Adding a command for creating an Authentication Agent account
To add a command for creating an Authentication Agent account:
Open the Settings section in the Properties: <name of Authentication Agent account management task> window.
Click the Add button and in the drop-down list select Account adding command.
The Add user account window opens.
In the Add user account field within the Windows account window, specify the Microsoft Windows account name based on which the Authentication Agent account will be created.
To do so, type the account name manually or click the Select button.
If you manually entered the name of a Microsoft Windows account, click the Allow button to determine the security identifier (SID) of the account.
If you choose not to determine the security identifier (SID) by clicking the Allow button, it will be determined when the task is performed on the computer.
Determining the SID of the Microsoft Windows account when adding an Authentication Agent account creation command is a convenient way to make sure the manually entered Microsoft Windows account name is correct. If the entered Microsoft Windows user account does not exist on the computer or in the trusted domain for which the Full Disk Encryption, account management local task is being modified, the Authentication Agent account management task ends with an error.
Select the Replace existing account check box if you want the existing account previously created for the Authentication Agent to be replaced with the account being created.
This step is available when you are adding an Authentication Agent account creation command in the properties of a group task for managing Authentication Agent accounts. This step is not available if you add a command for creating Authentication Agent account in the properties of the Full Disk Encryption, account management local task.
In the User name field, type the name of the Authentication Agent account that must be entered during authentication for access to encrypted hard drives.
Select the Allow password-based authentication check box if you want the application to prompt the user to enter the Authentication Agent account password during authentication for accessing encrypted hard drives.
If you selected the Allow password-based authentication check box during the previous step:
In the Password field, type the password for the Authentication Agent account that must be entered during authentication for accessing encrypted hard drives.
In the Confirm password field, confirm the Authentication Agent account password entered at the previous step.
Do one of the following:
Select the Change password upon first authentication option if you want the application to show a password change request to the user passing authentication under the account specified in the command for the first time.
Otherwise, select the Do not require password change option.
Select the Allow certificate-based authentication check box if you want the application to prompt the user to connect a token or smart card to the computer during authentication for accessing encrypted hard drives.
If you selected the Allow certificate-based authentication check box during the previous step, click the Browse button and select the file of the token or smart card electronic certificate in the Select certificate file window.
If required, in the Command description field, enter the Authentication Agent account details that you need for managing the command.
Do one of the following:
Select the Allow authentication option if you want the application to allow the user working under the account specified in the command to access the authentication dialog in Authentication Agent.
Select the Block authentication option if you want the application to block the user working under the account specified in the command from accessing the authentication dialog in Authentication Agent.