ControlSphere Preferences

ControlSphere Preferences are grouped by their functional areas and organized as tabs

	General Preferences
	Logon Service Preferences
	Product Protection Preferences

General Preferences

These preferences are related to general product functionality.

Token type to use with ControlSphere

Select a hardware token type or middleware interface to be used by ControlSphere for scanning and accessing hardware token devices.

ControlSphere Services to enable

There are three general services of ControlSphere product: Logon, Disk and Data Encryption and Password Manager services.
Select a desired subset of services/components to enable. ControlSphere will hide the unneeded features for the disabled services.

Token-less recovery options

Enable Token Image file usage for recovery purposes

ControlSphere provides an ability of a direct data usage right from the Token Image files as they would be physical hardware devices themselves. This approach simplifies the recovery process should the token be lost, stolen or forgotten at home.

In addition to that, a user can enable direct usage of Token Image files for ControlSphere Logon and boot-time hard disk encryption processes. This will allow secure logon to the PC and boot-time encrypted volume mounting with one of the pre-configured Token Image files in addition to hardware token devices.

ControlSphere will prompt to select Token Image to use in case there are multiple Token Image files are referenced for recovery purposes in the configuration.

User will need to click the Token-less logon with preconfigured token image link to initiate the token-less logon on Windows 2000/XP or click the Encrypted Token Image - Recovery Logon/Unlock on Windows Vista.

Logon Service Preferences (applies to Logon Service of ControlSphere only)

Logon Service of ControlSphere has a number of customization options.

Authorized (logged-on) token monitoring

What to do on authorized token removal

This configuration item defines which action to take when an authorized token is removed from port adapter (USB port or smart card reader). The following options are available for selection:
Lock PC:	ControlSphere will lock computer screen and input devices until unlocked on further re-authentication. We recommend setting is as a default action.
Logoff:	ControlSphere will logoff logged-on user forcibly. Note that logoff action will force user processes to terminate and user may lose unsaved work results.
None:	ControlSphere will take no action on token removal event and its removal will not be monitored.

Reaction time (countdown)

You can select reaction time for both Lock PC and Logoff options. ControlSphere will display action countdown window on authorized token removal event if the delay is set.

Reaction time may vary from instant action to 30 second delay. We recommend enabling delayed action feature since it gives user a chance to reconnect the token if it has been removed by an accident without changing state.

Emergency lockup actions on token-based computer lock event

ControlSphere provides a possibility to take extra security measures on token-based computer lock event. We recommend using these options in multi-user environment where it is necessary providing higher confidentiality.

Dismount all user-mounted encrypted volumes and archives

Select this option to automatically dismount all user-mounted encrypted volumes and encrypted archives of ControlSphere on token-based computer lock event. The User Home Drive volume (if any) will also be dismounted in this case.

Force the following programs to close (if running) on lock event

Select this option to automatically close a desired list of programs (if running) on token-based computer lock event. This ensures that there will be no (possibly) secret information left available once the computer is locked.
You can add or remove the managed programs to/from the list. ControlSphere will propose to choose one from a list of currently running programs or select a program path manually when a user clicks the "Add" button.

Additional Security Settings

Disable manual logon for non-administrative users

By selecting this option ControlSphere disables manual keyboard-based logon with "Ctrl+Alt+Del" key combination for non-administrative users on Windows 2000/XP and will prevent such users from logging on to Windows Vista. As a result PC Logon for such users will be allowed with a ControlSphere token only. Please use this option with a great care since it may potentially lock you out of your PC. It is recommended to enable this option not earlier than token logon has been fully tested.

Disable manual logon for all types of users

By selecting this option ControlSphere disables manual keyboard-based logon with "Ctrl+Alt+Del" key combination for all types of users on Windows 2000/XP and will prevent such users from logging on to Windows Vista. As a result PC Logon will be allowed with a ControlSphere token only. If this option is selected, no manual administrative logon will be allowed as a backup option in case of token hardware problems. Please use this option with a great care since it may potentially lock you out of your PC. It is recommended to enable this option not earlier than token logon has been fully tested.

Disable Safe Mode boot on this PC (not available in ControlSphere for Windows Vista)

By selecting this option ControlSphere disables safe mode boot. ControlSphere is not activated when booting up in Safe Mode. Safe Mode boot can be disabled to avoid this. However, disabling Safe Mode boot may lead to unbootable system. Note that selecting this option will not remove an ability to select a SafeMode boot from boot-up menu but will sabotage it, causing Windows boot error. Please use this option with a great care since it may potentially lock you out of your PC. Enable this option when all hardware and software components on your PC have been configured and token logon has been fully tested.

Product Protection Preferences

In some cases one administrative user would not like to allow other administrative users to modify ControlSphere product settings, modify or uninstall the product. Although there are no completely reliable ways to ensure such a protection (person with Administrative privileges can break any protection if he/she knows what-and-where to modify), ControlSphere product protection makes these tasks very inconvenient and hard to make for anyone.

Disable ControlSphere setup maintenance (Change/Uninstall options)

Change and Uninstall options will not be accessible for the local ControlSphere setup if this option is enabled. Enable this option to protect local ControlSphere setup from any third party modifications or un-installation via Control Panel - Add/Remove Programs console.

Protect ControlSphere settings by Master Configuration Password

Master Configuration Password protects local ControlSphere configuration settings from retrieval and modification in Preferences dialog regardless of user privilege level. When enabled, ControlSphere will ask for protective Master Configuration Password every time someone accesses the preference section of ControlSphere.