Have one token imported per user on one Windows machine and have the token accessible for the user from any other Windows machine.
Install the RSA SecurID software token application on each server using the following properties:
- SETCOPYPROTECTION=FALSE to remove the binding of the token to the specific machine on which the token is imported; and thus to be able to find it on any other machine.
- SETSINGLEDATABASE=TRUE to remove the binding of the token to the specific user accessing the machine. The installation is still secured as the token is stored in the home drive of each user and cannot be accessed by any other user.
- SETDATABASEDIR=%AppData%\RSA to install the database containing the user’s software token to a location other than the default directory.
Notes:
- The database location above is for the Roaming folder which is shareable, if a user changes his actual workstation.
- The database location can be different if you want to put it on a shared drive, which is sort of a permanent but remote location, for example \\fileserver\users\%USERNAME%.
Standard RSA SecurID Software Token desktop application
Type in the command shown below on one line:
msiexec /qn /i pathname\RSASecurIDToken500.msi /lv c:\install.log SETCOPYPROTECTION=FALSE
SETSINGLEDATABASE=TRUE SETDATABASEDIR=%AppData%\RSA
RSA SecurID Software Token with Automation
Type in the command shown below on one line:
msiexec /qn /i pathname\RSASecurIDTokenAuto500.msi /lv c:\install.log SETCOPYPROTECTION=FALSE
SETSINGLEDATABASE=TRUE SETDATABASEDIR=%AppData%\RSA
The token is imported once on a server. When the token app is launched, the token is available without needing to reimport it.
This is a workaround for users who need to have access to their tokens from different locations.