When using fingerprint authentication on a client that is encrypted with BitLocker (non - Lenovo hardware or unsupported Lenovo models) the SafeGuard Authentication Application appears after logon to the operating system.
First seen in
SafeGuard BitLocker Client 6.10.0
An authentication at the SafeGuard Credential Provider or the SafeGuard Authentication Application is only possible on supported Lenovo Clients.
If only the BitLocker client is managed by SafeGuard and access to the keyring is not required (for example when the file based encryption modules like DataExchange, FileShare or CloudStorage are not installed) the appearance of the Authentication Application can be limited using a system policy.
After applying the required system policy, the SafeGuard Authentication Application only appears for user initialization and after password changes.
This behavior is managed through a Policy_S setting called InsistOnSGNAuth (default: true). The corresponding XML (Disable_InsistOnSGNAuthentication.xml) is available in the "Tools\System policies\" folder of the product DVD (or download).
What To Do
The XML which sets the value to "false" has to be signed with the company certificate.
- Open SafeGuard Management Center | Tools | Options | Certificates
- Press the Sign button and browse to the XML file which was mentioned earlier in this article.
- After browsing to the file just click "OK" and the MC creates a new file which is called "originalxmlname_Signed".
- Copy this new file into the Import folder of the LocalCache on the SafeGuard Client:
The location on the client:
- Open Start | Run | CMD and execute the tool "SGMcmdintn.exe" in the command line. After a successful import the XML-file disappears from the Import folder.