Winlogon Beta

Introduction

TickStream.KeyID Winlogon is a Microsoft Windows logon credential provider that allows you to provide 2nd factor authentication to users of workstations and servers. The credential provider captures typing effort when a user logs on using CTRL+ALT+DEL.

System Requirements

The Activity client will run on the following systems with their minimum hardware specifications.

  • Microsoft Windows 10 / Server 2016 and later
  • Microsoft Visual C++ Redistributable 2019 (installed during setup)

Setup Wizard

  1. Download the TickStream.KeyID Winlogon setup package using the link provided to you.
  2. Run the setup package on the client machine you wish to install it on.
  3. Accept the licensing agreement. Press the ‘Next’ button to continue.
  4. Enter the KeyID web service address, license key and cache service TCP port (default 10127). Press the ‘Next’ button to continue.
  5. Press the Install button.
  6. Press the Finish button.

Quiet Install

The setup package can be installed in an unattended mode suitable for automated deployment or installation from a command prompt. Values should be surrounded with quotations "" if they contain special characters or spaces. You can specify any setting listed in the next section by prefacing it with a /. Setting names are not case sensitive. If a setting is not specified and exists already in the registry, the existing setting will be used (upgrades will retain existing settings unless explicitly changed.) If a setting is not specified and does not exist in the registry, a default will be provided.

"TickStream KeyID Winlogon x64 Beta 4.X.X.exe" /VERYSILENT
"TickStream KeyID Winlogon x64 Beta 4.X.X.exe" /VERYSILENT /WSURL="https://keyidservices.tickstream.com" /AUTHENTICATION="myauthenticationkey"
"TickStream KeyID Winlogon x64 Beta 4.X.X.exe" /VERYSILENT /grantOnError=0 /sendErrors=0

TickStream.KeyID Utility

TickStream.KeyID Utility allows you to view authentication history and configure various settings. The utility requires .NET Framework 4.0 (included and installed automatically by the TickStream.KeyID setup package.) To make setting changes you must have local system administrator priveleges.

Clear the log

Click Action menu -> Clear log. You will be prompted to clear the event log. This action clears the windows custom event log 'TickStream KeyID'.

Sort the log

You can sort the log by each information column.

Settings

Click File menu -> Settings. You will be prompted to restart the application with elevated priveleges if needed.

Webservice Setting Description
Passive Validation Collect and evaluate typing behavior but always allow the user access
Passive Enrollment Save profile data after evaluation and continue the login process

Application Setting Description
Grant On Error Allow access if there is an error communicating with the TickStream.KeyID web service
Send Login Failures Send login failure statistics to the KeyID web service
Send Error Reports Send crash reports to the KeyID web service
Filtered Credential Description
Windows Password Provider If checked, disable the Windows password provider
Hello Face Provider If checked, disable the Windows Hello Face provider
Hello Biometric Provider If checked, disable the Windows Hello Biometric provider

TickStream.KeyID Information

Click Help menu -> About. The current version of the Utility and TickStream.KeyID credential provider library will be provided.

Usage

The TickStream.KeyID Winlogon credential provider will now be available when logging into Windows as a sign-in option. The first time you login, type your username and password as you normally would. You will then be prompted to type your password several more times to build your KeyID profile. When the profile is completed your Windows session will start. Your typing behavior will be evaluated on subsequent logins. Your profile will also be reset if your Windows password is changed.

Event Logs

The TickStream.KeyID Winlogon credential provder writes to the windows application event log. The table provides information about the various events that may be raised.

EventID Severity Description
1000 Error Unspecified error containing an HRESULT description.
1001 Error Password pre-keyid-authentication failed, there was a system error
2000 Warn Username contains invalid characters.
2001 Warn Error fetching user SID. Username does not exist or cannot connect to domain controller.
2002 Warn Password pre-keyid-authentication failed (wrong password) for user.
2003 Warn KeyID profile authentication FAILURE results for KeyID profile.
3000 Info Password changed since last logon, deleting KeyID profile for user.
3001 Info KeyID profile authentication SUCCESSFUL results for KeyID profile.
3002 Info User requested profile reset.
3003 Info Passive / active enrollment profile was saved.

Safe Mode

Booting into Windows Safe Mode will disable the TickStream.KeyID credential provider (and other 3rd party credential providers) and re-enable the windows password provider for that session.