Using the DigitalPersona LDS Administration Scripts

Some of the DigitalPersona LDS administrative functions are implemented through the use of VBScript.

These scripts are automatically copied to your computer during installation of the DigitalPersona LDS Administration Tools.

By default, they will be located in the following directory on the target computer:

Program Files\DigitalPersona\Altus Administration Tools\Scripts

The available scripts are:

• CountUtilizedLicenses

• CreateUserList

• DeleteCredentials *

• DeleteUserList

• FP+Pwd (Fingerprint plus Password)*

• RandomizePassword *

• UnlockAccount *

* Scripts designated by asterisks in the above list use text files (.csv) to input parameters to the scripts. These text files have the same name as the script with “UserList” added to the script name and a .csv extension. They require previous installation of the Microsoft Access Database Engine 2010 Redistributable in order to process the scripts. It is available for free download from http://www.microsoft.com/en-us/download/details.aspx

CSV Files

Each CSV file has a heading on the first line, “name.”

The names of users to be processed by the script are then listed, one to each line.

The user name listed must be the exact user names as shown in the DigitalPersona LDS database. These can be viewed and verified using the Microsoft ADSI Edit tool.

Running the Scripts

Run a script by double-clicking on it, or from a command prompt.

cscript CountUtilizedLicenses.vbs

You can also choose to output any script results to a text file.

cscript CountUtilizedLicenses.vbs >> results.txt

The purpose and use of each script is explained in the following sections.

CountUtilizedLicenses

This script counts the number of utilized DigitalPersona LDS licenses (that is, every user from either Active Directory or AD LDS consumes one license).

In the CountUtilizedLicenses file, under the Constants section, verify the server name and port specified for the constant C_Server.

If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

CreateUserList

This script creates a list of users specified in the CreateUserList.csv file.

DeleteCredentials

This script deletes credentials for those users specified in the DeleteCredentials.csv file.

1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

   If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

2. Find the GUID for the credential that you want to delete and copy it to the DeleteToken parameter “guidCredential”

3. Under the Setup section, verify the location of the associated DeleteCredentialsUserList.csv file and revise the strCSVFolder string as necessary.

4. In the associated text file, DeleteCredentials.cvs, list the user names whose specified credentials are to be deleted.

DeleteUserList

This script creates a list of users specified in the CreateUserList.csv file.

FP+Pwd

This script sets the User must user Windows Password and Fingerprint to logon flag for all users specified in the associated .csv file.

1. In the Fp+Pwd.vbs file, under the Setup section, edit the following variables:

   • strSearchAttribute - Enter the Active Directory attribute that is to be used to match rows in the CSV file to Active Directory user accounts.

     You should make sure to use unique attributes (for example, sAMAccountName (Pre Windows 2000 Login) or userPrincipalName).

     Other attributes can be used but are not guaranteed to be unique. If multiple user accounts are found, an error is returned and no update is performed.

   • strCSVFolder - Enter (or leave as default) the folder where the associated .csv file is located.

   • strCSVFile - Enter (or leave as default) the name of the associated .csv file.

2. Run this script from a command prompt in cscript mode (for example, cscript Fp+Pwd.vbs or cscript Fp+Pwd.vbs >> results.txt) to output the results to a text file.

RandomizePassword

This script sets the Randomize user’s Windows password and User must change password at next logon flags for all users specified in the associated .csv file.

To force the specified users to change their passwords on their next logon the Password never expires flag should not be set.

1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

   If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

2. Under the Setup section, verify the location of the associated RandomizePasswordUserList.csv file and revise the strCSVFolder string as necessary.

3. In the associated text file, RandomizePassword.cvs, list the user names whose passwords are to be randomized.

UnlockAccount

This script removes the lock preventing the use of a fingerprint credential or DigitalPersona password for authentication, for any users specified in the associated .csv file.

1. In the DeleteCredentials.vbs file, under the Constants section, verify the server name and port specified for the constant C_Server.

   If you are unsure of the correct information, you can find it in the AzMan.txt file, located (based on a default installation) at Program Files\DigitalPersona\Bin\AzMan.txt

2. Under the Setup section, verify the location of the associated UnlockAccountUserList.csv file and revise the strCSVFolder string as necessary.

3. In the associated text file, UnlockAccountUserList.cvs, list the user names whose accounts are to be unlocked.