Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Enterprise Single Sign-On 8.0.6 - Advanced Login for Windows User Guide

Table of Contents

1.1 Advanced Login Usage 1.2 Advanced Login Functionalities 1.3 Operating Modes 1.4 Welcome Screen

2 Logging on to Windows

2.1 Logging on to Windows with Your User Name and Password 2.2 Logging on to Windows with Your Smart Card

2.2.1 Logging on with a Smart Card Containing Account Data 2.2.2 Logging on with a Blank Smart Card 2.2.3 Logging on Through Prim'X Cryhod (Windows 7/2008 only) 2.2.4 Enrolling a New Account on a Smart Card (Windows 7/2008 Only)

2.3 Logging on to Windows with Your Fingers

2.3.1 First Log on 2.3.2 Everyday Log on

2.3.2.1 Store on PC Mode 2.3.2.2 Store on Smart Card Mode (Windows XP/2003 only) 2.3.2.3 Store on Server Mode

2.4 Logging on to Windows with Your RFID Badge

2.4.1 First Log on 2.4.2 First Log on with Your Smart Card 2.4.3 Everyday Log on 2.4.4 Logging on Through Citrix/TSE 2.4.5 Logging out

2.5 Logging on to Windows with Your OTP (One Time Password) 2.6 Logging on to Windows by Answering Questions 2.8 Logging on a Workstation Locked by Someone Else (Windows 7/2008 only) 2.9 Logging on to Windows using Autologon

2.9.1 Logging on with Microsoft Autologon 2.9.2 Logging on with Advanced Login Autologon

2.10 Forcing Cache Update at Logon

3 Locking/Unlocking Your Windows Session

3.1 Locking Your Session 3.2 Unlocking Your Session

3.2.1 Standard Unlocking 3.2.2 Transparent Unlocking

4 Switching Users Without Logging Off Windows (Fast User Switching) 5 Displaying Session Information (Windows XP/2003 only) 6 Shutting Down Your Workstation (Windows XP/2003 only) 7 Managing Your Password or PIN

7.1 Modifying Your Password 7.2 Modifying Your PIN 7.3 Resetting Your Password or PIN by Answering a Series of Personal Questions

7.3.1 Initializing the Self Service Password Request Feature 7.3.2 Resetting Your Password Upon Session Opening 7.3.3 Resetting Your PIN

8 Managing the Unblocking of Your Smart Card

8.1 Providing the Unblocking PIN of Your Smart Card 8.2 Unblocking Your Smart Card

8.2.1 Unblocking Your Smart Card if you have Provided Your PUK 8.2.2 Unblocking Your Smart Card if you Have not Provided Your PUK

9 Managing Your Windows Session Accounts

9.1 Creating a Windows Session Account 9.2 Deleting a Windows Session Account 9.3 Delegating a Windows Session Account 9.4 Removing a Windows Session Account Delegation

10 Managing Primary Accounts on Your Smart Card 11 Renewing your Smart Card Certificate(s) 12 Managing a Cluster from Your Workstation

12.1 Creating and Configuring your Cluster

12.1.1 Managing the Cluster Composition

12.1.1.1 Attaching a Workstation to Your Cluster 12.1.1.2 Releasing a Workstation from Your Cluster

12.1.2 Renaming Your Workstation

12.1.2.1 Setting an Alias 12.1.2.2 Modifying an Alias 12.1.2.3 Deleting an Alias

12.2 Executing Maintenance Operations on Your cluster

12.2.1 Removing Temporarily a Workstation from the Cluster 12.2.2 Rebooting Your Cluster 12.2.3 Refreshing the Displayed Data

13 Managing Session Delegation

13.1 Configuring Session Delegation

13.1.1 Configuring Session Delegation in a Cluster

13.1.1.1 Setting a Temporary Session Delegation 13.1.1.2 Ending a Temporary Session Delegation 13.1.1.3 Setting a Permanent Session Delegation 13.1.1.4 Ending a Permanent Session Delegation

13.1.2 Configuring Session Delegation Outside a Cluster

13.1.2.1 Setting a Session Delegation 13.1.2.2 Ending a Session Delegation

13.2 Accessing a Colleague's Workstation

13.2.1 Accessing a Colleague's Workstation in a Cluster

13.2.1.1 Taking Control over Another Workstation 13.2.1.2 Ending the Control over a Workstation

13.2.2 Accessing a Colleague's Workstation Outside a Cluster

13.2.2.1 Taking Control over Another Workstation 13.2.2.2 Ending the Control over a Workstation

14 Deleting Your Roaming Session 15 Logging on as an Administrator on a User Session

15.1 Logging on a User Session with Your Smart Card: 'Administrator Grace Period' (Windows 7/2008 only) 15.3 Running a Process on a User Session

15.3.1 Running a Process Using Your Smart Card 15.3.2 Running a Process Using Your OTP 15.3.3 Restarting and Running SSOWatch with Your own Credentials

Appendix A: Advanced Login Registry Keys

A.1 Autologon A.2 Biometrics A.3 Password Management A.4 RFID A.5 Roaming Session A.6 Smart Card A.7 User Access

Appendix B: Integrating Quest ESSO with Prim'X Cryhod

B.1 Configuring the Integration B.2 Customizing the Integration B.3 Cryhod Log Files

A.1 Autologon

AutoLogonUserLogin

Scope	Quest ESSO client
Description
Type	REG_SZ
Values	User name with domain (<Domain_name>\<user_name>).
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

AutoLogonUserPassword

Scope	Quest ESSO client
Description
Type	REG_SZ
Values	User password.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

Scope	Quest ESSO client
Description	Configures the autologon to be executed after a closed session.
Type	REG_DWORD
Values	0: the session is not automatically re-opened. 1: the session is automatically re-opened with the same user. If you keep the Shift key pressed during the logon sequence, the automatic logon is interrupted and you can authenticate yourself with a smart card or biometric data to open the Windows session as another user. You cannot authenticate yourself with a password; indeed when you press the Ctrl+Alt+Del keys, the automatic logon resumes and the session is re-opened with user configured for autologon.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

A.2 Biometrics

BioAutoValidate

Scope	Quest ESSO client
Description	Store on PC mode only. Enables/disables the automatic validation upon fingerprint authentication.
Type	REG_DWORD
Values	0: disabled. 1: enabled.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

Scope	Quest ESSO client
Description	Biometric False Accepted Rate.
Type	REG_DWORD
Values	Default value: 20000. (means that the probability that a wrong fingerprint passes is 1/20000.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

BiometricMaxEnrolledUsers

Scope	Quest ESSO client
Description	Store on PC mode only. Maximum number of users that can be enrolled on the workstation. If the maximum number is exceeded, the oldest enrolled user is deleted.
Type	REG_DWORD
Values	Default value: 20.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

CheckEnrollment

Scope	Quest ESSO client
Description	After the biometric templates have been saved, the user is asked to perform a biometric authentication to check the biometric template and to create the biometric authentication cache. If the user cancels the authentication, the biometric authentication cache is not created. This key is set on all workstations where the biometric enrollment tool is installed.
Type	REG_DWORD
Values	0 (default): the user does not authenticate himself. 1: the user must authenticate himself to create the cache file.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

DisableBeepOnBioEvent

Scope	Quest ESSO client
Description	Every time a swipe event is detected by the biometric middleware, a message appears and a beep occurs.
Type	REG_DWORD
Values	0 (default): beep is enabled. 1: beep is disabled.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

Scope	Quest ESSO client
Description	Displays the biometric enrollment tool only once for the user. If he/she cancels the enrollment, the biometric enrollment tool is not proposed anymore.
Type	REG_DWORD
Values	0 (default): the biometric enrollment tool is proposed each time the user starts his Windows session. 1: the biometric enrollment tool is proposed only once. Then password authentication is proposed by default.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork

A.3 Password Management

ForcePasswordChangeAfterSSPR

Scope	Quest ESSO client
Description	The must change password at next connection option is always enabled when users reset a password through the SSPR process. This key must be set on the workstations where the SSPR process is running. This key has no effect if no SSPR process is installed.
Type	REG_DWORD
Values	0: option disabled. 1: option enabled.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork

ShowPasswordFormatHelper

Scope	Quest ESSO client
Description	Displays or hides the password format wizard to help the user change his password.
Type	REG_DWORD
Values	0: option disabled. 1 (default): option enabled.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

WorkStationAccountRandomNPGP

Scope	Quest ESSO client
Description	Available with any supported LDAP directory except Active Directory. In this type of architecture, Quest ESSO stores users SSO data in another LDAP directory than Active Directory. But the users' accounts are stored in Active Directory and are managed by SSOWatch module of Quest ESSO as secondary accounts. In this configuration, the Windows password must be changed manually by default. This key allows you to configure an automatic password change.
Type	REG_DWORD
Values	0: manual change of Windows password. 1: automatic change of Windows password.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\AdvancedLogin

A.4 RFID

Scope	Quest ESSO client
Description	Forces the RFID authentication behavior.
Type	REG_DWORD
Values	0: default behavior. 1: Passive mode. 2: Active mode.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

RFIDMultiSelfEnrollAllowed

Scope	Quest ESSO Controller
Description	Restricts the self-enrollment of RFID tokens to one token per user.
Type	REG_DWORD
Values	0: restricted to one token per user. 1 (default): no restriction.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

RFIDSelfEnrollAllowed

Scope	Quest ESSO client/Quest ESSO Controller
Description	Forbids or allows the self-enrollment of RFID tokens.
Type	REG_DWORD
Values	0: forbidden. 1 (default): allowed.
Location	HKEY_LOCAL_MACHINE\Software\[Policies\]Enatel\WiseGuard\FrameWork\Authentication

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy