How to prevent users from changing settings.

Restrict options for end user to change lock/unlock settings

Admins can control what features are available to end users from the GateKeeper Hub. All computers in the same Group will be subject to the same configurations for locking, unlocking, and password complexity.

1) Login to your GateKeeper Hub.

2) Click on Group Settings on the left side.

3) Find the Group you would like to make changes to and click "Manage Settings" to the right of the Group's name.

4) Now you can edit lock settings, unlock settings, advanced settings, and limit the features end users have control over on their client computers.

LOCK SETTINGS

Below are the options for each setting, along with their explanations for the Proximity Lock Method and Button Lock Method.

Inactivity Lock Method: will lock the computer if the user is inactive (no keyboard or mouse activity) for the specified time. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the drop-down menu. Note 1: For macOS, Lock Workstation and Logout options are not supported. Note 2: For Windows 7, it is recommended to use Disconnect Session instead of Lock Workstation.

• Set on Client computer
• Lock Workstation
• Disconnect Session (Switch User)
• Transparent Lockscreen Lock
• Logout
• Disabled

Token Out-of-Range Timeout: feature allows you to set a timer for how long the computer will remain unlocked if suddenly the software receives no data from the token. Sudden signal loss can happen if a user places their hand over the token or buries it in their pocket. This feature is set in 15-second increments.

• 15 Sec
• 30 Sec
• 45 Sec
• 60 Sec

Lock Range: feature in GateKeeper that allows users to define a specific range or distance with their GateKeeper token that will automatically lock their PC.

• Close (6-12 feet)
• Normal (10-15 feet)
• Far (15-25 feet)
• Out of Range Only (>25 feet)
• Set on Client computer

Lock Delay: delays locking the computer after a lock decision has been made for this time period. Choose a value for this delay if you want to prevent the computer from locking immediately when you walk away. Important: This lock delay will only apply when the computer is locked due to proximity.

• Set on Client computer
• 0 Sec
• 15 Sec
• 30 Sec
• 45 Sec
• 60 Sec

Change User Without Locking the Computer: Enable this setting to show a screen with nearby users when the current user has moved away from the computer. A new GateKeeper User can be chosen to continue the session without locking the computer. Use this option if you want to continue the same Windows session with a different GateKeeper User after the current user moves out of range.

• Set on Client computer
• Enable
• Disable

Operating System Timeout disables your screen saver from starting when your computer times out. Choose the appropriate option to keep your timeout policy enabled or disabled. If your timeout policy is set by your network administrator, this setting will not override the network policy.

• Set on Client computer
• Enable
• Disable

Disconnect Remote Session allows users to enable or disable disconnecting remote sessions when the local computer is locked. This requires the client version to be 3.9 or higher, and the GateKeeper Remote application to be installed on the remote computer.

• Set on Client computer
• Enable
• Disable

Motion Detection Sensitivity: is useful for adapting your locking and unlocking experience in different environments. High setting motion sensitivity will allow the computer to lock quicker. If the system is locking too much while you are sitting at your desk, reduce the motion sensitivity to Low.

• Set on Client computer
• Low 
• Medium
• High

Signal Quality Bias Factor: Add bias to signal quality to prevent computers from locking while you are working. A positive bias improves the signal quality while a negative bias reduces it. If the signal quality is too low, add a positive bias. If it is too high, add a negative bias.

• Set on Client computer
• Signal -10
• Signal -5
• Normal
• Signal +5
• Signal +10

UNLOCK SETTINGS

Login and Unlock Method

Off-Hours Login and Unlock Method

Require Windows Password

Unlock Range: settings refer to a feature in GateKeeper that allows users to define a specific range or distance within which their GateKeeper token will automatically unlock their computer.

• Close (0-5 feet)
• Normal (3-10 feet)
• Far (8-15 feet)
• Set on Client computer

Remember Previous User: GateKeeper can be set to automatically unlock the computer if the user comes back to the same computer within this Remember Previous Login Timeout period. Only applicable when the Unlock Method is set to GateKeeper with PIN Login.

Force User to Enter PIN: GateKeeper can force users to type their PIN to log in, irrespective of their chosen Unlock Method, if the user comes back to the computer AFTER this PIN Login Timeout period. Use this to force users to confirm their identity at required intervals. If the timer is set to 1 hour with the Automatic Login mode, then the users will be required to log in with their PIN after every 1 hour.

Delay Qutomatic Login: 

Windows Standard Login

ADVANCED SETTINGS

Here, you can manage all the options available to end users on their Client-side computers. Restrict certain features or let end users make their own configurations.

Default Authenticator for Login: Choose the default authenticator between Bluetooth Token, NFC, and RFID cards, or Email with OTP, for login to all computers in this group. IMPORTANT: This setting will be ignored if it is set in Global Settings.

Always Connected Mode: Enable Always Connected mode for the computers in this group. This is a more secure mode where credentials are not cached locally, but only retrieved from the Hub AFTER the user logs in. Only enable this mode if the client computers will ALWAYS have a connection to the Hub server. IMPORTANT: This setting will be ignored if it is set in Global Settings.

Application Password Manager: Application Password Manager allows users to save and retrieve passwords for their desktop applications. The application passwords are saved as part of the user's profile and are available to them directly on the desktop application through the GateKeeper Application Password Manager utility.

Notifications: Enable or disable receiving notifications from the GateKeeper client application.

Show Connect User Windows: Show the Connect User window if a non-GateKeeper login is detected.

Self-Registration:Allow users to self-register through the client application.

Change server address through client application:

Allow or prevent GateKeeper users on the client application from changing the connection to the Hub server. This option should be disabled so that users cannot disconnect the computer from the GateKeeper Hub network.

Global Settings

Located in the Hub in the Group Settings tab, next to the Add Group button.

Authentication Settings

Authenticators: Choose what authentication device you will use to access computers on your network.

• GateKeeper Bluetooth Tokens: GateKeeper Halberd or Trident App soft token for smartphones.
• NFC and RFID cards: Use an NFC or RFID card to log in to your computer.
• Email and One-Time-Passcode (OTP): Allow users to log in to computers using their email address and an OTP if they don't have their GateKeeper Token.

Global Authentication Method: Choose the default mechanism to log on to computers. You can either set the default authenticator for login to the GateKeeper Bluetooth tokens, NFC, and RFID Cards, or Email and One-Time-Passcode generated via an Authenticator app on your phone.
Important: This authentication method can be overridden on a per-group basis.

Global Always Connected Mode: Enable Always Connected mode for all the computers in the system. This is a more secure mode where credentials are not cached locally, but only retrieved from the Hub AFTER the user logs in. Only enable this mode if the client computers will ALWAYS have a connection to the Hub server.
Important: This Global Always Connected Mode setting can be overridden on a per-group basis.

Global Computer Access Enabled for New Users by Default: Allow new GateKeeper users to access every computer connected to this GateKeeper Hub by default. This setting can be changed for individual users in the Users section.
WARNING: Providing global computer access means that the user will be able to authenticate with their token on EVERY GateKeeper-enabled computer in the organization.

Computer Access Lock Rules: Choose the settings to lock GateKeeper access to computers after multiple failed login attempts. You can set the number of failed login attempts, duration of access lock, and other parameters here.

Work Hours: Define the organization's work hours to customize GateKeeper's activity on/off work hours.

User Settings

Allow User Profile Update: Allow users to update their profile (Name and Email) from the client application. If disabled, users will not be able to update their profile from the client application.

Active Directory  Password Expiry Warning (Days): Set the number of days before the Active Directory password expiry date to warn users to change their password. The minimum value is 5 days. If set to 0, users will not be warned.

Allow Multiple Tokens per User: Allow multiple tokens to be added for each user in GateKeeper. A user can have multiple tokens assigned to them and use any of them for computer access and authentication.

Allow Users to Add Passwords: Allow or prevent GateKeeper users to add more passwords to their profile. These can be computer, web, phone app, and desktop app passwords. We recommend keeping this option enabled for your users.

Allow Users to Add Tokens: Allow or prevent GateKeeper users to add new tokens to their profile. We recommend disabling this option if you want only Hub Administrators to manage tokens for your users.

PIN Complexity: Choose strength requirements for the GateKeeper PINs. You can set minimum length, character, number, and special character requirements for the PIN.

Secure Key Exchange: Exchange a secure key with your GateKeeper token to make it cryptographically unique. This will enhance the security of proximity authentication by auto-verifying one-time passcodes sent by the token.

Firmware Update: Enable the client software to update the firmware of GateKeeper tokens. Please make sure to have the latest version of the GateKeeper Client software running on all computers before enabling firmware update.

Warning: This will cause GateKeeper tokens to stop working with version 3.6.9 and prior.

For more questions on software for proximity authentication, please read more at www.gkaccess.com or reach out at info@gkaccess.com or (240) 547-5446. 

-------------

Change group settings; GateKeeper group settings change; Edit settings; let end users configure settings; don't let end users configure settings; different settings for different people; different ranges; set different ranges for different people; let people add new users; add new users from any computer; add new keys from anywhere; let people add their own key fobs; let employees add new GateKeeper keys; let people register new computers; let people change servers; let people change server addresses; how to I change server address on computers; change PIN requirements; control options; limit options; limit changes; don't let them change settings; fixed settings; lock settings in place; control all computers; master computer; master key for computers; admin controls; controls for admins; master controls; gatekeeper administrator controls; admin login for gatekeeper; gatekeeper admin log in; Limit options for client-side settings.; Limit options for end users to change lock settings.; Limit options for end users to change unlock settings.; don't let users change settings; How to prevent users from changing unlock settings.; How to prevent users from changing lock settings.; How to prevent users from changing login settings.; How to prevent users from changing logout settings.; How to prevent users from changing range settings.; How to prevent end users from changing admin setting.; fix settings in place; don't let anyone change settings; lock in settings;