. User's Guide. Version 5.1.0
NetIQ Advanced Authentication Framework - Client User's Guide Version 5.1.0 Table of Contents 1 Table of Contents 2 Introduction 4 About This Document 4 NetIQ Advanced Authentication Framework Overview
More informationApache Server Implementation Guide
Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042
More informationRSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationBorderGuard Client. Version 4.4. November 2013
BorderGuard Client Version 4.4 November 2013 Blue Ridge Networks 14120 Parke Long Court, Suite 103 Chantilly, Virginia 20151 703-631-0700 WWW.BLUERIDGENETWORKS.COM All Products are provided with RESTRICTED
More informationSELF SERVICE RESET PASSWORD MANAGEMENT IMPLEMENTATION GUIDE
SELF SERVICE RESET PASSWORD MANAGEMENT IMPLEMENTATION GUIDE Copyright 1998-2015 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form
More information2X ApplicationServer & LoadBalancer Manual
2X ApplicationServer & LoadBalancer Manual 2X ApplicationServer & LoadBalancer Contents 1 URL: www.2x.com E-mail: info@2x.com Information in this document is subject to change without notice. Companies,
More informationpcanywhere Advanced Configuration Guide
Introduction The pcanywhere Solution Advanced Configuration Guide is provided to assist customers with advanced features once they have the Symantec Management Platform with pcanywhere Solution installed.
More informationCheck Point FW-1/VPN-1 NG/FP3
Check Point FW-1/VPN-1 NG/FP3 Implementation Guide Copyright Copyright 2006, CRYPTOCard Corp. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval
More informationHow To Upgrade A Websense Log Server On A Windows 7.6 On A Powerbook (Windows) On A Thumbdrive Or Ipad (Windows 7.5) On An Ubuntu 7.3.2 (Windows 8) Or Windows
Websense v7.6 Install or Upgrade Checklist Greetings from Websense Technical Support. Most Websense upgrades complete successfully, and from my years of troubleshooting, I have learned a number of steps
More informationChapter 1 Scenario 1: Acme Corporation
Chapter 1 Scenario 1: Acme Corporation In This Chapter Description of the Customer Environment page 18 Introduction to Deploying Pointsec PC page 20 Prepare for Deployment page 21 Install Pointsec PC page
More informationCisco ASA Authentication QUICKStart Guide
Cisco ASA Authentication QUICKStart Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved.
More informationExternal Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845
More informationExternal Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010
More informationDIS VPN Service Client Documentation
DIS VPN Service Client Documentation Background ------------------------------------------------------------------------------------------------ 1 Downloading the Client ---------------------------------------------------------------------------------
More informationImplementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID
Implementation Guide for Juniper SSL VPN SSO with OWA with BlackShield ID Copyright 2009 CRYPTOCard Inc. http:// www.cryptocard.com Copyright Copyright 2009, CRYPTOCard All Rights Reserved. No part of
More informationUSER GUIDE WWPass Security for Windows Logon
USER GUIDE WWPass Security for Windows Logon December 2015 TABLE OF CONTENTS Chapter 1 Welcome... 3 Introducing WWPass Security for Windows Logon... 4 Related Documentation... 4 Presenting Your PassKey
More informationExternal Authentication with Citrix Access Gateway Advanced Edition
External Authentication with Citrix Access Gateway Advanced Edition Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business Park Theale Reading RG7 4TY Andy Kemshall
More informationCRYPTOCard. Strong Two Factor Authentication
CRYPTOCard Strong Two Factor Authentication CRYPTOCard Solutions Overview Cybercrime is a serious, real, and all-to-prevalent threat to networked assests. With the abundance of deployed workers requiring
More informationExternal authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy
External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More informationSecurEnvoy Windows Login Agent
SecurEnvoy Windows Login Agent Including support for SecurPassword SecurEnvoy Ltd 1210 Parkview, Arlington Business Park, Theale, Reading. RG7 4TY Tel: 0845 2600010 Fax: 0845 260014 www.securenvoy.com
More informationFull disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy
Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview
More informationInstallation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit www.specopssoft.
. All right reserved. For more information about Specops Inventory and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Inventory is a trademark owned by Specops Software.
More informationCore Protection for Virtual Machines 1
Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this
More informationSetting up VPN and Remote Desktop for Home Use
Setting up VPN and Remote Desktop for Home Use Contents I. Prepare Your Work Computer... 1 II. Prepare Your Home Computer... 2 III. Run the VPN Client... 3 IV. Remote Connect to Your Work Computer... 4
More informationHow To Create An Easybelle History Database On A Microsoft Powerbook 2.5.2 (Windows)
Introduction EASYLABEL 6 has several new features for saving the history of label formats. This history can include information about when label formats were edited and printed. In order to save this history,
More informationExternal Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Checkpoint R75.40 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale
More informationINSTALL AND CONFIGURATION GUIDE. Atlas 5.1 for Microsoft Dynamics AX
INSTALL AND CONFIGURATION GUIDE Atlas 5.1 for Microsoft Dynamics AX COPYRIGHT NOTICE Copyright 2012, Globe Software Pty Ltd, All rights reserved. Trademarks Dynamics AX, IntelliMorph, and X++ have been
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
More informationBlackShield ID Agent for Remote Web Workplace
Agent for Remote Web Workplace 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced,
More informationWatchGuard Mobile User VPN Guide
WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).
More informationAgent Configuration Guide
SafeNet Authentication Service Agent Configuration Guide SAS Agent for Microsoft Internet Information Services (IIS) Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright
More informationipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy
ipad or iphone with Junos Pulse and Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More informationAstaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client
Astaro Security Gateway V8 Remote Access via L2TP over IPSec Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If
More informationHELP DOCUMENTATION E-SSOM INSTALLATION GUIDE
HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means
More informationExternal authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy
External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010
More informationSetting up VPN and Remote Desktop for Home Use
Setting up VPN and Remote Desktop for Home Use Contents I. Prepare Your Work Computer... 1 II. Prepare Your Home Computer... 2 III. Run the VPN Client... 3-4 IV. Remote Connect to Your Work Computer...
More informationBlackShield ID Agent for Terminal Services Web and Remote Desktop Web
Agent for Terminal Services Web and Remote Desktop Web 2010 CRYPTOCard Corp. All rights reserved. http:// www.cryptocard.com Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication
More informationManual for configuring NIC VPN in Windows OS
Manual for configuring NIC VPN in Windows OS NIC is introducing a new web based VPN interface to allow s to connect to NICNET through VPN. Apart from existing Client based VPN service, this new interface
More informationNetWrix Password Manager. Quick Start Guide
NetWrix Password Manager Quick Start Guide Contents Overview... 3 Setup... 3 Deploying the Core Components... 3 System Requirements... 3 Installation... 4 Windows Server 2008 Notes... 4 Upgrade Path...
More informationApplication Note: Integrate Juniper IPSec VPN with Gemalto SA Server. SASolutions@gemalto.com October 2007. www.gemalto.com
Application Note: Integrate Juniper IPSec VPN with Gemalto SA Server SASolutions@gemalto.com October 2007 www.gemalto.com Table of contents Overview... 3 Architecture... 5 Configure Juniper IPSec on an
More informationAdministration Guide. . All right reserved. For more information about Specops Gpupdate and other Specops products, visit www.specopssoft.
. All right reserved. For more information about Specops Gpupdate and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Gpupdate is a trademark owned by Specops Software.
More informationNETWRIX ACCOUNT LOCKOUT EXAMINER
NETWRIX ACCOUNT LOCKOUT EXAMINER ADMINISTRATOR S GUIDE Product Version: 4.1 July 2014. Legal Notice The information in this publication is furnished for information use only, and does not constitute a
More informationCyber-Ark Software. Version 4.5
Cyber-Ark Software One-Click Transfer User Guide The Cyber-Ark Vault Version 4.5 All rights reserved. This document contains information and ideas, which are proprietary to Cyber-Ark Software. No part
More informationInstallation Notes for Outpost Network Security (ONS) version 3.2
Outpost Network Security Installation Notes version 3.2 Page 1 Installation Notes for Outpost Network Security (ONS) version 3.2 Contents Installation Notes for Outpost Network Security (ONS) version 3.2...
More informationHow To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F
External Authentication with Watchguard XTM Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington Business Park
More informationDefender EAP Agent Installation and Configuration Guide
Defender EAP Agent Installation and Configuration Guide Introduction A VPN is an extension of a private network that encompasses links across shared or public networks like the Internet. VPN connections
More informationTufts VPN Client User Guide for Windows
Tufts VPN Client User Guide for Windows Introduction The Tufts Virtual Private Network (VPN) implementation is a service that is provided to the faculty and staff of Tufts University to enable secure access
More informationCitrix Access Gateway Plug-in for Windows User Guide
Citrix Access Gateway Plug-in for Windows User Guide Access Gateway 9.2, Enterprise Edition Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance
More informationRemote Terminal Service (RTS) User Guide (Version 2.1)
Remote Terminal Service (RTS) User Guide (Version 2.1) Page 1 Table of Content Content Page 1 Introduction 3 2 Prerequisite 3 3 Logon Corporate Network via Internet 4 4 Download and Install RTS Client
More informationWD Sentinel DX4000. Small Office Storage Server Administrator s Quick Install Guide
0 WD Sentinel DX4000 Small Office Storage Server Administrator s Quick Install Guide 1 Introduction This quick install guide steps the Administrator through the procedures for setting up the WD Sentinel
More informationStrong Authentication for Cisco ASA 5500 Series
Strong Authentication for Cisco ASA 5500 Series with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard
More informationUser Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream
User Manual Onsight Management Suite Version 5.1 Another Innovation by Librestream Doc #: 400075-06 May 2012 Information in this document is subject to change without notice. Reproduction in any manner
More informationASAS Management Plug-in for MS Active Directory English Only
Authenex ASAS 3.1 ASAS Management Plug-in for MS Active Directory English Only Installation, Configuration & Administration Guide Version 3.1 Authenex, Inc. 1489 Salmon Way, Hayward, CA 94544 Authenex,
More informationConfigure thin client settings locally
This chapter contains information to help you set up your thin client hardware, look and feel, and system settings using the Control Center. Tip While it is not recommended to use dialog boxes for configuring
More informationServer Management 2.0
Server Management 2.0 Installation and Configuration Guide Server Management 2.0 and Higher May 2008 . unisys imagine it. done. Server Management 2.0 Installation and Configuration Guide Server Management
More informationRSA ACE/Agent 5.5 for Windows Installation and Administration Guide
RSA ACE/Agent 5.5 for Windows Installation and Administration Guide Contact Information See our Web sites for regional Customer Support telephone and fax numbers. RSA Security Inc. RSA Security Ireland
More informationWindows Server 2008 R2 Initial Configuration Tasks
Windows Server 2008 R2 Initial Configuration Tasks I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support for the
More informationConfiguring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication
Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these
More informationImplementation Guide for protecting
Implementation Guide for protecting Remote Web Workplace (RWW) Outlook Web Access (OWA) 2003 SharePoint 2003 IIS Web Sites with BlackShield ID Copyright 2010 CRYPTOCard Inc. http:// www.cryptocard.com
More informationRemote Desktop Services User's Guide
Contents Remote Desktop Services Document Revision Control Revision Description Author DATE 1.0 Initial Release Karen M. Hess 3/24/2015 1.1 Added section for viewing mapped drives Karen M. Hess 4/15/2015
More informationSyncLockStatus Evaluator s Guide
SyncLockStatus Evaluator s Guide 2011 Table of Contents Introduction... 2 System Requirements... 2 Required Microsoft Components... 2 Contact Information... 3 SyncLockStatus Architecture... 3 SyncLockStatus
More informationNetworking Best Practices Guide. Version 6.5
Networking Best Practices Guide Version 6.5 Summer 2010 Copyright: 2010, CCH, a Wolters Kluwer business. All rights reserved. Material in this publication may not be reproduced or transmitted in any form
More informationZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management
ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management Problem: The employees of a global enterprise often need to telework. When a sales representative
More informationDell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy
Dell SonicWALL and SecurEnvoy Integration Guide Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationMillbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0
Millbeck Communications Secure Remote Access Service Internet VPN Access to N3 VPN Client Set Up Guide Version 6.0 COPYRIGHT NOTICE Copyright 2013 Millbeck Communications Ltd. All Rights Reserved. Introduction
More informationDeploying Windows Streaming Media Servers NLB Cluster and metasan
Deploying Windows Streaming Media Servers NLB Cluster and metasan Introduction...................................................... 2 Objectives.......................................................
More informationCitrix and Terminal Services Guide SecureLogin 8.1
Citrix and Terminal Services Guide SecureLogin 8.1 September, 2015 www.netiq.com/documentation Legal Notice NetIQ Product Name is protected by United States Patent No(s): nnnnnnnn, nnnnnnnn, nnnnnnnn.
More informationTrueEdit Remote Connection Brief
MicroPress Server Configuration Guide for Remote Applications Date Issued: February 3, 2009 Document Number: 45082597 TrueEdit Remote Connection Brief Background TrueEdit Remote (TER) is actually the same
More informationContents. Platform Compatibility. Directory Connector SonicWALL Directory Services Connector 3.1.7
Directory Connector SonicWALL Directory Services Connector 3.1.7 Contents Platform Compatibility... 1 New Features... 2 Known Issues... 3 Resolved Issues... 4 Overview... 7 About SonicWALL Single Sign-On
More informationConfiguring the Watchguard Edge for RADIUS authentication
Watchguard Edge and the CRYPTOCard CRYPTO-MAS hosted RADIUS authentication service Mark Slater 6 th December 2008 Problem Watchguard introduced RADIUS authentication into their Edge range of firewall appliances
More informationCONNECT-TO-CHOP USER GUIDE
CONNECT-TO-CHOP USER GUIDE VERSION V8 Table of Contents 1 Overview... 3 2 Requirements... 3 2.1 Security... 3 2.2 Computer... 3 2.3 Application... 3 2.3.1 Web Browser... 3 2.3.2 Prerequisites... 3 3 Logon...
More informationUSER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4
USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4 March 2014 TABLE OF CONTENTS Chapter 1 Welcome... 4 Introducing WWPass Security for Email (Outlook)... 5 Supported Outlook Products...
More informationMcAfee One Time Password
McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014 Table of Contents Integration Module Overview... 3 Prerequisites and System
More informationContents. VPN Instructions. VPN Instructions... 1
VPN Instructions Contents VPN Instructions... 1 Download & Install Check Point VPN Software... 2 Connect to FPUA by VPN... 6 Connect to Your Computer... 8 Determine Your Machine Type... 10 Identify 32-bit
More informationNETWRIX IDENTITY MANAGEMENT SUITE
NETWRIX IDENTITY MANAGEMENT SUITE FEATURES AND REQUIREMENTS Product Version: 3.3 February 2013. Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationSetup and Configuration Guide for Pathways Mobile Estimating
Setup and Configuration Guide for Pathways Mobile Estimating Setup and Configuration Guide for Pathways Mobile Estimating Copyright 2008 by CCC Information Services Inc. All rights reserved. No part of
More informationHOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services
HOTPin Integration Guide: Microsoft Office 365 with Active Directory Federated Services Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided
More informationExternal Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 Merlin House Brunel Road Theale Reading
More informationInstallation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.
. All right reserved. For more information about Specops Deploy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Deploy is a trademark owned by Specops Software. All
More informationExternal Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy
External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210 Parkview Arlington
More information