This section describes how to apply registry-based policy settings to servers and user computers running EAM using the Group Policy Management Console. It is intended to system administrators who want to use Group Policy to manage EAM workstations.
|
NOTE: If you are new to Group Policy, it is strongly recommended to read the following documentation before going further: |
You will add to the Administrative Templates extension administrative template files provided by Evidian.
These files allow you to set EAM policy settings pertaining to the registry and distribute them to EAM workstations, in the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Enatel registry key.
|
IMPORTANT: These parameters supersede the local parameters, which are located in HKEY_LOCAL_MACHINE\SOFTWARE\Enatel. |
Windows Server 2008 introduces a new format for displaying registry-based policy settings and uses a new standard-based, XML file format known as ADMX files. These new files replace ADM files; which used their own markup language.
This section covers the procedures for creating GPO using ADMX files.
ADMX files are XML-based administrative template files that were introduced in Windows Vista and Windows Server 2008. They are not compatible with earlier versions of the operating system.
|
NOTE:
|
|
NOTE: As the Domain Controllers are replicated, the files are automatically copied to the other servers. |
|
NOTE: If the GPMC is not installed on your domain controller, open an elevated command prompt and type ServerManagercmd -install gpmc to install it. |
All the ADMX files located in the PolicyDefinitions folder are automatically read.
The EAM administrative template allows you to configure registry entries taking action on the following modules:
The following tables describe briefly each parameter of the ADMX file.
|
NOTE: The following tables list the entirety of the parameters, regardless of the file extension (ADMX). Entries are not relevant to admx files. |
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\SSOWatch\CommonConfig
Value Name |
Value Type |
Description/ Default Value |
LCID |
DWORD |
User interface language.
|
AllowSmartCard |
DWORD |
Time in second before locking Enterprise SSO. It concerns only smart card authentication. |
DontUseSmartCard |
DWORD |
If the value is set to 1, Enterprise SSO stores the user primary password in the directory to use it for SSO. This way, the smart card logon is ignored. |
HLL API plug-in global configuration parameters. For more information, see Enterprise SSO - Guide de l'administrateur).
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\SSOWatch\HllAPI
Value Name |
Value Type |
Description/ Default Value |
EnableMultiEmulator |
DWORD |
Enterprise SSO starts the HllAPI plug-in with several emulators, specified in the n value. n: number of emulators. |
HllEntryPoint |
String |
DLL entry point. |
HLLAPI-32bit |
DWORD |
Specifies that the application using HLLAPI is a 32-bit or a 16-bit application.
|
HllLibrary |
String |
Name of the .dll file that corresponds to the HLLAPI plug-in. Default: PCSHLL32.dll |
IgnoreWindows |
DWORD |
The HLLAPI library returns or not Windows handles.
|
|
NOTE: The HLLAPI plugin also exists in 64-bit version. To make it interact with 32-bit applications, install the ESSOHLLAPI.msi and VCRedist_x86.msi packages. |
Authentication Manager Parameters
This parameter is located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\AdvancedLogin
Value Name |
Value Type |
Description/ Default Value |
BioAutoValidate |
DWORD |
Automatic validation upon fingerprint authentication:
|
This parameter is located in:
Value Name |
Value Type |
Description/ Default Value |
UnlockWithWindowsAccount |
DWORD |
Unlocking a Smart Card session with Windows credentials.
|
DisplayAuthMethodIcon |
DWORD |
Displaying authentication method icon in the Session Unlocking window.
|
EAM installation type.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\Config
Value Name |
Value Type |
Description/ Default Value | ||
ManageAccessPoints |
DWORD |
Access point management:
For more information on access point management see One Identity EAM Console - Guide de l'administrateur). | ||
RegisterSoftware |
DWORD |
Management of software module objects in the directory:
|
Parameters to deploy a domain account for EAM to do LDAP requests. For more information, see Deploying a Workstation LDAP User Account.
This parameter is located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\FmkServer
Value Name |
Value Type |
Description/ Default Value |
AccessPointLdap |
String |
Access Point LDAP account. This value is ciphered. |
Security Directory
Configuration of the EAM security database.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\Directory
Value Name |
Value Type |
Description/ Default Value | ||
BlobCompression |
DWORD |
Enables binary data compression:
| ||
DirectoryType |
DWORD |
User database or directory:
| ||
DirectoryUsage |
DWORD |
Security database storage mode:
| ||
PossibleDomains |
String |
Authorized NetBios windows domains list separated by space. Only for Active Directory and AD LDS. By default the EAM solution considers that all Windows domains defined on the station are managed by the solution. If it is not the case, the key must be set to indicate the list of the configured domains.
| ||
EnterpriseUser |
DWORD |
Security data location: 0: store EAM data in enterprise Directory (default). 1: store EAM data in another Directory or Naming Context.
| ||
SSL |
DWORD |
SSL:
| ||
LdapAuthMethod |
DWORD |
Authentication method:
| ||
TLS |
DWORD |
TLS:
| ||
TLSDemand |
DWORD |
TLS demand:
| ||
ServerList |
String |
List of servers.
| ||
RootLdapDN |
String |
Root object DN.
| ||
SearchResultSize |
DWORD |
Maximum number of elements returned by request:
| ||
UserSearchFilter |
String |
Attributes used by search request for the delegation. ldapAttName=Label,… Example: UserPrincipalName=Label,... | ||
AccessResolutionByGroups |
DWORD |
Authorization of access request on groups:
| ||
AccessResolutionByUO |
DWORD |
Authorization of access request on organizational units:
| ||
AccessResolutionByGroupOfGroups |
DWORD |
Authorization access request on groups of groups:
| ||
LdapAPIDir |
String |
LDAP library binaries location path. | ||
MustChange |
DWORD |
Password must be changed on Windows (useful if a synchronization takes place):
| ||
ExtendedGroup |
DWORD |
Support of special type of groups for SAMBA integration:
| ||
CorporateComputer |
DWORD |
Integration of corporate computer objects as SAMBA computers:
|
Secondary Security Directory or Naming Context
Configuration of two directories to separate the EAM data from your identities repository. For more information, see Separation of the EAM Data.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\WGDirectory
Value Name |
Value Type |
Description/ Default Value | ||
DirectoryType |
DWORD |
Secondary security directory or LDAP naming context where security data are not stored in the user Directory:
| ||
LdapAuthMethod |
DWORD |
Authentication method:
| ||
TLS |
DWORD |
TLS:
| ||
TLSDemand |
DWORD |
TLS demand:
| ||
ServerList |
String |
List of servers.
| ||
RootLdapDN |
String |
Root object DN.
|
Authentication
List of the authorized authentication methods.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\Framework\Authentication
Value Name |
Value Type |
Description/ Default Value |
LogonIntegrated |
DWORD |
Integrated Windows authentication:
|
CacheSynchro |
DWORD |
SSO account synchronization after login:
|
WaitBeforeLogon |
DWORD |
Time to wait before activation user shell (only in "stub" mode):
|
ManualPwdChangeMandatory |
DWORD |
In case the manual password change policy detects expiration date of the password when the user authenticates offline, this option can force the user to authenticate when the directory is available again, so that he/she can manually change his/her directory password.
|
Single Sign-On
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\SingleSignOn
Value Name |
Value Type |
Description/ Default Value |
SyncTokenAnd |
DWORD |
Enables the SSO keys synchronization: if the user AD password has been modified with another tool than EAM, the user SSO data cannot be deciphered with the new AD password when the user authenticates on the workstation.
|
Audit / Log
Tuning and customizing of the EAM log.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\Audit
Value Name |
Value Type |
Description/ Default Value |
QueueSize |
DWORD |
Audit buffer size:
|
QueueFlushTimeOut |
DWORD |
Time interval between buffer flush (in minutes):
|
CustomExtension |
String |
DLL of audit extension. |
Network Cache
Activation and performance tuning of the EAM network cache.
These parameters are located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\Cache
Value Name |
Value Type |
Description/ Default Value | ||
CacheDir |
String |
Cache files location.
| ||
SynchronizeOnLDAP |
DWORD |
Synchronization of SSO accounts cache when directory is available:
|
Directory Network Services (DNS)
Deactivation of the reverse DNS resolution. If the DNS server is slow, retrieving the name of a connection workstation can take a few seconds. This will slow down authentication.
This parameters is located in:
HKLM\SOFTWARE\Policies\Enatel\WiseGuard\FrameWork\Network
Value Name |
Value Type |
Description/ Default Value |
DisableReverseDns |
DWORD |
Disable reverse DNS usage:
|
LDAP Directory Server List
An exhaustive list of LDAP Directory servers potentially used by EAM. This parameter must contain a sublist of the existing LDAP Directory servers. Without this list, EAM can connect to any LDAP Directory server available in the domain.
This parameter is located in one of the following directories:
Value Name |
Value Type |
Description/ Default Value |
ServerList |
REG_SZ |
Comma separated list of LDAP directory servers. |
LDAP Directory Server List Ordering
Successively try to connect to the LDAP Directory servers according to the above list, or in a random order.
This parameters is located in:
HKLM\SOFTWARE\Enatel\WiseGuard\FrameWork\Directory
Value Name |
Value Type |
Description/ Default Value |
FollowServerListOrder |
DWORD |
Disable LDAP Server list randomization:
|
This section describes the parameters that can be used when installing EAM MSI packages in silent mode.
|
IMPORTANT: The (silent) installation of MSI packages does not include the configuration of the computer. |
Silent installation can be performed through the msiexec command, which is part of the Microsoft Windows Installer. For more details, refer to Windows Installer Microsoft documentation.
This section explains how to silently install the following elements:
To perform a silent installation of an MSI package, you can use one of the following method:
This method is strongly recommended, when available.
These properties facilitate the installation or upgrade of already installed MSI packages, according to the operating system: when MODULES and/or TRANSLATIONS properties are used when installing MSI package, the mandatory and hidden MSI features are automatically selected according to the operating system.
These properties must be used with INSTALLMODE=Custom parameter and must not be used with ADDLOCAL parameter.
Each feature can be added as values of this property.
Make sure you have the Microsoft Windows Installer version 3.0 (or later version).
The Microsoft Visual Microsoft Visual C++ 2012 Update 4 runtime libraries are delivered as a separate MSI package: the VCRedist_x86.msi (or the VCRedist_x64.msi for x64 platforms).
The installation of this MSI package is a prerequisite to the installation of any EAM software module. It must be installed once on each workstation and does not need to be updated.
In the ADDLOCAL property of the msiexec command, add the wanted feature name (see "Feature Name" column in the following Features table):
Use ADDLOCAL=CRT_WinSXS or ADDLOCAL=ALL msiexec parameters
The VCRedist_x86.msi (or the VCRedist_x64.msi for x64 platforms) contains the following selectable features:
Feature Name |
Description |
CRT_WinSXS |
Studio 2012 Update 4 Redistributable. |
The ESSOController.msi gathers all software modules required to install an EAM Controller.
|
IMPORTANT: This package does not include the configuration of the computer. |
In the ADDLOCAL property of the msiexec command, add the wanted feature names (see "Feature Name" column in the following Features table).
|
IMPORTANT: It is mandatory to select the parent feature in order to select a sub-feature. For example, it is necessary to select the Translation feature to select the german feature. |
In the MODULES property of the msiexec command, add the short name of the wanted features (see "Short Name" column in the following Features table).
In the TRANSLATIONS property of the msiexec command, add the short name of the wanted languages.
|
IMPORTANT: In this case, the ADDLOCAL parameter must not be used. |
The following command line installs the EAM Controller with EAM Console without RFID, with all required hidden/mandatory MSI features:
msiexec /qn /l*v <pathToLogFile> /i <pathToESSOController.MSI> /qn /norestart INSTALLMODE=Custom /PASSIVE MODULES=CSL TRANSLATIONS=DE
The following table gives the list of features that can be selected to perform a silent installation of EAM Controller.
|
NOTE: Feature and short names are case sensitive. |
Feature/Sub-feature Name |
Short Name |
Description | ||
WGSS |
- |
Mandatory feature. EAM middleware. | ||
WGSSServer |
- |
Mandatory feature. | ||
|
ESSO_Console |
CSL |
EAM administration Console. | |
Translations |
- |
Localized resources of EAM software modules. English resources are always installed. | ||
|
german |
DE |
The German translated resources for EAM Controller software. | |
arabic |
AR |
The Arabic translated resources for EAM Controller software. | ||
japanese |
JP |
Needs a specific license. | ||
french |
FR |
The French translated resources for EAM Controller software. | ||
italian |
IT |
The Italian translated resources for EAM Controller software. | ||
spanish |
ES |
The Spanish translated resources for EAM Controller software. | ||
dutch |
NL |
The Dutch translated resources for EAM Controller software. | ||
russian |
RU |
The Russian translated resources for EAM Controller software. | ||
finnish |
FI |
The Finnish translated resources for EAM Controller software. | ||
swedish |
SV |
The Swedish translated resources for EAM Controller software. | ||
The ESSOAgent.msi gathers all software modules that may be installed on a user’s workstation.
|
IMPORTANT: This package does not include the configuration of the workstation. |
In the ADDLOCAL property of the msiexec command, add the wanted feature names (see "Feature Name" column in the following Features table).
|
IMPORTANT: It is mandatory to select the parent feature in order to select a sub-feature. To select the SSOJava feature it is necessary to select the SSOWatch feature. |
The following command line installs the EAM Client with Authentication Manager, EAM Console without RFID management, Enterprise SSO with Personal SSO Studio and Enterprise SSO Studio and the Java plug-in, along with German resources (with all required hidden/mandatory MSI features):
msiexec /qn /l*v <pathToLogFile> /i <pathToESSOAgent.MSI> /norestart /PASSIVE ADDLOCAL=WGSS,EssoErrors,Advanced_Login,Gina_NTWG_Gina,WG_Safe_Gina,ESSO_Console,SSOWatch,SSOJava,Studio_Enterprise,Studio_Personal,translations,german
msiexec /qn /l*v <pathToLogFile> /i <pathToESSOAgent.MSI> /norestart /PASSIVE ADDLOCAL=WGSS,EssoErrors,Sens,Advanced_Login,
VistaCP,WGSens,ESSO_Console,SSOWatch,SSOJava,
Studio_Enterprise,Studio_Personal,translations,german,
devista
|
IMPORTANT: In this case, the ADDLOCAL parameter must not be used. |
The following command line installs the EAM Client with Authentication Manager, EAM Console without RFID management, Enterprise SSO with Personal SSO Studio and Enterprise SSO Studio and the Java plug-in, along with German resources (with all required hidden/mandatory MSI features):
msiexec /qn /l*v <pathToLogFile> /i <pathToESSOAgent.MSI> /norestart INSTALLMODE=Custom /PASSIVE MODULES=ADL,CSL,SSO,SSOJAVA,SSOENT,SSOPER TRANSLATIONS=DE
The following table gives the list of features that can be selected to perform a silent installation of EAM Client.
|
IMPORTANT: It is mandatory to select the parent feature in order to select a sub-feature. Examples: To select the SSOJava feature it is necessary to select the SSOWatch feature. |
|
NOTE: Feature and short names are case sensitive. |
Feature/Sub-feature Name |
Short Name |
Description | ||
WGSS |
- |
Mandatory feature. | ||
|
EssoErrors |
- |
Mandatory feature. | |
Sens |
- |
Mandatory feature on Windows 7 (and above), Windows Server 2008 (and above). | ||
UAVC |
- |
Mandatory feature. | ||
WGSSServer |
- |
Mandatory feature when installing on an EAM Controller. | ||
Advanced_Login |
ADL |
Authentication Manager, which secures access to the workstation. | ||
|
Gina_NT |
- |
Required up to Windows XP and 2003. | |
|
WG_Gina |
- |
Required up to Windows XP and 2003. | |
WG_Safe_Gina |
- |
Required up to Windows XP and 2003. | ||
VistaCP |
- |
Required on Windows 7 (and above), Windows Server 2008 (and above). Select its sub-feature. | ||
|
WGSens |
|
Required on Windows 7 (and above), Windows Server 2008 (and above). | |
|
PwdTile |
PWD |
Allow password authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
TokenTile |
TOKEN |
Allow smart card authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
RfidTile |
RFIDTILE |
Allow contact-less badge authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
BioTile |
BIO |
Allow biometrics authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
MobileTile |
MOBILE |
Allow mobile phone authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
SsprTile |
SSPR |
Allow SSPR and Q&A authentication. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
|
ClusterTile |
CLUSTER |
Allow transparent locking and Cluster automatic logging. Valid for Windows 7 (and above), Windows Server 2008 (and above). | |
SSOWatch |
SSO |
Evidian Enterprise SSO, which provides Single Sign On to applications. | ||
|
BioEnroll |
SSOBIO |
Enables users to enroll their biometrics authentication data. | |
WindowsStub |
SSOWIN |
Automatically opens Enterprise SSO with user's Windows credentials if Authentication Manager is not installed. | ||
|
GinaStub |
- |
Required up to Windows XP and 2003. | |
VistaWrapper |
- |
Required on Windows 7 (and above), Windows Server 2008 (and above). | ||
IEPLUGIN |
SSOIE |
Obsolete Internet Explorer plug-in (with BHO). | ||
SSOJava |
SSOJAVA |
Provides Single Sign On to Java applications and applets. | ||
Studio_Personal |
SSOPER |
Personal SSO Studio, which allows end-users to enable SSO on their applications. | ||
Studio_Enterprise |
SSOENT |
Enterprise SSO Studio, which is the SSO configuration management tool. | ||
SSOFUS |
SSOFUS |
Public Access Fast User Switching for the free-access to Windows sessions if neither Authentication Manager nor WindowsStub are installed. | ||
|
BIOFUS |
BIOFUS |
Multi-User Desktop, if neither Authentication Manager nor WindowsStub are installed. | |
|
FUS_sessionmgr |
|
A customizable extension DLL dedicated to Fast User Switching. | |
ESSO_Console |
CSL |
EAM administration Console. | ||
translations |
- |
Localized resources of EAM software modules. English resources are always installed. | ||
|
german |
DE |
The German translated resources for EAM Client software. | |
|
devista |
- |
Additional German resources for Windows 7 (and above), Windows Server 2008 (and above). | |
arabic |
AR |
The Arabic translated resources for EAM Client software. | ||
|
arvista |
- |
Additional Arabic resources for Windows 7 (and above), Windows Server 2008 (and above). | |
japanese |
JP |
Needs a specific license. | ||
|
jpvista |
- |
Additional Japanese resources for Windows 7 (and above), Windows Server 2008 (and above). | |
french |
FR |
The French translated resources for EAM Client software. | ||
|
frvista |
- |
Additional French resources for Windows 7 (and above), Windows Server 2008 (and above). | |
italian |
IT |
The Italian translated resources for EAM Client software. | ||
|
itvista |
- |
Additional Italian resources for Windows 7 (and above), Windows Server 2008 (and above). | |
spanish |
ES |
The Spanish translated resources for EAM Client software. | ||
|
esvista |
- |
Additional Spanish resources for Windows 7 (and above), Windows Server 2008 (and above). | |
russian |
RU |
The Russian translated resources for EAM Client software. | ||
|
ruvista |
- |
Additional Russian resources for Windows 7 (and above), Windows Server 2008 (and above). | |
dutch |
NL |
The Dutch translated resources for EAM Client software. | ||
|
nlvista |
- |
Additional Dutch resources for Windows 7 (and above), Windows Server 2008 (and above). | |
|
finnish |
FI |
The Finnish translated resources for EAM Client software. | |
|
fivista |
- |
Additional Finnish resources for Windows 7 (and above), Windows Server 2008 (and above). | |
swedish |
SV |
The Swedish translated resources for EAM Client software. | ||
|
svvista |
- |
Additional Swedish resources for Windows 7 (and above), Windows Server 2008 (and above). | |
To install the Cloud Enterprise SSO Engine package in silent mode, you need to install all the related features, such as: ADDLOCAL=ALL
To initialize the Cloud Enterprise SSO Engine with a:
Windows Installer command line:
MSIEXEC.EXE /I ESSOCloud.msi ADDLOCAL="ALL" CLOUDSERVER="https://my.esso.cloud.server:9765/" CLOUDCAFILE="c:\\TrustedCA\\CloudCA.pem" /qn
The ESSOWebServer.msi gathers all software modules that may be installed on a web server.
The silent installation can only be used for updating the web server: the MSI does not include the Apache server installation, which is a prerequisite for the Self-Service Password Reset and the EAM API.
|
IMPORTANT: This package does not include the configuration of the computer. |
In the ADDLOCAL property of the msiexec command, add the wanted feature names (see "Feature Name" column in the following Features table).
|
IMPORTANT: It is mandatory to select the parent feature in order to select a subfeature. |
In the MODULES property of the msiexec command, add the short name of the wanted features (see "Short Name" column in the following Features table).
In the TRANSLATIONS property of the msiexec command, add the short name of the wanted languages.
|
IMPORTANT:In this case, the ADDLOCAL parameter must not be used. |
The following command line installs the EAM Self-Service for Password Reset (with all required hidden/mandatory MSI features):
msiexec /qn /l*v <pathToLogFile> /i <pathToESSOWebServer.MSI> /qn /norestart INSTALLMODE=Custom /PASSIVE MODULES=SSPR
The following table gives the list of features that can be selected to perform a silent installation of EAM Client.
|
NOTE: Feature and short names are case sensitive. |
Feature name |
Short Name |
Description | ||
WEB |
- |
Optional feature. | ||
WGSSSERVER |
- |
Mandatory feature when installing on an EAM Controller. | ||
ESSO_WGAPI |
- |
Mandatory feature. | ||
APACHE_WEB |
- |
Installs EAM Web Portal in Apache Web Server. | ||
|
ESSO_SSPR |
SSPR |
EAM Self Service for Password Request. | |
ESSO_SSAP |
SSAP |
EAM Self-Service for Administration Portal. | ||
ESSO_WSAPI |
WSAPI |
EAM API Web Service. | ||
IIS_Web |
- |
Installs EAM as an IIS site. |
The HLLAPI Wrapper is delivered as a separate MSI package: ESSOHllAPI.msi, located in the ESSO.x64\Install folder of the installation packages.
|
IMPORTANT:The following procedure must be performed to run the HLLAPI plugin with 32-bit emulators only. |
In the ADDLOCAL property of the msiexec command, add the feature HllAPIWrapper feature (single and mandatory feature).
|
NOTE: The MODULES property of the msiexec command is not supported. |
You can customize EAM security to fit your security needs by reading the following sections.
By default, the connection to the Active Directory is not encrypted as the sensitive data transmitted through this channel is already encrypted.
However, you can activate the encryption of the LDAP connection by setting the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\
Directory\GSSEncryption DWORD 1
By default, all the services are activated on a EAM controller, including the Web Service:
If you are not using this Web Service, you should deactivate it by clearing the corresponding check box (Directory Panel > Access Point (EAM Controller) > Configuration tab).
By default, the connection between the client workstation and the controller is SSPI-encrypted. However, you can use an alternate encryption method by setting the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\
FmkServer\DontUseSSPIWithServer DWORD 1
Once it is set, you can obtain an AES 128 encryption.
You can customize EAM to fit your performance needs by reading the following section.
When the primary account is stored, the following additional parameters are also stored:
You can save some space in the Active Directory by setting the following registry value:
HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\WiseGuard\FrameWork\
SingleSignOn\CleanWindowsParam REG_DWORD 1
This value deletes the additional parameters which are now stored only when a delegation using the primary account has been activated.
To diagnose unexpected results from an installation program, you can activate traces as described in the following procedure.
Value Type |
Value Name |
Value | ||||
String |
TraceDir |
Location of the trace files (C:\Traces for example) | ||||
DWORD |
TraceLevel |
Enter a value between 0 and 5:
| ||||
DWORD |
MaxFileSize |
Maximum size in KB of the trace files. | ||||
DWORD |
LimitedLogFiles |
2 by default. Maximum number of trace files (enter a value between 2 and 10). | ||||
DWORD |
TraceDurationHours |
The number of hours that must be covered by the trace files. 0 (default): disabled. non-null value: enabled. When the current trace file for a given process reaches the MaxFileSize, the first trace file is identified for this process that was the last to be modified before the last TraceDurationHours hours:
|
Value Type |
Value Name |
Value |
String |
TraceDir |
Location of the trace files (C:\TracesRP for example) |
When the user log on his/her workstation, the following trace files are created in the specified directory:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy