In this section you will find out real deployment examples and advices.

Prolonging trial time up to 60 days.

We realize that testing time of the Rohos Logon Key software requires more that 15 days. Therefore 15-day testing time can be extended to 60-days. Make a request to get a prolongation Registration Key in order to thoroughly test Rohos Logon Key in your company.

How to try Rohos Logon Key in the company?

Please read this chapter if you are going to use the solution in the company with more than 20 associates.
Rohos Logon Key offers such an innovation that affects Network Administration parts and company associates. Therefore we recommend trying it with the help of focus group:
Select a small department or group of computer users in the company where you can try Rohos password replacement solution with USB Keys;
You will need 10 USB flash drives for test.

Installation recommendations:

  • Do not disable login via manual password entry from the beginning of the test.

Divide your test into 2 stages:

  1. Test the general USB key login possibility within the focus group;
  2. Test all the USB Key login features during the actual rollout of the entire solution in the small department (room).

After that you can install Rohos on the rest of the network.

Example 1. Windows Active Directory based on the network. Local login.

Before you begin, read please our article about this task.

  1. First, install Rohos Management tools into your (Admin’s) workstation.
  2. Set up all USB Keys with all passwords fore each person, using USB Key Management utility;
  3. Install the application on the workstations using MSI package or simple application from our site;
  4. Hand out the USB Keys;
  5. Verify, if every user can login his account on every workstation with USB key.
  6. Launch Rohos Remote config application on administrator’s computer. Export the list of USB keys to each connected workstation.
  7. Using this application, configure all the workstations to check serial number of USB key.
  8. From now all the users can logon only with these USB keys.
  9. Now create a new usb key for any user but don’t export the information about it on other computers. It must be ignored by other workstations.
  10. Now the system is protected from home-made keys.
  11. Now is necessary to disallow the access without USB key. It is possible to realize in two ways:
    – for all the users, who you made a key for
    – only for several users, not matter, have you made the keys for them or not.

In first case, Using Rohos Remote config application, configure all the workstations to disallow login for listed users. Select a computer of the domain, and select for listed users from the list 2-factor authentication control type. Click Save settings.

In second case you need to create a new group with rohos name and add desired users there . Now, using Rohos Remote config application, configure all the workstations to disallow login for rohos user group. Select a computer of the domain, and select for rohos user group from the list 2-factor authentication control type. Click Save settings. Now these users can login only with USB key.

Note: this function will work only on workstations, where Rohos Logon Key application is installed. Simple export of configuration to the computer, where  Rohos Logon Key application is absent will not work.

Example 2. Protecting of the Terminal Server with Rohos Logon Key application.

  • Before you start to configure Rohos Logon Key for Remote desktop connection, visit please our article, regarding to this theme.
  • What application must we select to configure USB keys for remote connection to Terminal server? USB key manager or Rohos Logon Key? The answer is depending, what level of security do we need, and what type of USB key do we have.
  1. USB key manager supports the limited number of USB key types. You can see this list, if click Settings button on main window of this application.
  2. USB key manager application can not write a password in encrypted form on USB key. This is possible only with Rohos Logon Key application. By one hand it is an opportunity, because encrypted password is possible to use only on one computer – there, where this USB key has been prepared.  By other hand, the password in plain form is less secure, because everyone can see it, with using of USB key manager. (If he has got this key for a while)
So, If we use USB key manager, we can use only limited number of usb device types, and the password will be stored in plain form. But the speed of USB key preparing is rising significantly.
If we need the high level of security, or our key is not supported by USB key manager, We are forced to create all the keys in Rohos Logon key application on target computer. In our case – on terminal server via RDC connection. First we need to install Rohos Logon key application there and select the type of USB key.
For all the users the type of USB key must be the same. After the preparing of USB keys on target computer, in settings of Rohos Logon Key application automatically is installing the feature check serial number. So, a key will contain the password in encrypted form, and our system will be protected from home-made strange keys.
If we use USB key manager, the next step is – to export the list of USB keys to terminal server, to prevent the using of strange USB keys. Click on USB keys button on main window, in Users window click Export button. A .reg-file appears on your desktop. Move it to the server and import in Rohos Logon Key application, Users and keys window. For sure, you may just double click on it and the information about USB keys will be added to server registry. Open the settings of Rohos Logon Key application, More.. button, switch on the option check serial number.

Important: If you want to use USB Flash drive as a key for Remote connection, and check serial number option will be on, To prepare all USB keys use only USB key manager application. It is necessary, because real serial number of USB flash drive is not transmitted to server, during the preparing of the key in Rohos Logon Key application. We continue to work to add the possibility to store the encrypted password on USB key for this case.