Rohos Logon Key v.3.1

Rohos Logon Key v 3.1 allows you to implement a two-factor authentication policy, based on a user list or user groups in Active Directory. This allows you to verify two-factor authentication and apply it step by step. New features:

Improved option Allow login only using a USB key
Added function Check Key Serial Number. It restricts the keys allowed for login.
Configurable messages for users have been added: in the login window, in the Rohos Logon Key main program window, and in the key settings window.
Added Users and Keys dialog box for viewing and managing the list of created keys and users.
Changed licensing policy: a Server License for Windows terminal service has been added. Now the license covers the computer. The RFID token license has been withdrawn.
The Rohos Management Tools program suite is now provided free of charge.

Login only with a USB key

Now the option Allow to login only by using USB key allows you to create a two-factor authentication policy. It replaces the older, analogous option that only allowed you to make excepts from the general rule. This innovative function can be applied to local and remote logins, or only to logins from a remote desktop.

RLK3.1-1

Choices offered:

None – All users can log in with a password or a USB key.
For any user – This option is analogous to the old one — Allow login only by USB Key. All users will have to use a USB key to log in to Windows or unblock a Windows session.
For listed users – Only users on the list are required to use a USB key to log in. All other users can log in using a password. The list is created automatically when a USB key is created for a given user. The username for which the USB key is created will be added to this list.
For ‘rohos’ user group in Active Directory – Each user in the ‘Rohos’ group is required to use a USB key. Note: the ‘Rohos’ user group should be created by the Active Directory administrator.
For Remote desktop login – Local users can log in with or without a USB key. Remote login is only possible with a USB key.
For Remote desktop login outside LAN (Experimental function) – Remote users in the local network can also enter the server without a key. Only users logging in over dialup, a DSL connection, or also from other networks, are required to use a USB key.

Users and keys dialog

Now Rohos Logon Key creates its own list of users who have a USB key and its own list of registered keys. Click on Users and Keys in the main window:

RLK3.1-2

RLK3.1-3

The Users and Keys dialog allows you to:

View the list of users for which USB keys have been created;
View the list of registered keys (and their serial numbers);
Remove usernames from the list. This gives users the right to log in without a key by using a password;
Remove keys from the list. This will not allow using a key on a particular computer;
Temporarily block users from access to this computer.

Updates in additional settings

Click on the More… button in the Options dialog. This will help you set several important options.

RLK3.1-4

Check USB Key serial number.

If this option is enabled, Rohos will only accept USB keys on the list of Users and Keys. It is disabled by default and will be automatically activated when keys are created on this computer.

Protect save mode boot with USB key also

In safety mode it is also possible to log in with a USB key. In addition, if a user is prohibited from logging in without a key, this user will also be prohibited from doing so in safety mode.

Logon Notice

This text will be shown in the Windows login window next to the Rohos icon. You can use this to provide instructions to users for how to log in with a USB key.

Configurable messages for users

Rohos Logon Key v.3.1 allows you to set messages for users who are installing and using the program. The setup-info.txt file contains configurable text for messages. You place this file in the same folder as the Rohos Logon Key distributable (rohos_welcome.exe) and it will be used by the installation setup wizard.