Manual

ToleveragethePKCS#11moduleofClientSecuritySolution,thefollowingpoliciesmustbesetforActive

Directory:

1.PKCS#11Signature

2.PKCS#11Decryption

ThefollowingtableprovidesthemodiableeldanddescriptionofpoliciesforPKCS#11:

Table10.ThinkVantage\ClientSecuritySolution\AuthenticationPolicies\PKCS#11Signature\CustomMode

FieldsCSS.ADM

Modiableeld

Required

FieldDescription

Controlswhetherpasswordorpassphraseisrequired.

Possiblevalues•Enabled

–Everytime

–Onceperlogon

•Disabled

•Notcongured

Settingsandpoliciesforthengerprintreaderauthentication

Enforcedngerprintbypassoption

Thengerprintbypassoptionenablesausertobypassthengerprintauthenticationanduseawindows

passwordtologon.TheusercanselectordeselectthisoptiononthePasswordManageruserinterface

whenaddinganewentry.

However,bydefault,thengerprintbypassisenabledevenifthisoptionisnotselected.Thisistoallowthe

usertologontoWindowswhenthengerprintsensorisnotfunctional.Todisabletheenforcedngerprint

bypassoption,editthefollowingregistrykey:

[HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\ClientSecuritySolution\CSSConguration]

"GinaDenyLogonDeviceNonEnrolled"=dword:00000001

Whentheregistrykeyissetasabove,theusercannotbypassngerprintauthenticationwhenthengerprint

sensorisnotworking.

Fingerprintswiperesult

Duringthengerprintauthentication,thebelowpolicycontrolsthedisplayofngerprintswiperesults.

HKLM\Lenovo\TVTCommon\ClientSecuritySolution\FPSwipeResult

•FPSwipeResult=0:Showallmessages.

•FPSwipeResult=1:Showfailuremessagesonly(defaultvalue).

•FPSwipeResult=2:Donotshowanymessages.

Command-linetools

ThinkVantageTechnologiesfeaturescanalsobeimplementedlocallyorremotelybycorporateIT

administratorsthroughthecommand-lineinterface.Congurationsettingscanbemaintainedthrough

remotetextlesettings.

ClientSecuritySolutionhasthefollowingcommand-linetools:

32ClientSecuritySolution8.21DeploymentGuide