Deployment of Digipass Authentication for Windows Logon with Group Policy

Since Digipass Authentication for Windows Logon uses Windows Installer technology, you can deploy the client software via Group Policy, which is recommended for larger installations.

This section provides a brief overview of how to use Group Policy for software installation and maintenance. For more information, refer to the Windows Server Group Policy documentation on Microsoft TechNet (technet.microsoft.com).

Before you begin

To deploy Digipass Authentication for Windows Logon via Group Policy, you need to copy the relevant setup package (*.msi) to a network share that can be accessed by the domain controller and all client workstations on which you want to install the software. Since the software is installed using a machine account, you need to grant access rights to the network share to all the client workstations, e.g. MYCLIENTMACHINE$.

Software deployment via Group Policy is processed asynchronously in the background, which may require more than one reboot of the client workstations after the software has been configured for deployment. To circumvent this (and require only one reboot), you can enforce synchronous Group Policy processing by enabling the following setting in the Group Policy object applying to the affected clients:

Computer Configuration > Policies > Administrative Templates > System > Logon > Always wait for the network at computer startup and logon

Deploy Digipass Authentication for Windows Logon with Group Policy

To complete the following procedure, you need to use Group Policy Management Console (GPMC).

To deploy Digipass Authentication for Windows Logon via Group Policy

1. On the domain controller, start Group Policy Management by entering gpmc.msc in a command prompt.
2. To create a new Group Policy Object:
   1. Select the domain or organizational unit for which you want to set a Group Policy in the Group Policy management tree.
   2. Select Create a GPO in this domain, and Link it here... from the context menu.
      

      Configuring DAWL via Group Policy (1) - Group Policy Management

   3. Enter a name for the new Group Policy Object.
3. Select the relevant Group Policy Object in the tree.

   Ensure the Group Policy Object is associated with the domain, site, or organizational unit whose users will be affected by the policy.

4. Select Edit... from the context menu.

   The Group Policy Object Editor is displayed.

   

   Configuring DAWL via Group Policy (2) - Group Policy Object Editor

5. Select Computer Configuration > Policies > Software Settings > Software installation in the Policy tree.
   

   Deploying DAWL via Group Policy (1) - Group Policy Management Editor

6. Select New > Package... from the context menu.

   The Open File dialog is displayed.

7. Select the MSI setup package for Digipass Authentication for Windows Logon for the relevant platform.

   The Deploy Software dialog is displayed.

8. Select Assigned.

   The package is added to the software installation list.

Additional considerations

• If you have 32- as well as 64-bit client workstations in your environment, you need to deploy both Digipass Authentication for Windows Logon versions, each package for the relevant platform.
• When deployed via Group Policy, Digipass Authentication for Windows Logon is installed with the default set of features configured for the package.
• The Digipass Authentication for Windows Logon client software is automatically installed the next time the affected client workstations are restarted.
• The Windows credential provider module is initialized before the software is installed. This means that you cannot select Digipass authentication for the initial logon after a deployment restart, although it is already installed. Digipass authentication becomes available after the first logon / logoff.