Reference Lock and Unlock Settings for Manufacturing Environments.

Configuring your GateKeeper lock and unlock settings for your manufacturing environments. 

The shop floor and office floor environments have different user behaviors, security requirements, and operational workflows. On the shop floor, devices are typically shared across multiple shifts, and users may not have dedicated computers. In contrast, office users usually have personal workstations and operate in lower-traffic environments.

To accommodate these differences, we create separate configuration groups in the GateKeeper Hub, allowing for specific workflows for different departments.  How to create Groups from the GateKeeper Hub.

• Shop Floor Group: Optimized for shared workstation access, faster lock/unlock behavior, and stricter inactivity settings to maintain security in open environments.

• Office Group: Configured for individual use, with more lenient timeout settings and additional flexibility to support desk-based workflows.

These separate groups ensure GateKeeper functions effectively and securely based on the physical context of the workstation.

GateKeeper Proximity easily integrates with your existing workflow. For manufacturing industries, below are several examples, best practices, and optimal settings for using GateKeeper tokens, depending on the area in which you are using GateKeeper.

• Make sure your USB sensor and GateKeeper token are in line of sight to keep your workstation unlocked while you are actively working. 
  

   

Shopfloor Group

Lock Settings: How to change Lock Settings from the GateKeeper Hub.

• Train users to use the Button Lock method. While the Proximity Lock also secures the computer, locking the computer via button press ensures the computer is immediately ready for the next user, maintaining a fast workflow.
• These settings will lock the computer when unattended, ensuring security without interrupting active applications or background processes. Allowing users to switch quickly without interrupting their work.

*These are the recommended Lock Settings to ensure the PC remains unlocked while working. Please click the following link to learn how to make GateKeeper Lock sooner. 

Unlock Settings: How to change Unlock Settings from the GateKeeper Hub.

To meet CMMC compliance, users must use the GateKeeper token and PIN Login method, which incorporates two-factor authentication (2FA) requiring both the token's presence and PIN (knowledge factors).

Note:
When Windows Standard Login is set to "Disable" in the GateKeeper Hub settings, users will no longer see the default Windows username and password login option at the lock screen. Only GateKeeper login methods will be available.

• This is typically used in environments where password-based logins must be restricted for compliance or security reasons. Make sure all users have GateKeeper credentials properly registered; otherwise, they will not be able to log in.

When RDP Login is set to “Allow RDP Passthrough”, it enables RDP Passthrough as a valid login method for users assigned to the GateKeeper RDP Launcher.

With this setting enabled:

• When a user unlocks the local computer using their GateKeeper token + PIN,
• The RDP Launcher automatically initiates a Remote Desktop (RDP) session to the assigned remote computer and uses the stored RDP credentials (saved in the GateKeeper Hub) to log in without requiring the user to type anything else.
• This creates a seamless login experience: The user logs into the shared local computer once using GateKeeper, and GateKeeper automatically passes through to the RDP session using stored credentials — no additional prompts or manual RDP input.

Office Group

Lock Settings: How to change Lock Settings from the GateKeeper Hub.

• For office users, the Inactivity Lock is typically set to "Lock Workstation (15 minutes)". This configuration provides a balanced approach between security and usability: the workstation will automatically lock after 15 minutes of no keyboard or mouse activity, serving as a fallback in case the GateKeeper token remains in range (e.g., left on a desk).
• This ensures that unattended sessions are eventually secured without causing frequent interruptions. Additionally, the Proximity Lock feature will still lock the workstation more immediately if the user physically walks away with the token, while the 30-second out-of-range timeout helps prevent accidental locks from minor signal dips.
• This setup is ideal for office environments where users attend meetings or step away briefly but still require sessions to be secured if left idle for extended periods.

Unlock Settings: How to change Unlock Settings from the GateKeeper Hub.

To meet CMMC compliance, users must use the GateKeeper with the PIN Login method (2FA: presence and knowledge factors).

Note:
When Windows Standard Login is set to "Disable" in the GateKeeper Hub settings, users will no longer see the default Windows username and password login option at the lock screen. Only GateKeeper login methods will be available.

• This is typically used in environments where password-based logins must be restricted for compliance or security reasons. Make sure all users have GateKeeper credentials properly registered; otherwise, they will not be able to log in.

When RDP Login is set to “Allow RDP Passthrough”, it enables RDP Passthrough as a valid login method for users assigned to the GateKeeper RDP Launcher.

With this setting enabled:

• When a user unlocks the local computer using their GateKeeper token + PIN,
• The RDP Launcher automatically initiates a Remote Desktop (RDP) session to the assigned remote computer and uses the stored RDP credentials (saved in the GateKeeper Hub) to log in without requiring the user to type anything else.
• This creates a seamless login experience: The user logs into the shared local computer once using GateKeeper, and GateKeeper automatically passes through to the RDP session using stored credentials — no additional prompts or manual RDP input.

The Remember Previous User setting allows the same GateKeeper user to unlock the workstation without re-entering their PIN if they return within a specified time window after locking the computer. This enhances user convenience by streamlining access during brief periods away from the workstation.

• Note, this feature is not CMMC-compliant, as it maintains session continuity without requiring full re-authentication, which may conflict with strict security or privacy requirements.

For any additional questions or concerns regarding faster 2FA, proximity settings, computer locking, password management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.