43
December 31, 1969
December 31, 1969

Problem

Disable nFront Password Filter Client via GPO or script

Details

If you need to quickly disable the client due to a software conflict or network issue you can do so via a script or via GPO.  You may also use the GPO approach to pre-deploy the client to all of your workstations and let it sit dormant until you go live on a specific date (in which case you clear the GPO option).

Solution

The client is disabled by one registry value.  When it is disabled the end-user will use the regular Windows password change process. 

 

HKLM\Software\Policies\Altus\PassfiltProClient\disable, REG_DWORD (32-bit), value=1

Affected Products

How to disable via a script

 

Below is a batch file that adds the registry value to a range of IP addresses.  It will go from 10.0.0.1 through 10.0.0.254 and add the value. 

 

FOR /L %%i IN (1,1,254) DO REG ADD \\10.0.0.%%i\HKLM\Software\Policies\Altus\PassfiltProClient /v disable /t REG_DWORD /d 1


How to disable via GPO

 

At the domain level create a new GPO.  If the workstations are you are targeting (to disable the client) are in a specific OU you can target the OU instead of the domain .  Give it an easily recognized name  like "nFront Client Options".


nFront Client Options GPO


Click the Edit button to edit the GPO.  Go to Computer Configuration + right-click Administrative Templates + Add/Remove Templates.  Select the nFront-Password-Filter-client-options.adm template.  Click close on the Add/Remove Templates dialog.

Add template for client options

The GPO editor will now show a section for "nFront Password Filter - Client Options" under the Administrative Templates section.  There will be only one policy.  Edit the policy and check the box to "Disable nFront Password Filter Client".



Disable Client

This GPO pushes a few registry settings to all client machines.  It will set HKLM\Software\Policies\Altus\PassfiltProClient\disable, REG_DWORD, value=1.