Advanced Authentication supports the Microsoft policy Interactive logon: Smart card removal behavior, which allows you to select an action on a card event. You can configure it to perform a force log off or lock a user session when a user presents card to the reader.
This section contains the following configurations:
To use LEGIC LM3000 or LEGIC LE-762-1N readers, you must disable the other card plug-ins to avoid conflicts.To do this, perform the following steps:
NOTE:The LEGIC and RF IDeas readers are not supported on Linux and Mac operating systems.
Open the following configuration file for respective OS
In Microsoft Windows, open C:\ProgramData\NetIQ\Device Service\config.properties.
In Linux, open /opt/NetIQ/Device Service/config.properties.
In Apple Mac OS X, for 6.3 Service Pack 1 and newer versions, open /Library/Application\ Support/NetIQ/DeviceService.app/Contents/Resources/config.properties. For prior versions, open /Library/LaunchDaemons/NetIQ/Device Service/config.properties.
Set the preferred parameters based on the card reader:
|
Parameter |
Description |
|---|---|
|
card.omnikeyEnabled |
Used for the omnikey type of readers. The default value is true. Set the value to false to disable the usage of the device. |
|
card.rfideasEnabled |
Used for the RF IDeas readers. The default value is false. Set the value to true to enable the usage of the device. |
|
card.rfideas.productType |
Used for RF IDeas readers. The possible values are prox, sonar, or swipe, or all. You can combine them as prox;sonar;swipe.The default value is prox. |
|
card.rfideas.deviceType |
The possible values are usb, serial, or tcp, or all. You cannot combine them. The default value is usb. |
|
card.forceVirtualChannels |
Used for RF IDeas readers to work in a terminal session. If you set card.forceVirtualChannels to true, the Device Service uses its own mechanism for card redirection through the virtual channels. You must install the Device Service on both the terminal server and terminal client. The default value is false. |
|
card.smarfidEnabled |
Used for the smarfid type of readers. The default value is false. Set the value to true to enable the usage of the device. |
|
card.smarfidManualMode |
Used for the smarfid card behavior. If you set card.smarfidManualMode to false or when the parameter is not available in the config.properties file, the reader’s LED is in blue (read mode) by default and starts to blink when you place a card on the reader. If you set card.smarfidManualMode to true, the reader’s LED is in green (ready mode) by default and does not blink when you place a card on the reader. The reader blinks only if you are in the Login or Unlock screen and Windows Client requests to place a card. You must disable the 1:N functionality to disable auto-waiting of a card for the Login or Unlock screen. For more information about how to disable 1:N, see Disabling 1:N. You must disable the Interactive logon: Smart card removal behavior policy to disable the auto-waiting of a card when a user is logged in. For more information about how to disable Smart card removal behavior policy, see the Microsoft documentation. You can use the feature only for LEGIC readers. |
|
card.smarfidManualBeepEnabled |
Used for generating beeps from a supported LEGIC reader when you put a card on it. The default value of the parameter is false and the beeps are muted. Set card.smarfidManualBeepEnabled to true for this. You can use this option only when the manual mode is enabled (card.smarfidManualMode=true). |
|
card.isCardIdGenerated |
The feature can be used only for LEGIC readers. Used to generate a new card identifier during enrollment. and during each enrollment, the card identifier is not changed. The default value is false. |
|
card.desfireEnabled |
Used for the desfire type of readers. The default value is true. Set the value to false to disable the usage of the device. |
Save the changes.
Restart the Device Service.
You must perform the following configuration steps to ensure that the RF IDeas reader work with the VMware Mac virtual machine.
Add the following lines to the .vmx file of the virtual machine.
usb.generic.allowHID=true usb.generic.allowLastHID=true
For 6.3 Service Pack 1 and newer versions, open /Library/Application\ Support/NetIQ/DeviceService.app/Contents/Resources/config.properties. For prior versions, open /Library/LaunchDaemons/NetIQ/Device Service/config.properties, and set the parameter card.rfideasEnabled to true.
You must perform the following configuration steps to ensure that the RF IDeas reader work with the VMware Windows virtual machine.
Add the following lines to the .vmx file of the virtual machine.
usb.generic.allowHID=true usb.generic.allowLastHID=true
If the above does not achieve the redirection, go to step 2.
Go to the following url: http://kb.vmware.com/kb/1011600.
The VID (Vendor ID) and PID (Product ID) of the connected reader found in the Device Manager are generally listed as: VID_0C27&PID_3BFA. To ensure the VID and PID are included in the list, add the following to the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMwareVDM\USB]
AllowHardwareIDs=[REG_MULTI_SZ]"VID_0C27&PID_3BFA"
Set the following in the configuration file C:\ProgramData\NetIQ\Device Servie\config.properties
card.rfideasEnabled:true