Manualshelf

Deployment Guide

ManualsBrandsDell ManualsConverged InfrastructureSecurity Tools
21222324252627282930
For example, you can require both a fingerprint and a password as logon credentials. In the dialog, select the second authentication
method that must be used with fingerprint authentication.
To allow each authentication method to be used individually, in the Available Options dialog, leave the second authentication
method set to None, and click OK.
To remove a sign-in option, under Available Options on the Sign-in Options page, click X to remove the method.
To add a new combination of authentication methods, click Add an Option.
4. Set Recovery Options for users to recover their computer access, if they become locked out.
To allow users to define a set of questions and answers to be used to regain access to the computer, select Recovery Questions.
To prevent use of Recovery Questions, deselect the option.
To allow users to recover access using a mobile device, select One-time Password. When One-time Password (OTP) is selected
as a recovery method, it is not available as a sign-in option on the Windows logon screen.
To use the OTP feature for logon, deselect the option in Recovery Options. When deselected as a recovery method, the OTP
option appears on a Windows logon page as long as at least one user has enrolled in OTP.
NOTE:
As administrator, you control how One-time Password can be used - for authentication or for recovery.
The OTP feature can be used either for authentication or for recovery, but not for both. The configuration
affects either all users of the computer or all administrators, based on the selection in the Sign-in Options field,
Apply sign-in options to.
If the One-time Password option is not listed under Recovery Options, your computer's configuration does not support it. For more
information, see Requirements.
To require the user to make a help desk call if they lose or forget logon credentials, clear both check boxes under Recovery
Options: Recovery Questions and One-time Password.
5. To set a length of time to allow users to enroll their authentication credentials, select Grace Period.
The Grace Period feature lets you set the date on which a configured Sign-in Option will begin to be enforced. You can configure a
Sign-in Option before the date when it will be enforced and set up a length of time to allow users to enroll. By default, the policy is
enforced immediately.
To change the Enforce Sign-in Option date from Immediately, in the Grace Period dialog, click the drop-down menu and select
Specified Date. Click the down arrow at the right side of the date field to display a calendar, then select a date on the calendar.
Enforcement of the policy begins at approximately 12:01 AM on the date selected.
Users can be reminded to enroll their credentials required at their next Windows logon (by default), or you can set up regular
reminders. Select the reminder interval from the Remind User drop-down list.
NOTE:
The reminder that is displayed to the user is slightly different, depending on whether the user is at the Windows
Logon screen or within a Windows session when the reminder is triggered. Reminders do not appear on Preboot
Authentication logon screens.
24 Configuration Tasks for Administrators