CLASS MACHINE CATEGORY !!SoftwareSettings CATEGORY !!RSASecurIDToken POLICY !!DisableDeleteTokens KEYNAME "Software\Policies\RSA\Software Token" ; The SUPPORTED construct is only for windows versions XP and onward, so it has to be if def'ed #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!DisableDeleteTokensExplain VALUENAME "DisableDeleteToken" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!CTKIP_URL_Configuration KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!CTKIP_URL_ConfigurationExplain PART !!URL EDITTEXT VALUENAME "CTKIPURL" MAXLEN 1024 END PART END POLICY POLICY !!AllowOnlyOneToken KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!AllowOnlyOneTokenExplain VALUENAME "OnlyOneToken" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DeviceWhitelist KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!DeviceWhitelistExplain PART !!Whitelist EDITTEXT VALUENAME "ValidDevices" END PART END POLICY POLICY !!SetVPNMode KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!SetVPNModeExplain VALUENAME "VpnMode" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DisableChangeTokenNamePolicy KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!DisableChangeTokenNamePolicyExplain VALUENAME "DisableChangeTokenName" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!DisableSetDevicePasswordPolicy KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!DisableSetDevicePasswordPolicyExplain VALUENAME "DisableSetDevicePassword" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY POLICY !!TokenRenewalURLPolicy KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!TokenRenewalURLPolicyExplain PART "Token Renewal URL" EDITTEXT VALUENAME "TokenRenewalURL" MAXLEN 1024 END PART END POLICY POLICY !!TokenExpirationNotificationPolicy KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!TokenExpirationNotificationPolicyExplain PART "Expiration in days" NUMERIC MIN 0 MAX 60 DEFAULT 30 SPIN 1 VALUENAME "TokenExpirationNotification" END PART END POLICY POLICY !!ActivationCodePolicy KEYNAME "Software\Policies\RSA\Software Token" #if version >= 4 SUPPORTED !!SUPPORTED_RSASecurIDToken #endif EXPLAIN !!ActivationCodePolicyExplain VALUENAME "ActivationCode" VALUEON NUMERIC 1 VALUEOFF NUMERIC 0 END POLICY END CATEGORY END CATEGORY [strings] SoftwareSettings="Software Settings" RSASecurIDToken="RSA SecurID Token" DisableDeleteTokens="Do not allow users to delete software tokens" DisableDeleteTokensExplain="Enabling this option means that users cannot delete tokens.\n\nWhen this policy is disabled, a user can delete the active token (the token the user is currently using or the last token to be installed). If a user deletes the only token or the last remaining token, the user is prompted to import a new token." CTKIP_URL_Configuration="Specify a CT-KIP URL to use for downloading software tokens" CTKIP_URL_ConfigurationExplain="Adds the URL of a CT-KIP web service to the Windows registry. This prefills the URL field in the Import from Web option, so that the user does not have to enter the URL. To download a token, the user only enters an activation code.\n\nIf no URL is specified, the user must enter a URL and an activation code to download a token." URL="CT-KIP URL" AllowOnlyOneToken="Allow only one software token" AllowOnlyOneTokenExplain="Restricts the number of tokens that each user can import to one token. Importing a second token overrides the existing token.\n\nWhen this policy is enabled, each user can import only one token to use with the RSA SecurID application.\n\nWhen this policy is disabled, each user can import as many tokens as the administrator allows." DeviceWhitelist="Specify a device whitelist" DeviceWhitelistExplain="Identifies a list of supported devices to which users can import tokens.\n\nThe device whitelist consists of a comma-separated list of Globally Unique Identifiers (GUIDs).\n\nFor example:{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx},{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx},{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\n\nIf you specify a whitelist, users can store tokens only on devices included in the list.\n\nIf you do not specify a whitelist, users can store tokens on any device recognized by the system and allowed by the token's device binding settings." Whitelist="Device Whitelist" SetVPNMode="Set the VPN Mode" SetVPNModeExplain="The Cisco VPN Client requires a special policy setting to ensure that it can function properly on Windows 2000 and Windows XP when users log on to the VPN client with tokens stored on a TPM or biometric device.\n\nBy default, this policy is enabled. If you use Cisco VPN Client, you must disable this policy. If you use a VPN client other than Cisco, do not change the default policy setting. DisableChangeTokenNamePolicy="Do not allow users to change the token nickname" DisableChangeTokenNamePolicyExplain="Prevents users from changing a token nickname assigned in Authentication Manager." DisableSetDevicePasswordPolicy="Do not allow users to change the device password" DisableSetDevicePasswordPolicyExplain="Prevents users from setting a device password on tokens stored on the local hard drive. Removes the Change Device Password option from the Token Storage Devices screen." TokenRenewalURLPolicy="Specify a token renewal URL" TokenRenewalURLPolicyExplain="Used with the token notification expiration policy. Displays a URL link in the Token Expiration Notification dialog box. For example, this could be the URL of the RSA Credential Manager portal where the user can request a replacement token." TokenExpirationNotificationPolicy="Days before token expiration notification is displayed" TokenExpirationNotificationPolicyExplain="Configures the application to display a dialog box informing the user 1 to 60 days before a token is about to expire.\n\nIf used with the token renewal URL policy, adds a link to a URL where the user can request a replacement token." ActivationCodePolicy="User SID for CT-KIP activation code" ActivationCodePolicyExplain="Specifies that the user SID should be used as the CT-KIP activation code.\n\nFor auto-import of a token, The CT-KIP URL policy must also be set." SUPPORTED_RSASecurIDToken="RSA SecurID Token 4.0 or later."