AuthLite Interactive Documentation
FEATURES: What can AuthLite Do? TOKEN TYPES: What "Factors" are supported? INSTALL: How and where to install AuthLite? CONFIGURE AuthLite for your needs CHOOSE USERS: Choose 2-factor Users ENFORCE 2-factor Logons ADMINISTER AuthLite Tokens LDAP logon support/enforcement VPN and RADIUS Configuration How to Log In Event Logging

Administrative Template for settings

In a domain environment, most AuthLite settings are stored on domain controllers, in the data partition. These settings are automatically applied by all AuthLite-aware systems as needed. But certain settings are server-specific and stored in the registry.

In order to deploy a per-machine setting administratively to a group of systems, you can use a group policy Administrative Template. Save the following lines as a Unicode text file with an .adm extension:

CATEGORY "SOFTWARE\Policies\Collective Software\AuthLite\<etc>"
  POLICY <name>
  KEYNAME "SOFTWARE\Policies\Collective Software\AuthLite\<etc>\<name>"
    PART <settingname> EDITTEXT
    VALUENAME "<settingvalue>"

Where the <values in brackets> depend on what setting you are trying to control. You can then load this adm file into the group policy editor, in the "Administrative Templates" section of the Computer Configuration, and assign a value. This setting will then be applied along with the rest of the machine policy.

Note that the AuthLite Service only reads some settings on start up, so changing its values via policy will not have an immediate effect, even if you run "gpupdate" and apply the policy immediately. For other settings there is a 20 minute cache timeout.

See this KB article for information on deploying AuthLite software unattended, via Group policy.