Defender Desktop Login Installation and Configuration Guide

Similar documents
SafeWord Domain Login Agent Step-by-Step Guide

Defender EAP Agent Installation and Configuration Guide

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Defender Token Deployment System Quick Start Guide

Active Directory Software Deployment

Windows Server Update Services 3.0 SP2 Step By Step Guide

DriveLock Quick Start Guide

How to install and use the File Sharing Outlook Plugin

NetWrix Password Manager. Quick Start Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

4cast Client Specification and Installation

Defender Configuring for Use with GrIDsure Tokens

Password Manager Windows Desktop Client

ENABLE LOGON/LOGOFF AUDITING

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

ACTIVE DIRECTORY DEPLOYMENT

Quick Start Guide. IT Management On-Demand

Linko Software Express Edition Typical Installation Guide

Windows Live Mail Setup Guide

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Quest Soft Token for Windows Phone User Guide

ILTA HANDS ON Securing Windows 7

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

Windows XP Exchange Client Installation Instructions

Guide to Installing BBL Crystal MIND on Windows 7

Video Administration Backup and Restore Procedures

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Interact for Microsoft Office

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Sharpdesk V3.5. Push Installation Guide for system administrator Version

QUANTIFY INSTALLATION GUIDE

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Non-ThinManager Components

GETTING STARTED WITH FLEXI-CLOUD

SARANGSoft WinBackup Business v2.5 Client Installation Guide

Reconfiguring VMware vsphere Update Manager

NovaBACKUP xsp Version 15.0 Upgrade Guide

LAB: Enterprise Single Sign-On Services. Last Saved: 7/17/ :48:00 PM

NetIQ Advanced Authentication Framework - Administrative Tools. Installation Guide. Version 5.1.0

How To Upgrade Your Microsoft SQL Server for Accounting CS Version

SpamTitan Outlook Addin V2.0

Reconfiguring VMware vsphere Update Manager

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

Global VPN Client Getting Started Guide

Deployment of Keepit for Windows

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Automating client deployment

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

MTS Remote Drive Service. Quick Start Guide

8x8 Virtual Office Telephony Interface for Salesforce

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.5

Rogue Wave HostAccess 7.40J Installation Guide... 1

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

ProSystem fx Document

To add Citrix XenApp Client Setup for home PC/Office using the 32bit Windows client.

SELF SERVICE RESET PASSWORD MANAGEMENT GPO DISTRIBUTION GUIDE

SQL Server 2008 R2 Express Edition Installation Guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Quest Soft Token for Windows Mobile User Guide

Windows Clients and GoPrint Print Queues

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Load Bulletin ADP, Inc. Dealer Services 1950 Hassell Road Hoffman Estates, IL

Active Directory Management. Agent Deployment Guide

Universal Management Service 2015

Install Guide for Time Matters and Billing Matters 11.0

Migrating MSDE to Microsoft SQL 2008 R2 Express

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

Web-Access Security Solution

Pearl Echo Installation Checklist

NETWRIX CHANGE NOTIFIER

Embarcadero Performance Center 2.7 Installation Guide

EventTracker: Support to Non English Systems

Software Token. Installation and User Guide MasterCard Proprietary. All rights reserved.

How To Install Outlook Addin On A 32 Bit Computer

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

BankLink Books Clients

IIS, FTP Server and Windows

Sage Peachtree Installation Instructions

Diamond II v2.3 Service Pack 4 Installation Manual

NetIQ Advanced Authentication Framework - Password Filter. Installation Guide. Version 5.1.0

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

NetIQ Advanced Authentication Framework. FIDO U2F Authentication Provider Installation Guide. Version 5.1.0

Design Better Products. SolidWorks SolidWorks Enterprise PDM Installation Guide

MultiSite Manager. Setup Guide

Table of Contents. FleetSoft Installation Guide

Create, Link, or Edit a GPO with Active Directory Users and Computers

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Sophos Anti-Virus for NetApp Storage Systems startup guide

OUTLOOK ADDIN V1.5 ABOUT THE ADDIN

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

Transcription:

Defender Desktop Login Installation and Configuration Guide Defender Desktop Login provides strong, two-factor authentication to protect the user s login page. The Defender Desktop Login software can be used in two ways: using the local Desktop Login Configuration (Defender Desktop Login client only) using Group Policy for centralized administration (the Defender Desktop Login Group Policy and the Defender Desktop Login client are required). Installing the Desktop Login Software on the Local Workstation or Server To install the Desktop Login Software on the local workstation, perform the following steps. 1. Using the Defender Installation CD (Autorun), select the correct Defender Desktop Login link from the Components list (both 32 & 64-bit options are available). The Defender Desktop Login Setup Wizard starts. Please refer to Further Instructions for details of the switches that can be used with the msi installer. 2. On the Welcome screen, select Next.

3. Accept the End-User License Agreement and select Next. 4. Select Next to accept the default destination folder. Alternatively, select Browse to choose a different destination folder, then select Next. 5. On the Configure Desktop Login screen, ensure that Launch configuration tool after install is selected, then select Next to continue. 6. Select Install to begin the installation. 2

7. When the installation is complete, select Finish. 8. Both the Defender Desktop Login Configuration dialog and a warning that you must restart the system to complete the installation will appear at the same time. If Defender Desktop Login Group Policy is being used you may see the following message. Select OK to view the Desktop Login Configuration dialog. 9. If you are not using group policy settings the client must be configured before you restart the server or workstation. 3

Local Desktop Login Configuration In this mode the Desktop Login software uses a local version of the Desktop Login Settings, which must be configured on each computer. The Desktop Login configuration dialog can be modified by running: GinaConfig.exe from C:\Program Files\Quest Software\Defender\Defender Desktop Login. Configure the Desktop Login settings as described below: 1. On the DSS tab, add the details of your Defender Security Server(s) and shared secret that has been configured on the appropriate access node. 2. On the Exclusions tab, configure the groups of users who are required to authenticate, or those who are not required to authenticate. 4

3. On the Offline tab specify how user logons should be handled if the Defender Security Server is not available. 4. On the Options tab choose the required settings, for example, if you want passwords to be remembered, select the Remember user s passwords option. 5

5. Use the Test Authentication tab to confirm that your account will be able to authenticate successfully. 6. The following message is displayed for a user whose account does not require Defender authentication to log on. 7. The following message is displayed for a user whose account requires Defender authentication and the correct token response has been entered in the Passcode field. 8. If the Defender Security Server, configured on the DSS tab, cannot be contacted, the following message is displayed: 9. When the configuration is complete, click OK to save the settings. 6

Centralized Administration (Group Policy) This mode uses a Defender Desktop Login Group Policy to provide the required settings to any computers that are configured to use the policy (and have the Desktop Login Software installed). Installing the Defender Desktop Login Group Policy on a Domain Controller To install the group policy on a domain controller, perform the following steps: 1. Using the Defender Installation CD (Autorun) select the correct Defender Desktop Login Group Policy link from the Components list (both 32 & 64-bit options are available). 2. The Defender Desktop Login Group Policy Setup wizard starts: 3. Select Next. 4. Accept the End-User License Agreement, then select Next. 7

5. To install the files in the default destination folder, select Next. Alternatively, select Browse to choose a different destination, then select Next to continue. 6. Select Install. 7. The Defender Desktop Login Group Policy installation starts. 8

8. On completion of the installation, select Finish. 9

Configuring the Desktop Login Group Policy The Defender Desktop Login Group Policy is configured using the Group Policy Management tool. 1. Open the Group Policy Management dialog. 2. In the Group Policy Management dialog, expand the folder for the required domain, right click Default Domain Policy and select Edit to display the Group Policy Object Editor. 3. Beneath Computer Configuration, select the Defender Desktop Login object to display the Desktop Login Settings in the right hand window. 4. Double click or right click, then select Properties to display the Desktop Login Settings Properties page. 5. On the DSS tab, add the details of your Defender Security Server(s) and the shared secret that has been configured on the access node that will be used for authentications requests. 10

6. On the Exclusions tab configure the users or groups who are required or not required to authenticate as follows a. All Users are Defender authenticated all users will need to authenticate to Defender when logging on to a workstation or server that has the Defender Desktop Login software installed. b. Users in listed groups can logon without Defender authentication with this radio button selected the groups or users listed will be able to logon to the desktop without authenticating to Defender. c. Users in listed groups cannot logon without Defender authentication with this radio button selected the groups or users listed will only be able to logon by using Defender authentication. 7. On the Offline tab, you can configure how logons are handled when the Defender Security Server is not available. a. Logins without the Defender Security Server are disabled if the Defender Security Server is not available, users are not allowed to logon. b. Users may login for a set number of days after the previous login against the Defender Security Server specify the number of days that users may continue to logon after the Defender Security Server becomes unavailable. c. Users have a set number of logins after the previous login against the Defender Security Server specify the number of logins that the user may perform after the Defender Security Server has become unavailable. 11

d. Notify user when offline data is downloaded check this box if the user should be notified when offline data is downloaded. 8. On the Options tab, select the required options. 9. Remember user s passwords with this option selected users Active Directory (AD) passwords will be remembered and the user will not need to enter this during the logon process. Only Defender authentication is required. (The user will be prompted for the AD password on first use). 10. Automatically change user s password as required with this option selected the users AD password will be changed by Defender e.g. if the password has expired. 11. Time to wait for workstation service to be ready (seconds) 12. Credential Provider Filter this option can be used to filter which credentials providers are displayed. 13. The Test Authentication tab should be used to confirm that the authentication settings configured are working correctly. 12

The test will produce one of the following messages: a. The following message will be displayed for a user whose account does not require Defender authentication to log on. b. The following message is displayed for a user whose account requires Defender authentication and the correct token response has been entered in the Passcode field. c. If the Defender Security Server, configured on the DSS tab, cannot be contacted the following message is displayed: 14. When complete, select OK to save the settings. 13

To Check the Resultant Set of Policies When the Desktop Login GPO settings have been created, it is important to check that these appear in the Resultant set of Policies for the domain. 1. In AD Users & Computers, right click the domain that you have configured for the Group Policy, select All Tasks and then Resultant Set of Policy (Planning) to display the Resultant Set of Policy Wizard. 2. Select Skip to the final page of this wizard without collecting additional data and select Next. 3. On the Summary of Selections page, select Next. 4. This completes the procedure. On the final page, select Finish to display the Resultant Set of Policies. 5. Beneath Computer Configuration, select Defender Desktop Login and the Desktop Login Settings object will appear in the right hand window. 6. Double click or right click, then select Properties to display a read-only version of the Desktop Login Settings Properties page. Check these settings to confirm that they match those configured earlier. You can also run the Resultant Set of Policy Wizard for a specific computer or OU. This may be useful if you need to check that a particular computer will use the correct settings. These instructions refer to setting the policy for the domain, but it is also possible to configure the policy for a particular OU, group or individual computer (Group Policy Management). If the Policy is not picked up when logging on to a computer, run either gpudate or gpupdate /force on the DC to refresh the policy listing. 14

Group Policy Login Configuration The Desktop Login configuration dialog can be viewed by running: GinaConfig.exe from C:\Program Files\Quest Software\Defender\Defender Desktop Login. 1. On the DSS tab, the details of your Defender Security Server(s) are displayed. 2. On the Exclusions tab, the configured exclusion method and groups are displayed. 15

3. On the Offline tab the selected option for offline login is displayed. 4. On the Options tab the options related to password management are displayed. 16

5. Use the Test Authentication tab to confirm that your account will be able to authenticate successfully. a. The following message is displayed for a user whose account does not require Defender authentication to log on. b. The following message is displayed for a user whose account requires Defender authentication and the correct token response has been entered in the Passcode field. c. If the Defender Security Server, configured on the DSS tab, cannot be contacted, the following message is displayed: 6. When you have confirmed that authentication is working correctly, select Yes to restart the workstation. 7. When the configuration is complete, click OK to save the settings. 17

Further Instructions To upgrade using the msi installer, run the following command: msiexec /i Defender Desktop Login.msi REINSTALLMODE=vomus REINSTALL=ALL If you do NOT want to install the configuration executable, add the following property to the command line: INSTALLCONFIG=0 If you do NOT want to run the configuration executable add the following property to the command line: RUNCONFIG="" To skip GINA check, add the following property to the command line: SKIPGINACHECK=1 The currently supported GINAs are listed below: MSGINA (Standard Microsoft GINA) DEFGINA (Defender Desktop Login GINA) MYGINA (PassGo SSO GINA) AWGINA (pcanywhere GINA) To remove settings from an old-style (local only) install, add the following property to the command line: UPGRADESETTINGS=0 For instructions on using Microsoft Group Policy to deploy Defender Desktop Login, refer to the guide entitled Deploying Defender Desktop Login using Microsoft Group Policy. 18

Registry Settings group policy settings appear under SOFTWARE\Policies\PassGo Technologies\Defender\Defender GINA local client settings appear under SOFTWARE\PassGo Technologies\Defender\Defender GINA Group policy settings override local settings. All entries that appear are for program use only and should only be modified through the GUI interfaces. 2012 Quest Software, Inc. ALL RIGHTS RESERVED. Quest, Quest Software, the Quest Software logo and Webthority are trademarks and registered trademarks of Quest Software, Inc. in the United States of America and other countries. Other trademarks and registered trademarks are property of their respective owners. 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information