Managing DigitalPersona LDS

DigitalPersona provides a full complement of features, tools and utilities to assist the administrator in managing various aspects of the product, as well as expanding the functionality of the product.

Some of these tools and utilities are included in the product packages for either DigitalPersona LDS Server or DigitalPersona LDS Workstation. Others are available as separate modules, which may be obtained from your HID Global Account Manager or product Reseller.

DigitalPersona Administration Tools

The Administration Tools include the following components and are part of a separate installation package included in the DigitalPersona LDS product package.

They are installed by default through the installation wizard and may be deselected during installation by choosing a Custom install:

Additional DigitalPersona LDS administrative functions are implemented through the use of VB script. These scripts are automatically copied to your computer during installation of the DigitalPersona LDS Administration Tools.

Finally, the ADSI Edit tool can be used to directly configure certain attributes in the DigitalPersona database.

Note: The Hardware Token Management Utility is not shown in the Custom installation dialog and cannot be deselected.

Attended Enrollment

DigitalPersona Attended Enrollment is an optional feature of the DigitalPersona client software, DigitalPersona LDS Workstation.

It’s installation and features are addressed in Installing DigitalPersona LDS Workstation. However, there is a small amount of setup that must be performed in Active Directory by an administrator. Instructions for setup are contained in Setting Up Attended Enrollment.

About GPO Settings

Most of the settings that govern the features and behavior of the DigitalPersona LDS solution are controlled through Active Directory GPO settings (see Policies and Settings). Additional settings and behaviors may be configured though Microsoft’s ADSI Editor and through custom VB scripts.

We strongly recommend managing all DigitalPersona policies through a separate GPO linked to an Organizational Unit (OU), and avoiding making any changes to the “Default Domain Policy.”

However, GPO settings that are left “Not Configured” in Active Directory may be configured by the local administrator by installing the GPMC Extensions feature from the Administration Tools component to a computer. Local settings that are configured will then be effective for all users on the specific computer.

Whenever a setting is configured (enabled or disabled) in Active Directory, the local administrator cannot modify the setting for the local computer.

For this reason – especially if the needs specific to your environment require you to provide end users with local administrative privileges – HID Global strongly recommends IT Administrators explicitly configure each desired setting in Active Directory, rather than relying on default behaviors associated with the unconfigured state.

About Credentials

Passkeys

If passkey (device-bound or synced) credentials will be used with DigitalPersona Web Components (Identity Provider, HID DigitalPersona Administration Console or HID DigitalPersona Enrollment), the Web Management Components module should be installed and configured prior to any user enrolling a passkey credential.

If a passkey credential is enrolled through the DigitalPersona Workstation User Console, prior to the successful configuration of the Web Management Components, the credential will not roam and cannot be managed through HID DigitalPersona Enrollment or used to authenticate to any DigitalPersona web-based component.

Bluetooth Credentials

Enrollment of the Bluetooth credential is not supported in the DigitalPersona Web Enrollment application.

Topics in this section: