Windows 8.1 Secure Login

For home computers, I would prefer to have the local admin account have a simple password but use some additional physical token - either a smartcard or some digits generated on a token - to gain access. I don't want to set up any kind of security
server for this. It needs to be self contained to each individual computer. What is the simplest solution to give me this two factor authentication on a Windows 8.1 box? Ideally the solution would scale to work with Remote Desktop
access as well as console access.
Will

All the token based authentication mechanisms I've seen make use of things like certificate services on a domain, so I don't think there are any options out there for a standalone setup (though it's possible they exist and I haven't seen them obviously).
The only options I can think of that would suit your situation would be some kind of USB security device. They don't allow password + token as such, but do allow you to set a very complex password while not having to actually enter it if you have the corresponding
way to activate the device.
I've seen two varieties of these.
1) USB fingerprint readers (assuming you're not using a laptop with it built in). The finger print itself doesn't technically log you in, instead it authenticates with the software running on the machine, and that (if authentication is acceptable) passes
the saved login details to the system. So if you set the machine with a 20 character password, you'd save that in the fingerprint software, and then so long as you successfully scanned your fingerprint then it would let you in without having to type it (but
you still have the option to enter the password if required).
2) USB proximity readers. Similar to the fingerprint reader, the USB device is linked to a RFID device which you have with you. When you're close enough to the USB device for detection it will login to the machine, and additionally when you move away from
the machine it can automatically lock the machine again.

Similar Messages

Secure Login Client and Java

Hi All,
We are having a project to implement NW SSO for NWBC for HTML, Citrix XenApp will be used as the desktop environment. The requirement is that no Java allowed to be installed on the web browser.
According to PAM, Secure Login Client is not support Microsoft Application Virtualization (App-V), so how can we deploy the Secure Login Client to Citrix environment?
If we want to use Secure Login Web Client instead of Secure Login Client, does Secure Login Web Client requires Java installed on users' web browsers? In the latest Secure Login implementation guide (SSO 2.0), it does not mentioned anything about Java runtime. However, because as far as I understand, Secure Login Web Client is a feature of Secure Login Server, while Secure Login Server is pure Java application, I suspect that Secure Login Web Client also require Java runtime to run. Is that true?
Best regards,
Duy

Hello Duy,
The Product Availability Matrix states that Secure Login Web Client needs a Java runtime in the browser. See the footer of the Secure Login Web Client pages for Windows and Linux/MAC OS browser platform support. It says the following:
For Windows: SupportedJava Runtime: Oracle (Sun) JSE 6, 7 and8, 32bit
For Linux/MAC OS: Supported Java Runtime: Oracle (Sun) JSE 6.0 and7.0, 32bit/64bit depending on browser
Best regards,
Martin

Secure Login library

Hi All,
I want to implement single sign on using secure login. Secure login provides 3 components: secure login server,secure login library and secure login client.
In installation guide it says that it is not necessary to install all components.This depends upon the use case scenarios.
In my case it will be active directory using kerberos technology. So I have to install login library and login client. or any one of them.
Please let me know.
Regards,
Josh

Hi,
please do the below steps
Step1: Install SAP library on your local P.C.
Step 2: Configure the sapdoc.ini
Configure file sapdoc.ini with the entry as shown. This file exists on C:\Windows. If it is not found, create it using your favorite text editor.
HtmlHelpFilePath-EN=<C:\Program Files\SAP\SAP ERP Central Component 5.0 English\HELPDATA\EN> : Path of SAP help where you installed it on your P.C.
u2014-
Step3: logon to sap dev system
            u2013> Execute the tcode SR13
            u2013> Click on the tab HtmlHelp file
            u2013 >Click on New entries Enter variant name (ECC5 if u r using SAP ECC5)
            -->Platform =Win32 if you are using xp
            -->Area =IWBHELP
            -->Path = http://help.sap.com Or path of the your server where SAP library is installed.
             Save it. Request Dialog prompts you to create request. Create Request.
            Transport the request to Quality & Production.
Note: Entries in the file sapdoc.ini overwrites the settings present in SR13, if SAP library is not available on your local
system, it starts from central location.
Do you want more details for this issue please find below link
http://www.scribd.com/doc/6213550/How-to-Setup-Sap-Library
Regards,
K.Ramamoorthy

Secure login client is not working in VPN

Hi,
We have scenario where users connect to office network though VPN and access SSO. When users connect through VPN, users are not able to login in SLC and hence not receiving X.509 user certificate. It shows the following error when try to login in SLC.
"There are currently no logon servers available to service the logon request"
But the same SLC is working when users connect directly (ex LAN or WI-FI) to the network.
We have enabled secure login client trace and found the below errors in the trace when user is connected through VPN.
SLC trace file
[2014.04.23 14:23:24.531][ERROR][sbus.exe            ][BASE        ][ 6060] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm 23 returned error
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056]     0/C000005E There are currently no logon servers available to service the logon request.
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/ssodev' with algorithm 3 returned error
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056]     0/C000005E There are currently no logon servers available to service the logon request.
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/ssodev' failed (user name is [email protected])
[2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][ 6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
[2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][ 6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm 23 returned error
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056]     0/C000005E There are currently no logon servers available to service the logon request.
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/[email protected]' with algorithm 3 returned error
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056]     0/C000005E There are currently no logon servers available to service the logon request.
[2014.04.23 14:23:39.578][WARN ][sbus.exe            ][Kerberos    ][ 6056] Getting kerberos ticket for 'HTTP/[email protected]' failed (user name is [email protected])
[2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][ 6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_clientGetTicket(): No Kerberos ticket for the requested service
[2014.04.23 14:23:39.578][ERROR][sbus.exe            ][Kerberos    ][ 6056] ERROR(0xA2600202) in KERBEROS->sec_kerberos_spnego_CreateToken(): No Kerberos ticket for the requested service
[2014.04.23 14:28:38.171][TRACE][sbus.exe            ][sbusslogin.d][ 6056] { CSecureLogin_Protocol_2_0::Send_DeleteSession
Anyone suggest us to fix this issue.
Regards,
Yogesh Kumar D

Hello,
which kind of VPN do you use?
Does this guarantee full network access to the domain servers?
Is the VPN network IPv4 or IPv6 based?
thanks for the information
best regards
Alexander Gimbel

Safari will not open a window when "open at login" is enabled

I seem to be having this issue where I can't seem to get a Safari window to open at login. I've tried many many settings from disabling the pop-up blocker to application permissions, it just doesn't want to open a window upon login. The icon in the dock has the indicator light that it is open, but no window appears.
I had no issues with this up until the past few updates that were done. I don't have any 3rd party plug-ins installed and it happens on both my Macbook Pro and Mac Mini and it is not profile specific.
Does anyone have any suggestions?

Lisa --Welcome to Apple Discussions!
We're other Mac users here, asking questions and sharing solutions.
You're having symptoms of a common problem here.
Your problem may be with the Community Toolbar.
It's a terrible app/plugin that messes up Macs like the plague.
Did you ever install a customized toolbar? Like a Facebook one? Or for watching sports?
Here's how to search and destroy:
Close Safari.
Check here for CT Loader
Locate and delete:
HD/Library/Application Support/Conduit
HD/Library/InputManagers/CTLoader
HD/Library/Receipts/ctloader.pkg
HD/Library/Receipts/<Toolbar name>.pkg
HD/Library/Application Support/SIMBL/Plugins/CT2285220.bundle
HD/Users/<User name>/Library/Application Support/Conduit
It may not be in every single location, but get it out where ever you find it.
Restart Safari. Any Better?

How to Get the Login Window and/or Bypass Login Items?

Greetings, folks!
This is a silly question, but the old standby of “hold down the shift key” doesn’t work in 10.6.1:
What key(s) need to be pressed to get the LogIn window and then after LogIn, to bypass LogIn Items?
Thanks!!
Richard Fairbanks

Not here, on a fresh (erased) install.
Pressed either before or after the initial gray Mac appears, the shift key does not access the LogIn screen. It is possible to bypass the account’s LogIn items by holding down the shift key after the LogIn screen has been called and successfully commenced, but how does one call the Login screen when the Mac is normally set up for automatic login?
It used to be the shift key . . .
Thanks!

T61p - Please wait while Windows configures Client Security Password - Manager

My T61p system is fully updated, however I continue to get "Please with while windows configures Client Security Password - Manager." and then the computer trys to install
css_manager_vista_tpm.exe
over and over again.
What is the problem here and how can I solve?
How can I contact Lenovo-Thinkpad to assist?
The problem has reoccured even after I did a system restore to an earlier date.
It seems to initiate when I first boot up and then open up "Pictures"
Please help.
Thanks

Well, I take everything back. After removing all password entries and re-installing/rebooting, it worked for a while. But now it is doing it all over again. I tried to call techincal support, but they then said I would have to pay for software support and they only support hardware, and to re-install the OS. Great, jeez, I couldn't have tried that myself, and that is so simple and takes no time at all (detecing sarcasm yet?)
I do a lot of work for large corporations that are watching the IBM=>Lenovo takeover very closely to see if they are going to drop Thinkpads altogether and go with another laptop vendor. This type of weak support does not bode well. The person I was on the phone with was rude, hard to understand, and even told me there was no place to escalate the call to.
There is no replacement for customer support. It is sad to see no Lenovo involvement in this forum, and don't make the mistake of thinking this is an isolated problem at this time. It is growing.
Though Thinkpads are great Laptops, Toshiba used to have the market, but their support or should I say lack of it led to their downfall and position of leadership loss.
It will be no different if Lenovo continues to act like a machine churner.

Web Center app with ADF Security - login problem

I have a custome Oracle Web Center app.
I have a page.html with an embedded login form posting to j_security_check. I've configured the ADF security policies to redirect to a JSPX on successful login.
When I try the correct username/password, I get redirected not to the page I defined in ADF, but to the root page http://127.0.0.1:7101/MyApp-ViewController-context-root/
and i get
Error 403--Forbidden
I've checked the weblogic.xml as per http://andrejusb.blogspot.com/2009/12/solving-error-403-forbidden-in-adf.html, all the required entries are there.
This works fine if i use a Login link with
destination="#{'/adfAuthentication?login=true&end_url=/faces/postLogin.jspx'} "
which redirects to the default login.html and then to the right page. I've copied the form from the default login.html into my master HTML page.
Hope my question is clear. Any suggestions why it is going to the wrong URL after login.
Is there anything specific I should see in the jazn-data.xml or web.xml regarding the post-login URL since i cant see that in either.
P.S. Have been advised to try here when I originally asked this in the WebCenter forum. Web Center app ADF Security - login problem
Edited by: new_to_webcenter on 18-Jan-2011 05:25

Thanks for your response Frank.
The web.xml has
<security-constraint>
<web-resource-collection>
<web-resource-name>adfAuthentication</web-resource-name>
<url-pattern>/adfAuthentication</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
When configuring ADF Security via JDev , I chose "Redirect upon successful authentication" to the Welcome Page
"/faces/postLogin.jspx"
this then adds into web.xml
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<init-param>
<param-name>success_url</param-name>
<param-value>/faces/postLogin.jspx</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
So the sequence which works is:
Login via the '/adfAuthentication?login=true&end_url=/faces/postLogin.jspx' and this redirects to login.html (OOTB form which posts to j_security_check) and then to the postLogin.jspx
I'm trying to do away with a Login link, and trying the simple login form embedded in my page alongwith other content.
So should the form be posting to j_security_check directly or to the adfAuthentication ?

Secure Login and trust between BO/BW

Hi.
We configured server-side trust between BO and BW using libsapcrypto library. All works fine.
Now we installing Secure Login (SAP NetWeaver Single Sign-On) for SSO from SAP GUI based on Kerberos token. To configure Secure Login we need to modify profile parameters like
snc/identity/as=p:CN=QBW, OU=Surgutasuneft, O=Surgutneftegas, C=RU
snc/gssapi_lib=/sapmnt/QBW/exe/libsapcrypto.so
which were in use by server-side trust between BO and BW. So when we modify them like in installation guide for Secure Login to this:
snc/identity/as=p:CN=SAP/[email protected]
snc/gssapi_lib=/usr/sap/QBW/DVEBMGS20/SLL/libsecgss.sl
we can use SAP GUI SSO to BW but can't run reports from BO since we broke server-side trust.
We tried many different variations of using these two libraries (including fully regenerating certificates both on BW and BO for server-side trust) but they all failed.
Any suggestions of how we can activate SAP NetWeaver Single Sign-On on our BW systems, without breaking server-side trust between BW and BO?
Thanks in advance
wbr
Stanislav

Thanks, but this problem was resolved. Frane was very helpfull in solving this problem, but it was beyond the forum.
He described the possibility of Secure Login Client that I did not know.
Another possibility is implemented in Secure Login Client 1.0 SP02 Patch 03 and higher (current version is 1.0 SP03 Patch 02).
Secure Login Client is able to “rebuild” the required SPN Name (in your example p:CN=SAP/[email protected]).
This means if the X.509 certificate SNC name is p:CN=KerberosSSO à Secure Login Client will rebuild p:CN=SAP/[email protected]
This works also if the X.509 certificate name is p:CN=KerberosSSO, OU=SAP Security, C=RU
Maybe this solution integration is easier for You? You can use the transaction STRUST to create a self-signed certificate.
Thanks again, Frane.

Policies missing in SCM Windows 8.1 Security Compliance Baseline v1.0

Hello,
I have installed SCM 3.0.60 (downloaded from this link:
Microsoft Security Compliance Manager) on a Windows 8.1 Virtual Machine. Because I could not connect my VM to internet at the moment, I imported the Windows 8.1 Security Compliance Baseline (downloaded from this link
SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!) and the baseline attachment in SCM. The import process ran well and I then created a custom baseline based on the Win8.1 Computer Security Compliance 1.0 baseline (using the Duplicate
action in SCM). During my customization I have noticed that some policies were missing from my custom baseline. After verifying the original baseline I have noticed that the policies were missing in it also. I connected my VM to the internet and clicked on
the Download Microsoft baselines automatically action in SCM. SCM downloaded additional baselines (Office 2013, SQL Server 2012,...). I was expecting the Win8.1 baseline to be updated but it was not. The policies are still missing and I cannot complete my
customization. For information the missing policies that I've noticed are the following:
Under Computer Configuration\Administrative Templates\Windows Components\File Explorer
All policies are missing except "Configure Windows SmartScreen" and "Turn off Data Execution Prevention for Explorer"
Under Computer Configuration\Administrative Templates\Windows Components\Sync
your settings theses polices are missing:
--> Do not sync
--> Do not sync app settings
--> Do not sync browser settings
--> Do not sync desktop personalization
--> Do not sync on metered connections
--> Do not sync other Windows Settings
--> Do not sync passwords
--> Do not sync personalize
Under Computer Configuration\Administrative Templates\System\KDC these policies are missing
--> KDC support for claims, compound authentication and Kerberos armoring
--> User forest search order
--> Warning for large Kerberos tickets
--> Provide information about previous logons to client computer
It seems that theses policies are not present in the Package.XML file that is included in the Windows-8.1-Security-Compliance-Baseline.cab.
Does anyone ever experience the same issue?
Anyone know if there is an updated version of the Windows 8.1 Security Compliance Baseline ? (the version downloaded from the link i supplied above is v1.0)
Regards,
François

Hi,
in this blog, it is just related to Internet Explorer, not the lock screen camera, it can be found at the GPO.
Regards
Wade Liu
TechNet Community Support

SQL Server Security Logins vs. Databases Security Users

Why isn't all security needs done just in logins? When migrating databases, the Logins are not brought over when restoring a backup. It does not make sense. Could it not be done all just in the Security > Logins area or why not? That COULD be designed to track users and rights on various databases rather than a thing owned by each database....
Thanks for your time.
Gib

Understand
the below points first
Login are being used to access the server (Server level)
Database users are being used to access the database.(Database level)
Why
isn't all security needs done just in logins?
Just Imagine the below things:
I want give the permission to user to take backup for specific databases in this case we will give databasedb_backupoperator
role. Is this possible with server role to take backup for specific databases
I want give the permission to user to run the BULK INSERT statement on databases in this case we
will give bulkadmin server role. Is this possible with database role to run the BULK INSERT statement on databases
Thanks-Vanchan
Please click the Mark as Answer button if a post solves your problem!

Windows 2012 server security checklist for corporate company standard/recommended check-list

Hello All,
Good Day.
I am looking for Windows 2012 server security checklist (standard hardening
settings), would you kindly assist me by providing Wintel 2012 standard/recommended check-list ASAP?
Thanks in advance.

Hi,
The Microsoft Security Compliance Manager 3.0 tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.
For more detailed information, please refer to the articles below:
Windows Server 2012 Security Baseline
http://technet.microsoft.com/en-us/library/jj898542.aspx
Security Hardening Tips and Recommendations
http://social.technet.microsoft.com/wiki/contents/articles/18931.security-hardening-tips-and-recommendations.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Cannot find SECURE LOGIN SERVER software

Hi.
I am trying to setup SAP NW Single Sign On. I have been trying to download Secure Login Server but cannot find it in SAP software download page. I searched for SINGLE SIGN ON, SSO, SECURE LOGIN SERVER, SLSERVER, etc...The SAP download page returned 0 match. Can anyone direct me to the right download link please?
Thank you for your help.
Tuan

Hi Kristen,
Thank you for your prompt reply. I did follow your instruction but Single Sign-On is nowhere to be found in that page. I read the SSO implementation and follow download instruction there as well but again, cannot find it.

Non-secure login for 5.0 ip services

How do I change to non-secure login on phones for ip services in 5.0?
Thanks,
Andy

This gives you access to all your subscribed services without logging in every time. Keep in mind that anyone can access your information if your login mode is set to non-secure.
you need to use the SCCP Phone Security Profile in Callmanager 5.0
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a0080645855.html

About SCCM 2012 Primary sites sql server security logins

Hi, guys!
I've got some issue or some misunderstanding....In primary site's sql security logins there were same accounts as on CAS sql.....(We've got about ten primary servers)....two days ago someone (i'm going to find out that guy....damned...) from branch administrators
cleared up security list logins on one of primary server and left only two accounts....one of them it is primary site server installation account, second account - there is SCCM all hierarchy administrators group....
Most of that....that somebody got lower site server installation account role from sysadmin to public....
Am I right thinking in that way - all sql server security logins on all primary sites in one hierarchy must be identical....it explains by SQL replication.......?????
How can i get back sql security logins list on that sccm server to normal way....became after installing primary site server....??? need help......

Hi,
Primary sites do not always have the same security logins.
You need to add NT... accounts, sa etc into security logins. These accounts were added during SQL installation.
All site system computer accounts (such as MP, DP) and primary site computer account also need to be added.
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Windows 8.1 Secure Login

Similar Messages

Maybe you are looking for