SafeConsole Ready Devices require a reg key and certificate to be present on initialization to connect to SafeConsole.
The certificate and reg key of the SafeConsole can be pushed to the user accounts using a GPO, which will force the devices to connect to SafeConsole when they initialize.
- An Active directory template for the reg key is located at: https://[server]/safeconsole/res/SafeConsole.adm
- The certificate the you need to distribute is located at: https://[server]/safeconsole/res/SafeConsole.crt
- Certificate is only needed to register legacy device before 4.8.x or for admins who will be logging into the SafeConsole Server.
Active Directory Instructions:
These steps might differ depending on what Windows version you have installed.
- Download the .crt and .adm files from the above locations.
- Open the Group Policy Object Editor on your domain controller. You may create a new GPO or use an existing one.
- Add the safeconsole.adm file to User Configuration | Administrative Templates.
- Right click on the administrative template and choose “View > Filtering…”.
- Uncheck ”Only show policy settings that can be fully managed”.
- Enable the SafeConsole URL. Verify that it is correct.
- Go to “Computer Configuration | Windows Settings | Security Settings | Public Key Policies | Trusted Root Certification Authorities”.
- Choose “Import…” and browse to the SafeConsole.crt you downloaded.
- Make sure the GPO is distributed to the clients. Depending on your own Group Policy refresh timings you may wish to force a Group Policy refresh – , (start, run, gpupdate /force – or perform a reboot).
To check that group policy has been pushed to your workstation, you can use REGEDIT (other tools are available of course) to check the registry for the following entries:
- “My Computer\HKEY_Current_User\Software\Blockmaster\SafeStick”
- “My Computer\HKEY_Current_User\Software\Blockmaster\DTVPM”
To check that the certificate has been correctly distributed, you can try to access the SafeConsole administrative interface through Internet Explorer from a client machine. If you don’t get a certificate warning the certificate has been distributed.