abylonsoft: abylon EINSTELLUNGEN (Logon

Window

Test inserted card

Simulate the abylon LOGON process to test an account.

The simulation process corresponds not in all details with the real logon process. Therefore DON'T deactivate the Cancel (ESC) option during the first real testing. In this case, if you have problems, you can change to the normal logon mask.

Refresh (F5)

Update the settings.

Supported key cards

Allowed Media:

Certificate Smartcard / Token: Certificate based smartcards are accepted to logon process, for example USB eToken from Aladdin.
Any smartcard: Processor smartcards are accepted to logon process, for example Moneycards.
A PC/SC interface of the card reader is necessary.
Memory-Card: Different Memory-Cards are accepted to logon process, for example 'Health Insurance Card (Europe)'.
A CT32-API interface of the card reader is necessary
>> Help to CT32 - DLL Settings
External Memory-Device (e.g. USB-Stick): All commercial USB storage media are accepted to logon process, which are available during the logon time (apply a drive). For example all commercial USB-Sticks or further external storage media like CompactFlash, MEMORY Stick or Multimedia-Card can be use.
CD / DVD: All CDs or DVDs are accepted to logon process, which contains enough data for create an individual key.
Empty CDs and DVDs can't be used!
RFID- Radio card: RFID- Radio cards are accepted during to logon process (Please aks the producer for compatibility)

NOTE: Is your preferred medium not supported? Depending on the version individual media can be disabled! For questions or additional hardware support, please use our Support form!

Logon behavior

Possible options:

Allow changing to normal logon with cancel (ESC) in Logon-Mode
Allow or disallow during the Logon the changing to the normal windows logon.
The activation of this point increase the protection, but in case of losing or damaging the smartcard complete access to the computer is not possible.
Allow changes to normal logon with cancel (ESC) in Lock-Mode
Allow or disallow the changing to the normal windows logon, during the computer is locked. Don't allow create accounts for new smartcards at Windows-Logon
Allow or disallow the creating of new accounts during the logon process. If this option is activated, the accounts can only create over the button Create Account.
The activation of this point increase the protection, but in case of losing or damaging the Smartcard/Token the complete access to the computer is not possible.
Should the user enter the Logon-password for symmetrical cards?
abylon LOGON make the starting of the operating system easier, by supporting various media for authentication. In order to get an additional security during the login, the input of the password can be activate. That require the correct medium AND the input of the password for login.
Should the security dialog (SAS: PRESS CTRL+ALT+DEL TO LOGON) disabled?
At modern windows system the entering of CTRL+ALT+DEL can be activate. This guarantees that all processes for logging the password are cancelled. On activation this safety option is jumped over.
In case of Windows NT this option can't be deactivated normally.
Should the security dialog (SAS: PRESS CTRL+ALT+DEL TO LOGON) deactivated?
At modern windows system the entering of CTRL+ALT+DEL can be activate. This guarantees that all processes for logging the password are cancelled. To deactivate this safety option select this point.
In case of Windows NT this option can't be deactivated normally.
Should the module call GINACHAIN to load other GINA's?
Behind the Microsoft Windows Logon is the so-called GINA (Graphical Identification and Authentification). This GINA is exchanged by our software and many other programs, for example virus scanner. If more than one program need an own GINA, this are normally build a chain.
ACTIVATE usually this possibility in order to avoid problems!
Should the logon data changed daily automatically with random data?
If this option is activated, your logon password changed once a day, without that you will be notified. It is a long and random password.
This block also the login in the Safe Mode. You should certainly have the opportunity to login the account, such as an alternative administrator account.

Certificate options

Possible options:

Allow only certificates, that are checked on revocation lists
The certificate on the smartcards can be check on revocation lists. In case of activation only not blocked certificates are allowed to logon!
Activate this options only, if you know, what you are doing. If your Smartcard or certificate don't support a revocation list or a direct connection is not possible, the logon to the computer is not possible.
Is the availability of private key to be tested intensively? This is necessary with some CSPs, which register a permanent link into the data base!
The activation of this option is necessary, if the CSP enters the certificate into the Windows certificate database. In this case an additional authentication with password is necessary.
If several Smartcard reader or USB-Token are connected, the password must be entered for every device!
Should the certificate database Own Certificates from SYSTEMUSER reset?
The CSP's (Crypto Service Provider) normally insert a link of the certificate on the tokens (USB-Token or Smartcard) in the Windows certificate database. This is necessary for the access of the software to the certificate. Some CSP's don't remove this link after the operation, which is normally no problem. If several persons logon at the same computer, the certificate database fill itself with links. In this case you must select the correct link from a list. On activation all links are removed and the selection window don't show up.

1.	Test inserted card	Simulate the abylon LOGON process to test an account. The simulation process corresponds not in all details with the real logon process. Therefore DON'T deactivate the Cancel (ESC) option during the first real testing. In this case, if you have problems, you can change to the normal logon mask.
2.	Refresh (F5)	Update the settings.
3.	Supported key cards	Allowed Media: Certificate Smartcard / Token: Certificate based smartcards are accepted to logon process, for example USB eToken from Aladdin. Any smartcard: Processor smartcards are accepted to logon process, for example Moneycards. A PC/SC interface of the card reader is necessary. Memory-Card: Different Memory-Cards are accepted to logon process, for example 'Health Insurance Card (Europe)'. A CT32-API interface of the card reader is necessary >> Help to CT32 - DLL Settings External Memory-Device (e.g. USB-Stick): All commercial USB storage media are accepted to logon process, which are available during the logon time (apply a drive). For example all commercial USB-Sticks or further external storage media like CompactFlash, MEMORY Stick or Multimedia-Card can be use. CD / DVD: All CDs or DVDs are accepted to logon process, which contains enough data for create an individual key. Empty CDs and DVDs can't be used! RFID- Radio card: RFID- Radio cards are accepted during to logon process (Please aks the producer for compatibility) NOTE: Is your preferred medium not supported? Depending on the version individual media can be disabled! For questions or additional hardware support, please use our Support form!
4.	Logon behavior	Possible options: Allow changing to normal logon with cancel (ESC) in Logon-Mode Allow or disallow during the Logon the changing to the normal windows logon. The activation of this point increase the protection, but in case of losing or damaging the smartcard complete access to the computer is not possible. Allow changes to normal logon with cancel (ESC) in Lock-Mode Allow or disallow the changing to the normal windows logon, during the computer is locked. Don't allow create accounts for new smartcards at Windows-Logon Allow or disallow the creating of new accounts during the logon process. If this option is activated, the accounts can only create over the button Create Account. The activation of this point increase the protection, but in case of losing or damaging the Smartcard/Token the complete access to the computer is not possible. Should the user enter the Logon-password for symmetrical cards? abylon LOGON make the starting of the operating system easier, by supporting various media for authentication. In order to get an additional security during the login, the input of the password can be activate. That require the correct medium AND the input of the password for login. Should the security dialog (SAS: PRESS CTRL+ALT+DEL TO LOGON) disabled? At modern windows system the entering of CTRL+ALT+DEL can be activate. This guarantees that all processes for logging the password are cancelled. On activation this safety option is jumped over. In case of Windows NT this option can't be deactivated normally. Should the security dialog (SAS: PRESS CTRL+ALT+DEL TO LOGON) deactivated? At modern windows system the entering of CTRL+ALT+DEL can be activate. This guarantees that all processes for logging the password are cancelled. To deactivate this safety option select this point. In case of Windows NT this option can't be deactivated normally. Should the module call GINACHAIN to load other GINA's? Behind the Microsoft Windows Logon is the so-called GINA (Graphical Identification and Authentification). This GINA is exchanged by our software and many other programs, for example virus scanner. If more than one program need an own GINA, this are normally build a chain. ACTIVATE usually this possibility in order to avoid problems! Should the logon data changed daily automatically with random data? If this option is activated, your logon password changed once a day, without that you will be notified. It is a long and random password. This block also the login in the Safe Mode. You should certainly have the opportunity to login the account, such as an alternative administrator account.
5.	Certificate options	Possible options: Allow only certificates, that are checked on revocation lists The certificate on the smartcards can be check on revocation lists. In case of activation only not blocked certificates are allowed to logon! Activate this options only, if you know, what you are doing. If your Smartcard or certificate don't support a revocation list or a direct connection is not possible, the logon to the computer is not possible. Is the availability of private key to be tested intensively? This is necessary with some CSPs, which register a permanent link into the data base! The activation of this option is necessary, if the CSP enters the certificate into the Windows certificate database. In this case an additional authentication with password is necessary. If several Smartcard reader or USB-Token are connected, the password must be entered for every device! Should the certificate database Own Certificates from SYSTEMUSER reset? The CSP's (Crypto Service Provider) normally insert a link of the certificate on the tokens (USB-Token or Smartcard) in the Windows certificate database. This is necessary for the access of the software to the certificate. Some CSP's don't remove this link after the operation, which is normally no problem. If several persons logon at the same computer, the certificate database fill itself with links. In this case you must select the correct link from a list. On activation all links are removed and the selection window don't show up.

Einstellungen > Logon > Einstellungen

Window

Siehe auch