December 31, 1969
December 31, 1969
Disable nFront Password Filter Client via GPO or script
If you need to quickly disable the client due to a software conflict or network issue you can do so via a script or via GPO. You may also use the GPO approach to pre-deploy the client to all of your workstations and let it sit dormant until you go live on a specific date (in which case you clear the GPO option).
The client is disabled by one registry value. When it is disabled the end-user will use the regular Windows password change process.
HKLM\Software\Policies\Altus\PassfiltProClient\disable, REG_DWORD (32-bit), value=1
How to disable via a script
Below is a batch file that adds the registry value to a range of IP addresses. It will go from 10.0.0.1 through 10.0.0.254 and add the value.
FOR /L %%i IN (1,1,254) DO REG ADD \\10.0.0.%%i\HKLM\Software\Policies\Altus\PassfiltProClient /v disable /t REG_DWORD /d 1
How to disable via GPO
At the domain level create a new GPO. If the workstations are you are targeting (to disable the client) are in a specific OU you can target the OU instead of the domain . Give it an easily recognized name like "nFront Client Options".
Click the Edit button to edit the GPO. Go to Computer Configuration + right-click Administrative Templates + Add/Remove Templates. Select the nFront-Password-Filter-client-options.adm template. Click close on the Add/Remove Templates dialog.
The GPO editor will now show a section for "nFront Password Filter - Client Options" under the Administrative Templates section. There will be only one policy. Edit the policy and check the box to "Disable nFront Password Filter Client".
This GPO pushes a few registry settings to all client machines. It will set HKLM\Software\Policies\Altus\PassfiltProClient\disable, REG_DWORD, value=1.