Dell Data Protection Access installation is a straightforward activity. The challenge comes when you need to configure the application with specific settings that are needed for a deployment. Dell Data Protection Access is one of the additional system tools that are available for the high end models from Dell. These tools can be installed to add additional features to support security and authentication.

Installation can be done in a silent/unattended mode (setup.exe -install -silent). Two reboots were required during my deployment. First installation run was needed to install the drivers, initiate reboot and run the installation again. After second reboot Dell Data Protection Access shortcut was available from the Start Menu. I am using Microsoft ConfigMgr 2007 (SCCM) with Windows 7 Enterprise clients.

My ultimate goal was to create an automated installation procedure with all required settings, when finished it is completely ready to the end users. The installation should happen automatically and in the background, and all settings should be set during the installation.

After the installation the Dell Secure login should be enabled as shown below.

Unfortunately I could not find any information with the installation or on the Internet how to configure certain settings to enable fingerprint and password for logon. These settings can be set from the general options but no parameters during the installation or an optional configuration file. When the Dell Data Protection Access application is installed it will run in the password only mode (which doesn’t change anything as before to logon).

Dell Data Protection Access – Welcome Screen

Dell Data Protection Access – Customize Access Options

Here you see default settings for Access Options.

The following options are available to set “Windows: How would you like to login?”

By Default “Password Only” is set. There are no options within the installation to enable one of these other options. You could change these general setting manually on each workstation. For an enterprise deployment these settings are often required to be set over a script or Group Policy. All settings are stored in Windows registry. The location of the settings is:

HKEY_LOCAL_MACHINE\SOFTWARE\Wave Systems Corp.\Authentication Manager

There are two settings required to make this configuration work.

• HKEY_LOCAL_MACHINE\SOFTWARE\Wave Systems Corp.\Authentication Manager\Enable Wave Secure Login – REG_DWORD needs to be set 1
• HKEY_LOCAL_MACHINE\SOFTWARE\Wave Systems Corp.\Authentication Manager\LogonPolicy – REG_SZ needs to be set with one of the options below. I am using PWD | BIO enable “Fingerprint” or a “password”

The following list shows other options that can be used in combination with a Fingerprint reader:

• Password only – Default (no additional registry)
• Fingerprint or password – PWD | BIO
• Fingerprint and password – PWD & BIO
• Fingerprint Only – BIO

I didn’t have a smartcard to test the remaining ones. After these two settings have been applied please make sure to reboot. After the reboot new logon screen will be available. User communication and training should be part of rolling out these settings and enabling of a fingerprint logon.

I will use the following two command-lines to enable these settings after the installation has completed:

reg add "HKLM\SOFTWARE\Wave Systems Corp.\Authentication Manager" /v "Enable Wave Secure Login" /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\Wave Systems Corp.\Authentication Manager" /v "LogonPolicy" /t REG_SZ /d "PWD | BIO" /f

Now both fingerprint or password can be used for logon. Managing fingerprints can be done without too much effort and user training.