- Consider the following for PolicyServer installation:
- It is recommended to run the Windows service through Local Systems. This will eliminate cases where a Domain User account may be locked, set to change password at login, or having to change the User password in the Windows Service and in the IIS Application Pool.
- Install the Windows service with a Domain User account that has administrator rights on the local server.
- Set the required policy settings below:
- For PolicyServer 3.1.2: Common
Common > Authentication > NetworkLogin > DomainAuthentication = Yes
Common > Authentication > NetworkLogin > Domain Name = SSOTest (NetBIOS name. Same as in Windows GINA pick list)
Common > Authentication > NetworkLogin > Host Name = SSOTest.local (Domain Controller)
- For PolicyServer 3.1.1 and below: PolicyServer
PolicyServer > LdapAuthentication = Yes
PolicyServer > LdapAuthentication > Domain Name = SSOTest (use the NetBIOS name. Same as in Windows GINA pick list)
PolicyServer > LdapAuthentication > Host Name = SSOTest.local (Domain Controller)Full Disk Encryption
Full Disk Encryption > PC > Login> DomainAuthentication = YesDriveArmor
DriveArmor > Authentication > NetworkLogin >DomainAuthentication = YesFile Encryption
FileArmor > Login > DomainAuthentication = YesNote: File Encryption and DriveArmor Single Sign-On capability requires the following Full Disk Encryption Policy enabled for the group even if FDE is not used on a device:
Full Disk Encryption > Login > Domain Authentication = Yes
- For PolicyServer 3.1.2:
- DomainName should be configured as your NetBIOS domain name. For most environments, this value is the same value that appears in the Windows GINA logon to pick list.
- HostName should be configured with the Fully Qualified Domain Name (FQDN) of your Domain Controller or be configured with your domain.suffix.
- DomainName determines how we try to authenticate the user via the domain\username value.
- HostName refers to the server we authenticate.
- For the policy values of DomainName and HostName, open a Windows command prompt and run "net config workstation" from a domain-joined machines. The output of this command shows the Workstation Domain value for the DomainName policy and the Workstation Domain DNS Name for the HostName policy.