Installing DigitalPersona AD Workstation

DigitalPersona Workstation will generally be installed remotely using the Install DigitalPersona Workstation Remotely procedure. However, to illustrate the complete installation steps, the local installation is described first.

Note: The DigitalPersona Attended Enrollment feature is included in the DigitalPersona Workstation client package, but by default is not installed. To install it, you will need to select the feature as part of a Custom install according to instructions given in this page for local, remote or command line installation.

Prerequisites

  • Before installing the DigitalPersona Workstation on a computer, make sure it meets the system requirements and prerequisites, and that you have Administrative Rights on the computer.

  • DigitalPersona AD Servers will be used for authentication and should be installed and configured before installing the DigitalPersona Workstation.

Deployment Considerations

Upgrading from Previous Versions

Detailed information about upgrading and migrating existing deployments is available in the Upgrade Notes provided in the Documentation folder of the DigitalPersona AD package.

Compatibility

This version of DigitalPersona Workstation is compatible with the following DigitalPersona products:

Note: It cannot be installed on a computer with any other Altus or DigitalPersona products.
Important: In the above scenarios, if DigitalPersona Server is installed on the machine, DigitalPersona Workstation must be installed after the DigitalPersona Server and it must only be used for authentication. Do not attempt to enroll or manage user credentials using this configuration, as it may cause unpredictable results.

Install DigitalPersona Workstation Locally

  1. Launch the installer from the DigitalPersona Workstation folder of the product package.

  2. Run Setup.exe from the DigitalPersona AD Workstation folder of the product package.

    Or, for silent mode, enter setup.exe /s /v” /qn” at the command line.

  3. When the Welcome page displays, click Next to proceed with the installation.

  4. Read the License Agreement page. If you agree, select the I accept the terms in the license agreement button and click Next.

  5. On the next page, you can specify the folder that DigitalPersona Workstation will be installed in. If you want to install it to the default location, click Next.

    Otherwise, click Change to specify a new location and then click Next to continue.

  6. On the Choose Where Biometric Data Are Stored page, select whether to store biometric data locally or remotely. Storing data remotely allows biometric credentials to roam, i.e. be used on multiple computers.

    Biometric data for fingerprints can either be securely stored remotely in a central database within your organization or locally on this computer. Only choose local storage if your organization prohibits centralized storage of biometric data, or when supporting secure or small form factor fingerprint readers.

    Important: This selection cannot be changed later without uninstalling and reinstalling this software. Changing local storage to remote storage will also remove any biometric data and Password Manager logon data that has been stored on this computer.

  7. On the Setup Type page, choose from among the following options to indicate the type of installation you want to perform and what program features you want to install.

    • Typical - Installs the most commonly used features.

      • DigitalPersona Logon for Windows: In this product, Password Manager is not part of the Typical Setup Type, but can be selected by choosing the Custom Setup Type.

      • DigitalPersona Premium: In this product, Password Manager is included as part of the Typical Setup-type, but can be deselected by choosing the Custom Setup Type.

    • Custom - Allows selection of which features to install.

      • One Touch Logon - Enables users to log on with fingerprints and other approved credentials.

      • Password Manager - Enables users to configure their fingerprint logons to websites and Windows programs.

        • Password Manager Admin Tool - By default, this item is not installed.

          When upgrading your DigitalPersona Workstation, if a previous version of the Password Manager Admin Tool is installed on the computer, the installation wizard will ask that you first uninstall the previous version before installing the new version included with this software.

      • Attended Enrollment - Enables designated users to supervise credential enrollment.

        Note: Attended Enrollment is not installed by default, but must be specifically selected as part of a Custom installation.

  8. Click Next and then Install, to begin installation.

  9. When installation is complete, a final page displays. Click Finish.

  10. When prompted to do so, click Yes to reboot the computer, or No if you plan to restart the computer later.

After the computer restarts, and at every subsequent restart, the DigitalPersona client software automatically uses the default DNS Server to locate all DigitalPersona Servers for the domain and its site:

  • If more than one DigitalPersona Server is found, the Workstation will choose the DigitalPersona Server for authentication that offers the most efficient connectivity.

  • If no DigitalPersona Servers are found, the client will perform authentication locally.

For a description of the features and functions, see Using DigitalPersona Workstation.

Install DigitalPersona Workstation Remotely

The installer for DigitalPersona Workstation uses Microsoft Windows Installer (MSI) technology, which allows administrators to remotely install or uninstall the software using Active Directory administration tools, or other software deployment tools.

Note:  

  • This installer is only compatible with program distribution (installation or uninstallation) to computers. It cannot be used for program distribution to users.

  • By default, remote installation does not install DigitalPersona Password Manager. To modify the software package to include Password Manager, see step h below.

  • Some steps will vary depending on the operating system version.

  1. For mixed 32- and 64-bit environments, copy the entire contents of the DigitalPersona Workstation x86|x64 folder to a network share.

  2. Create an OU (Organizational Unit) that will be used to distribute the software package.

  3. Install any prerequisites (see System Requirements) on the target computers.

  4. Assign the package:

    1. Start the Group Policy Management snap-in from the Windows Server Manager, Tools menu, selecting Group Policy Management.

    2. In the Group Policy Management tree, right-click the OU created in step 2 above and from the context menu, choose Create a GPO in this domain, and Link it here. Name the new GPO, then right-click it and choose Edit. This will launch the Group Policy Management Editor.

    3. In the Group Policy Management Editor, open Computer Configuration, Policies, Software Settings, Software installation.

    4. Right-click Software installation and select New, Package from the context menu.

    5. In the Open dialog box, type the full Universal Naming Convention (UNC) path of the shared installer package that you want. For example, \\file server\share\file name.msi.

      Important: Do NOT use the Browse button to access the location. Make sure that you use the UNC path of the shared installer package.

    6. Click Open.

    7. In the Deploy Software dialog, click Assigned, and then click OK.

      The package is created and listed in the right panel of the Group Policy Management Editor window.

    8. (Optional) To add Password Manager to the installation package:

      1. Right-click the package and select Properties.

      2. Select the Modifications tab.

      3. Click the Add button.

      4. Browse to the DigitalPersona Workstation software source package.

      5. Select PM.mst.

      6. Click OK.

    9. For 32-bit installation packages only:

      1. Right-click the package and select Properties.

      2. On the Deployment tab, click Advanced.

      3. Deselect the checkbox Make this 32-bit X86 application available on Win64 machines.

        Note: If this checkbox remains selected, the application will not install.

  5. Installation will begin on each client during the first reboot after the computer obtains the deployment policy (that is, during the next scheduled AD policy refresh or as a result of running GPUPDATE\FORCE on the local computer).

Install DigitalPersona Workstation Patches Remotely

The installer for DigitalPersona Workstation uses Microsoft Windows Installer (MSI) technology, which allows administrators to remotely install patches to software using Active Directory administration tools, or other software deployment tools, through slipstreaming.

Note:  

  • For mixed 32- and 64-bit environments, follow these steps twice - patching the administrative installation files for both environments.

  • This installer only works for computer-based policy installation, not user-based.

  • The following steps assume that an administrative installation package has been created as described in Install DigitalPersona Workstation Remotely.

  • Some steps will vary depending on the operating system version.

  1. Update the installation package by opening a command prompt session and type the following command to patch the previously created installation package:

    Copy 
    msiexec.exe /a [path\name of original MSI file]
    msiexec.exe /p [path\name of updated MSP file]\ /a [path\name of administrative installation file]

  2. Redeploy the application:

    1. Start the Group Policy Management snap-in - from the Windows Server Manager Tools menu, select Group Policy Management.

    2. Right-click the GPO that governs the computers you want to update and select Edit. This will launch the Group Policy Management Editor.

    3. In the Group Policy Management Editor, navigate to Computer Configuration/Policies/Software Settings/Software Installation.

    4. Right-click the previously deployed DigitalPersona client software package and select All Tasks\Redeploy application. Confirm your intent to redeploy the application.

  3. Installation will begin on each client during the first reboot after the computer obtains the deployment policy (that is, during the next scheduled AD policy refresh or as a result of running GPUPDATE\FORCE on the local computer).

Install DigitalPersona Workstation using the Command Line

DigitalPersona Workstation can also be installed or uninstalled using MSI at the command line.

The syntax of the msiexec command is shown below and is followed by a description of the command line options, parameters and values available:

Copy 
msiexec /i setup.msi [INSTALLDIR=”<directory>”] [ADDLOCAL=<software>] [BIOMETRICDATA=<location>] [REMOVE=<software>] [TRANSFORMS=<list of transform files>] [/qn] [other MSIEXEC options]

Command Line Options

Options Description

/i

(Required) Indicates that MSI will be used to install the DigitalPersona software.

It must be followed by the full pathname to the setup.msi file.

/qn

(Optional) Hides the user interface when installing the software on the computer, allowing a “silent install.”

If used, it is placed at the end of the command line.

Parameters

The following parameters can indicate where the software should be installed on the computer and what components should be included or removed.

Parameters Description

INSTALLDIR

(Optional) Specifies the location where the DigitalPersona Workstation software should be installed. If a folder is not specified, the software will be installed in the following directory - C:\Program Files\DigitalPersona

ADDLOCAL

(Optional) Indicates which DigitalPersona Workstation features to install through one or more of the values listed in the next table.

BIOMETRICDATA

(Optional) Indicates where to store biometric data. Allowed values are:

  • "Remote" - (default, recommended) Store biometric data remotely on the central server, allowing to use it on multiple computers.

  • "Local" - Store biometric data locally on the computer's database. Only choose this option if your organization prohibits centralized storage of biometric data, or to support secure or small form factor fingerprint readers.

REMOVE

(Optional) Indicates which DigitalPersona software features to uninstall by providing one of the values listed in the next table. In combination with ADDLOCAL=ALL, indicates which features that are not to be included in the installation.

TRANSFORMS

(Optional) Use the TRANSFORMS parameter to specify a UI language other than U.S. English. Separate multiple transforms with a semicolon.

Do not use semicolons within the name of your transform, as the Windows Installer service will interpret those incorrectly. See the list of the available transform files.

ADDLOCAL and REMOVE Values

The table below lists the values that may be provided with the ADDLOCAL and REMOVE parameters and provides a description of each value:

Values Description

ALL

Installs all default (Typical) DigitalPersona Workstation components and features or removes all of the components and features that are currently installed.

Note: Typical features do not include Password Manager or Attended Enrollment.

Logon

Installs or removes the Windows Logon feature, One Touch Logon.

AttendedEnrollment

Installs the Attended Enrollment feature. Cannot be used with Remove parameter.

PasswordMgr

Installs the Password Manager feature. Cannot be used with Remove parameter.

Following are a few rules when using these parameters and their values:

  • If ADDLOCAL or REMOVE are not specified, msiexec will install the default (Typical) DigitalPersona Workstation features. The Typical features do not include Password Manager or Attended Enrollment.

  • Individual software features cannot be installed unless the All value was used with the ADDLOCAL parameter first.

  • To install DigitalPersona Workstation software for the first time while omitting one or more software features, use ADDLOCAL=ALL, followed by the REMOVE parameter with each software component you do not want to install separated by a comma.

    For example:

    Copy 
    msiexec /i setup.msi    ADDLOCAL=ALL REMOVE=Logon

About Transform files

DigitalPersona uses Transform (.mst) files to create an installation package for DigitalPersona components in the supported languages listed below. These files are located in the Bin directory of your product package.

When creating a package for a GPO install, select the Advanced option and then add the transform file from the Modifications tab. Ensure that the transform file is included in a folder that is shareable by the Active Directory server computer and all target client computers.

Language Transform file

French

1036.mst

German

1031.mst

Italian

1040.mst

Brazilian Portuguese

1046.mst

Spanish

1034.mst

Chinese Simplified

2052.mst

Chinese Traditional

1028.mst

Japanese

1041.mst

Korean

1042.mst

Uninstall DigitalPersona Workstation

You can remove DigitalPersona Workstation using the Add or Remove Programs option in the Control Panel or through MSI.

In the Control Panel, the Workstation software is listed as DigitalPersona AD Workstation.

You must have local administrative privileges to modify or uninstall DigitalPersona Workstation.