Authentication Client Antivirus and 3rd party exclusions
For the most part the Specops Authentication client will play nice with Antivirus in displaying the dynamic feedback to the end user during password change, but if not the changes below are needed:
Sophos
Adding the following paths to the Global exception list. This will need to be done for each one of your domain, your domain controllers, as well as the authentication client file path:
\\domaincontroller1.domain.com\pipe\
\\domaincontroller2.domain.com\pipe\
\\domain.com\pipe\
C:\Program Files\Specopssoft\Specops Authentication Client\Specops.Authentication.Client.exe
***Please note domaincontroller1.domain.com, etc. are placeholders for your specific domain controllers and domain. It is not meant to be the exclusions placed within your environment .***
BeyondTrust
Adding the following paths to the exceptions list:
C:\Windows\System32\SpecopsClient\SecuredBrowser.exe
C:\Windows\System32\SpecopsClient\SecuredBrowserLauncher.exe
C:\Windows\System32\SpecopsClient\SecuredBrowserNet\runtimes\113.1.40.0\x64\CefSharp.BrowserSubprocess.exe
–the highlighted version will change depending on the version of the client and cefsharp being run.
Netmotion always On VPN
If you have NetMotion always on vpn in your environment. It is necessary to configure several options for the Cefsharp browser to function appropriately. Below are the rules necessary to do so:
Citrix
If you come across the issue that the Specops Autentication Client RulesUI does not show the password rules on a Citrix Server then changing the following registry values might solve it. The rules may already be shown but are out of sight due to the screen resolution being too small.
Change the LogonUIWidth to 1280 and the LogonUIHeight to 1024.
Location in the registry on the Citrix Server:
HKLM\Software\Wow6432node\Citrix\CtxHook\AppInit_DLLS\Multiple Monitor Hook\LogonUIWidth = DWORD:1280
HKLM\Software\Wow6432node\Citrix\CtxHook\AppInit_DLLS\Multiple Monitor Hook\LogonUIHeight = DWORD:1024
Note: The Citrix recommendation is to not configure and push out these registry changes with a group policy object.
SentinelOne
C:\Program Files\Specopssoft\Specops Authentication Client\Specops.Authentication.Client.exe
Palo Alto VPN Client
On a machine with the Global Protect VPN client installed, create or update the following registry key:
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect
Value name: wrap-cp-guid
Value type: REG_SZ (String Value)
Value data: {00002ba3-bcc4-4c7d-aec7-363f164fd178}
SafeNet Agent for Windows Logon
The Safenet Agent for Windows Logon needs to be told not to filter out the Specops Authentication Client by creating the following registry entry on any machine with the client installed on it:
Key path: HKEY_LOCAL_ MACHINE\SOFTWARE\Cryptocard\AuthGINA
Value name: DonotFilter
Value type: REG_SZ (String Value)
Value data: {00002ba3-bcc4-4c7d-aec7-363f164fd178}
WatchGuard MFA
The Watchguard MFA client needs to be told by the Specops Authentication Client that it can be wrapped:
Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Specopssoft\uReset\Client\CredentialProvider
Value name: WrappedCredentialProviderGuid
Value type: REG_SZ (String Value)
Value data: {BCB72349-6C97-4E3F-94B5-6EA045F85CA5}