Configuration with Group Policy

Digipass Authentication for Windows Logon includes Administrative Templates that provide policy information to configure Digipass Authentication for Windows Logon software for all or only a group of computers and users in a domain.

This section gives a brief overview of how to use Administrative Templates to manage a registry-based policy. For more information, refer to the Windows Server Group Policy documentation on Microsoft TechNet (technet.microsoft.com).

Before you begin

To complete the following procedure, you need to be logged on with a user account with administrator privileges or an account that has Edit setting permission to edit a Group Policy Object (GPO).

Settings configured via Group Policy take precedence over settings configured via Digipass Authentication for Windows Logon Configuration Center.

Configure Digipass Authentication for Windows Logon via Group Policy

To configure Digipass Authentication for Windows Logon via Group Policy

1. Start Group Policy Management by entering gpmc.msc in a command prompt.
2. To create a new Group Policy Object:
   1. Select the domain or organizational unit for which you want to set a Group Policy in the Group Policy management tree.
   2. Select Create a GPO in this domain, and Link it here... from the context menu.
      

      Configuring DAWL via Group Policy (1) - Group Policy Management

   3. Enter a name for the new Group Policy Object.
3. Select the relevant Group Policy Object in the tree.

   Ensure the Group Policy Object is associated with the domain, site, or organizational unit whose users will be affected by the policy.

4. Select Edit... from the context menu.

   The Group Policy Object Editor is displayed.

   

   Configuring DAWL via Group Policy (2) - Group Policy Object Editor

5. Navigate to Computer Configuration > Policies > Administrative Templates > OneSpan > Digipass Authentication for Windows Logon in the Group Policy Object tree and use the right pane to configure the software settings.

   If the OneSpan > Digipass Authentication for Windows Logon branch does not exist in the Group Policy Object tree, verify that the Group Policy Administrative Templates file (DAWL.admx) is in the correct directory.

6. Close Group Policy Object Editor when you have finished configuring the Group Policy Object.

Additional considerations

• If you want to use domain Group Policy, but do not want to install Digipass Authentication for Windows Logon on the domain controller, you can just copy the Administrative Templates to the relevant directories. The plain Administrative Templates are on the OneSpan Authentication Server product CD in the Digipass Authentication for Windows Logon Group Policy folder.

  Copy DAWL.admx and en-US\DAWL.adml to %systemroot%\PolicyDefinitions.

• If you use Digipass Authentication for Windows Logon in an environment without a domain controller, you can use Local Group Policy Editor to configure Digipass Authentication for Windows Logon via Group Policy. To start Local Group Policy Editor, open a command prompt and type gpedit.msc.