Installing DigitalPersona AD Kiosk

DigitalPersona AD Kiosk will generally be installed remotely using the Install DigitalPersona Kiosk Remotely procedure. However, to illustrate the complete installation steps, the local installation is described first.

Prerequisites

Before installing the DigitalPersona AD Kiosk on a computer, make sure it meets the system requirements and prerequisites.
DigitalPersona AD Servers will be used for authentication and should be installed and configured before installing the DigitalPersona AD Kiosk client.

Upgrading from Previous Versions

Detailed information about upgrading and migrating existing deployments is available in the Upgrade Notes provided in the Documentation folder of the DigitalPersona AD package.

Compatibility

This version of DigitalPersona AD Kiosk is compatible with the following DigitalPersona products:

DigitalPersona Access Management API 2.1 or above (previously Altus Auth SDK)
DigitalPersona Web Components (previously Altus Confirm SDK, now included in the above SDK)

Note: It cannot be installed on a computer with any other DigitalPersona products.

Install DigitalPersona Kiosk Locally

Launch the installer from the DigitalPersona AD Kiosk folder of the product package.
Run Setup.exe from the DigitalPersona AD Kiosk folder of the product package.

Or, for silent mode, enter setup.exe /s /v” /qn” at the command line.
When the Welcome page displays, click Next to proceed with the installation.
Read the License Agreement page. If you agree, select the I accept the terms in the license agreement button and click Next.
On the next page, you can specify the folder that DigitalPersona AD Kiosk will be installed in. If you want to install to the default location, click Next.

Otherwise, click Change to specify a new location and then click Next to continue.
Choose one of the following options to indicate the type of installation you want to perform.
- Typical - Installs the most commonly used features:
  Note: The availability of the Password Manager depends on the DigitalPersona product:
  - DigitalPersona Logon for Windows - Password Manager is not part of the Typical Setup Type, but can be selected by choosing the Custom Setup Type.
  - DigitalPersona Premium - Password Manager is included as part of the Typical Setup-type, but can be deselected by choosing the Custom Setup Type.
- Custom - Allows selection of which features to install.
  - Password Manager - Enables users to configure their fingerprint logons to websites and Windows programs.
Click Next and then Install, to begin installation.
Click Finish to close the InstallShield Wizard.
When prompted to do so, reboot the computer. Click Yes to restart now, or No if you plan to restart later.

After the computer restarts, and at every subsequent restart, Kiosk automatically uses the default DNS Server to locate all DigitalPersona AD Servers for the domain and its site.

If more than one DigitalPersona AD Server is found, Kiosk will choose the DigitalPersona AD Server for authentication that offers the most efficient connectivity.

For a description of the features and functions, see Using DigitalPersona Kiosk.

Install DigitalPersona Kiosk Remotely

The installer for Kiosk uses Microsoft Windows Installer (MSI) technology, which allows administrators to remotely install or uninstall the software using Active Directory administration tools, or other software deployment tools.

Note:

This installer only works for computer-based policy installation, not user-based installations.
Some steps will vary depending on the operating system version.
For mixed 32- and 64-bit environments, follow these steps twice to create an administrative installation file for each environment.

For mixed 32- and 64-bit environments, copy the entire contents of the DigitalPersona Workstation x86|x64 folder to a network share.
(Optional) To install only to a specific OU, create a Group Policy Object (GPO) that will be used to distribute the software package.
Assign the package:
1. Start the Group Policy Management snap-in from the Windows Server Manager Tools menu, selecting Group Policy Management.
2. In the Group Policy Management tree, under the appropriate domain, right-click Default Domain Policy and choose Edit from the context menu. This will launch the Group Policy Management Editor.
3. In the Group Policy Management Editor, open Computer Configuration, Policies, Software Settings, Software installation.
4. Right-click Software installation and select New, Package from the context menu.
5. In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\file server\share\file name.msi.
  
  Important: Do NOT use the Browse button to access the location. Make sure that you use the UNC path of the shared installer package.
6. Click Open.
7. Click Assigned, and then click OK. The package is listed in the right-pane of the Group Policy window.
8. For 32-bit installation packages only:
  1. Right-click the package and select Properties.
  2. On the Deployment tab, click Advanced.
  3. Deselect the checkbox Make this 32-bit X86 application available on Win64 machines.
    
    Note: If this checkbox remains selected, the application will not install.
Installation will begin on each client during the first reboot after the computer obtains the deployment policy (that is, during the next scheduled AD policy refresh or as a result of running GPUPDATE\FORCE on the local computer).

Install DigitalPersona Kiosk Patches Remotely

The installer for DigitalPersona Kiosk uses Microsoft Windows Installer (MSI) technology, which allows administrators to remotely install patches to software using Active Directory administration tools, or other software deployment tools, through slipstreaming.

Note:

For mixed 32- and 64-bit environments, follow these steps twice - patching the administrative installation files for both environments.
This installer only works for computer-based policy installation, not user-based.
The following steps assume that an administrative installation package has been created as described in Install DigitalPersona Kiosk Remotely.
Some steps will vary depending on the operating system version.

Update the installation package by opening a command prompt session and type the following command to patch the previously created installation package:
Copy
```
msiexec.exe /a [path\name of original MSI file]
msiexec.exe /p [path\name of updated MSP file]\ /a [path\name of administrative installation file]
```
Redeploy the application:
1. Start the Group Policy Management snap-in - from the Windows Server Manager Tools menu, select Group Policy Management.
2. Right-click the GPO that governs the computers you want to update and select Edit. This will launch the Group Policy Management Editor.
3. In the Group Policy Management Editor, navigate to Computer Configuration/Policies/Software Settings/Software Installation.
4. Right-click the previously deployed DigitalPersona client software package and select All Tasks\Redeploy application. Confirm your intent to redeploy the application.
Installation will begin on each client during the first reboot after the computer obtains the deployment policy (that is, during the next scheduled AD policy refresh or as a result of running GPUPDATE\FORCE on the local computer).

Install DigitalPersona Kiosk using the Command Line

DigitalPersona Kiosk can also be installed or uninstalled using MSI at the command line.

The syntax of the msiexec command is shown below and is followed by a description of the command line options, parameters and values available:

Copy

msiexec /i setup.msi [INSTALLDIR=”<directory>”] [ADDLOCAL=<software>] [REMOVE=<software>] [TRANSFORMS=<list of transform files>] [/qn] [other MSIEXEC options]

Command Line Options

There are one required and one optional command line options:

Options Description

Options	Description
/i	(Required) Indicates that MSI will be used to install the DigitalPersona software. It must be followed by the full pathname to the setup.msi file.
`/qn`	(Optional) Hides the user interface when installing the software on the computer, allowing a “silent install.” If used, it is placed at the end of the command line.

(Required) Indicates that MSI will be used to install the DigitalPersona software.

It must be followed by the full pathname to the setup.msi file.

/qn

(Optional) Hides the user interface when installing the software on the computer, allowing a “silent install.”

If used, it is placed at the end of the command line.

Parameters

The following parameters can indicate where the software should be installed on the computer and what components should be included or removed.

Parameters	Description
INSTALLDIR	(Optional) Specifies the location where the DigitalPersona Workstation software should be installed. If a folder is not specified, the software will be installed in the following directory - C:\Program Files\DigitalPersona
ADDLOCAL	(Optional) Indicates which DigitalPersona Kiosk features to install through one or more of the values listed in the next table.
BIOMETRICDATA	(Optional) Indicates where to store biometric data. Allowed values are: "Remote" - (default, recommended) Store biometric data remotely on the central server, allowing to use it on multiple computers. "Local" - Store biometric data locally on the computer's database. Only choose this option if your organization prohibits centralized storage of biometric data, or to support secure or small form factor fingerprint readers.
REMOVE	(Optional) Indicates which DigitalPersona software features to uninstall by providing one of the values listed in the next table. In combination with ADDLOCAL=ALL, indicates which features that are not to be included in the installation.
TRANSFORMS	(Optional) Use the TRANSFORMS parameter to specify a UI language other than U.S. English. Separate multiple transforms with a semicolon. Do not use semicolons within the name of your transform, as the Windows Installer service will interpret those incorrectly. See the list of the available transform files.

ADDLOCAL and REMOVE Values

The table below lists the values that may be provided with the ADDLOCAL and REMOVE parameters and provides a description of each value.

Values	Description
ALL	Installs all default(Typical) DigitalPersona Kiosk components and features or removes all of the components and features that are currently installed. Note: Typical features do not include Password Manager or Attended Enrollment.
PasswordMgr	Installs the Password Manager feature. Cannot be used with Remove parameter.

Following are a few rules when using these parameters and their values:

If ADDLOCAL or REMOVE are not specified, msiexec will install the default (Typical) DigitalPersona Kiosk features.

Note: Typical features do not include the Password Manager.
Individual software features cannot be installed unless the All value was used with the ADDLOCAL parameter first.
To install DigitalPersona Kiosk for the first time while omitting one or more of its features, use ADDLOCAL=ALL, followed by the REMOVE parameter and the name of each feature that you do not want to install, separated by commas.

For example:
Copy
```
msiexec /i setup.msi ADDLOCAL=ALL REMOVE=PasswordMgr
```

About Transform files

DigitalPersona uses Transform (.mst) files to create an installation package for DigitalPersona components in the supported languages listed below. These files are located in the Bin directory of your product package.

When creating a package for a GPO install, select the Advanced option and then add the transform file from the Modifications tab. Ensure that the transform file is included in a folder that is shareable by the Active Directory server computer and all target client computers.

Language	Transform file
French	1036.mst
German	1031.mst
Italian	1040.mst
Brazilian Portuguese	1046.mst
Spanish	1034.mst
Chinese Simplified	2052.mst
Chinese Traditional	1028.mst
Japanese	1041.mst
Korean	1042.mst

Uninstall DigitalPersona Kiosk

You can remove the DigitalPersona Kiosk software using the Add or Remove Programs option of the Control Panel or through MSI.

In the Control Panel, the Kiosk software is listed as DigitalPersona AD Kiosk.

You must have local administrative privileges to modify or uninstall DigitalPersona AD Kiosk.