Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Specops Authentication Client Configuration for Multi-Domain Environments

In multi-domain Active Directory deployments of Specops uReset, the Specops Authentication Client requires additional configuration to determine the location of the Specops configuration in Active Directory.

The Specops Authentication Client will work out of the box for client workstations in the same domain as the Gatekeeper servers. For clients in all other domains, we must explicitly tell the clients which domain path to query for uReset settings.

Identify the Settings Container Location

We can get the configuration root from the Windows registry on any Gatekeeper server.

Check the following value:

Path: HKEY_LOCAL_MACHINE\SOFTWARE\Specopssoft\Authentication\Gatekeeper\Settings
Name: SettingsRootDn
Data: DN of root configuration

The settings container is beneath the root DN. Add “CN=Settings,CN=SpecopsAuthentication,CN=Specops,” to the beginning of the root DN path, e.g.:


Configure Multi-Domain Clients using Group Policy

Set up a Group Policy Object applied to computers where the Specops Authentication Client is installed. Configure the following settings in the ADMX template:

Computer Configuration/Policies/Administrative Templates/Specops Authentication Client/General Client Settings:
Overridden settings container: Enabled. Distinguished name to settings container configured with the path identified in the previous section.

Type of reset system: Enabled, set to uReset for Specops Authentication.

Configure Multi-Domain Clients using the Registry

Set the settings container DN and type of reset system values in the registry:

Windows Registry Editor Version 5.00


June 8, 2022

Was this article helpful?

Related Articles