Logon methods

The following options are available on this tab:

Select the Enable Single Sign-on for Windows option to require only a single logon to the client computer. The Windows login screen will no longer appear.

The following authentication methods are available:

  • Local user access: This option is enabled by default. This method allows local Windows users to authenticate to the system using their local Windows username, password, and local system name.

  • Domain user access (with password): This method allows Windows domain users to authenticate to the system using their Windows domain username, password and domain name.

    Users can only log on to the domain if the Windows and Pre-Boot options have been set.

  • Domain user access (with token): This method allows Windows domain users to authenticate themselves with a smartcard / token and PIN.

Enable logon using password tokens: This method allows the pre-boot authentication for a password token user. If you check this option, then you need to select at least one more Windows authentication.

Prior to configuring the DriveLock PBA for token access only, make sure that a valid token exists for both the PBA and the Windows logon (unlock).

Other options in the dialog:

  • The Maximum number of logins before lockout option causes a user to be locked for a certain period of time after the specified number of failed logins to protect the system from a brute force attack with automatic logon scripts. Change the default values according to your corporate security policies.
  • If you are using certificates for authentication, you can specify the number of days after which DriveLock alerts users before certificates expire.
  • The Count failed logons globally for all users option is enabled by default. Instead of counting up failed attempts for a single user, the failed attempts counter is incremented independently of users.
  • With the Disable pre-boot authentication until first Windows logon option, the PBA is deactivated until the first user has logged on to Windows. It is used to avoid that only users whose names have been entered on the Users tab in the pre-boot authentication users option may log in. Thus, without a valid Windows logon beforehand, the users specified in the policy are ignored.