RapidIdentity Product Guide

Active Directory Group Policy Object (GPO) Installation

A GPO created for “Software installation” will set up the RapidIdentity Credential Provider Module, but without command-line options, and there is no simple way to configure the standard Software Install, to add the command line options.

The workaround to add the command line options is to create a batch file (example: InstallRapidIdentityCentralProvider.cmd contents, below in the Notes section) containing the proper command-line for install, as noted in the “Standard Workstation Installation” above.

Then, setup a GPO, associated to Domain Computers, and configure as follows:

  1. Run Command Prompt as an Administrator on a domain controller and enter gpme.msc.

  2. Select the default Domain Policy (or other policy as applicable) and press OK.

  3. In the left panel, navigate to and select Computer Configuration > Policies > Windows Settings > Scripts.

  4. In the right panel, double-click Startup.

  5. In the Script Name field, enter the UNC path of the script and click OK.

  6. Click OK.

At the next user login, assuming the machine is associated with the Active Directory domain and that it has been rebooted, the machine will run the script / batch file in the background, and install the Credential Provider with proper rights to make the registry changes.

The next time a user logs out and selects to change user, the Credential Provider user will be accessible to allow for a password change.