Rohos Management Tools includes Rohos Key Admin and Rohos Remote Config tools
that allows centralized authentication devices management and 2-factor authentication control.
Rohos Management Tools can be installed on AD Domain Controllers, AD Administrator’s workstation or any other PC.
USB Key manager utility.
If you have 10 or more users in your organization, you can use USB
Key management utility. It allows creating and editing logon profiles on
authentication media.
Features:
- Allows configuring authentication key for Windows login. You can issue authentication Keys for access into any computer in your organization;
- Centralized License management. Automatically uses license keys list to create pre-licensed authentication keys to simplify license management. With Pre-licensed USB keys you don’t need to enter the license key on each client PC where Rohos Logon is installed.
- Back up/restore operations allow to back up and restore authentication Key content (logon profile); The utility automatically names backup files and uses backup’s folder.
- PIN code security Set up a PIN code for authentication Key protection;
- Roaming profiles create and use roaming logon profiles on an authentication Key.
This will allow you to login into any computer on the network. - Copy/Paste operations allow copying/paste logon profiles between authentication keys.
- Setup USB flash drive for Remote Desktop Login (RDP) Copy Rohos Remote Login component into USB stick. Use this feature if you don’t want to install Rohos into any computer you log in from.
- Export and import of the list of keys and users.
Setup and using of Rohos Key manager:
The Rohos Management Tools package is a freeware, but to create the
keys it can use the license keys. During the creation of the authentication key, the
license information is being written on it, and is coping in options of
Rohos Logon Key application on target computer. So, Rohos Logon Key
application became activated.
NB!: Without of license keys, it creates a demo-KEY. To add the list of licenses, use Add licenses button, and paste the list of the keys, you have received by e-mail.
Now you can create and manage the USB keys from the administrator’s user account.
User profiles on authentication key:
Please note that you should correctly set up user profile on authentication Key according to your network environment.
Click on Settings button ant the bottom of main window of the application to select the type of authentication key.
For the moment, USB key manager lets to create the following types of authentication keys:
- USB-Sticks
- Aladdin etoken PRO
- Futako HiToken v22
- Futako JCardV2M
- Yubikey
- Mifare 1K RFID
With Add logon profile button you can create a new user profile on inserted authentication key.
To edit the existing one, select it and press Edit button.
Username. UPN format is supported (username@domain.com). You can write here the name of the user on the target computer or domain.
Password.
To view the password, click (*) button. If a password contains «***» at the beginning, it means it is encrypted. Encrypted password can be used
only on a single computer – there, where this key has been created in Rohos Logon Key application. In USB key manager you can write a password
in plain form only. This key will be suitable for many computers and RDC connection.
Domain. This field can
contain the name of the workgroup, terminal server, computer or domain.
Rohos Logon Key application uses this field to verify, if this key is suitable for authentication.
Important: If you are preparing the USB key for Remote connection, write entication – name of terminal computer.
- If you leave Domain field blank, this profile is suitable for every type of authorization.
Use Set PIN command to install the PIN code there where it is possible.
If a user enters the wrong PIN code for 3 times the Key gets blocked for login. Administrator may found blocked USB Keys serials and unblock them.
Remote Desktop button copies the portable Logon Key application to USB drive to configure the client computer for Remote
Desktop connection. Use it, when you:
- use USB Flash drive as a hardware key;
- don’t want to install Rohos Logon Key application on every client computer that you used to connect the terminal server.
Rohos Remote Config Utility
This utility allows the Administrator of Active Directory to change Rohos Logon Key settings over an AD network.
Rohos Remote Config Utility main window
- Allows to see and to edit the list of keys, registered in Active directory;
- Edit Rohos Logon settings in Active directory;
- Assign a name of user group, allowed to log in only with authentication key.
System requirements for Rohos Remote Config utility:
- Windows Active Directory environment;
- Rohos Logon Key should be installed on the client workstation;
- Administrator should be logged in as “Active Directory Administrator”.
How to use it?
- Launch the application;
- Create a database to store the Rohos setting (it will be proposed automatically, if the database doesn’t exist).
- To register a hardware key in Active directory launch Rohos Key manager;
- Change or write the name of the user group, allowed to log in only with 2-factor authentication;
- Install the settings of Rohos Logon Key application: Key removal behavior, Emergency logon, IP-filter, etc.
- Click Save settings.
MSI Package
Network Administrators can use MSI installation package to roll out pre-configured and registered (licensed) Rohos Logon Key software over all AD workstations/clients.
Benefits of Rohos Logon Key for networks:
Rohos Logon Key can be easily integrated into
existing infrastructures. It offers native support for Active Directory,
eDirectory ( with installed Novell Client) and Microsoft Windows
Terminal Server.
Security features:
- Two-Factor authentication, eliminating identity theft;
- Control access, giving only authorized personnel access, making data untouchable to all others, even upon theft;
- Quick and secure logon / lock/ unlock process;
- Automatic computer lock when USB Key presence is no longer detected;
- Easy deployment over network workstations using MSI installation package.
No difficulty:
- Removes the burden of remembering and entering and re-entering strong passwords;
- No PKI infrastructure needed.