|Applies To||RSA SecurID Reserve Password|
RSA Authentication Agent 6.0
RSA ACE/Agent 5.6 for Windows
RSA ACE/Agent 5.5 for Windows
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP
|Issue||How to control challenge order for RSA ACE/Agent local access protection|
Reserve Password not available with RSA ACE/Agent for Local Access Protection
Selected 'Challenge Users for local login', but no option to enable the Reserve Password
|Cause||RSA ACE/Agent has been installed with SecurID Challenge Before Logon option|
|Resolution||If you selected the SecurID Challenge Before Logon option when installing the agent, then the new SecurID Challenge Before Logon option makes the machine more susceptible to a dictionary attack. Therefore, RSA Security decided to disallow the Reserve Password function when this option is chosen. If you installed in this manner and wish to revert to SecurID Challenge after Windows Logon; you may change a registry setting:|
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. RSA cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
ACE/Agent has a registry hive; HKEY_LOCAL_MACHINE ++ SOFTWARE ++ SDTI ++SDGINA.
In this hive there is a value; ChallengeFirst: REG_SZ
Edit the value... A value of:
0 (Zero) allows for Windows auth then SecurID with reserve password ability.
1 (one) selects the SecurID Challenge Before Logon option, there will be no reserve password option.
|Legacy Article ID||a15948|