Fingerprint Console

Fingerprint Console

Document revision <0.5>
March 2008

Table of Contents

1              Fingerprint Console Command Description              3

1.1              User specific commands              3

1.1.1              Enroll new user              3

1.1.2              Edit enrolled user              3

1.1.3              Delete a user              3

1.1.4              Enumerate enrolled users              4

1.1.5              Export enrolled user to a file              4

1.1.6              Import enrolled user              4

1.2              Global settings commands              4

1.2.1              Security mode              4

1.2.2              Logon type              4

1.2.3              CTRL+ALT+DEL message              5

1.2.4              Power-on security              5

1.2.5              Power-on security single sign-on              5

1.3              TPM commands              5

1         Fingerprint Console Command Description

The fingerprint console must be run from the Fingerprint Software installation folder. The basic syntax is FPRCONSOLE [USER | SETTINGS | TPM]. The USER, SETTINGS or TPM command specifies what set of operation will be used. The full command is then e.g. “fprconsole user add TestUser”. When the command is not known or not all parameters are specified short command list is shown together with the parameters.

1.1        User specific commands

To enroll or edit users the USER section is used. When the current user does not have administrator’s rights the console behavior depends on the security mode of the FS.

Convenient mode: ADD, EDIT and DELETE commands are possible for standard user. However the user can modify only his own passport (enrolled with his username).

Secure mode: no commands are allowed.

Syntax: FPRCONSOLE USER <command>

<command> is one of the following commands: ADD, EDIT, DELETE, LIST, IMPORT, EXPORT.

1.1.1       Enroll new user

Syntax: ADD [<username> [| <domain>\<username>]]

If the user name is not specified then the current user name is used.

Example:

fprconsole user add domain0\testuser

fprconsole user add testuser

1.1.2       Edit enrolled user

Syntax: EDIT [<username> [| <domain>\<username>]]

If the user name is not specified then the current user name is used.

Example:

fprconsole user edit domain0\testuser

fprconsole user edit testuser

Note: The edited user must verify his fingerprint first

1.1.3       Delete a user

Syntax: DELETE [<username> [| <domain>\<username> | /ALL]]

The /ALL flag will delete all users enrolled on this computer. If the user name is not specified then the current user name is used.

Example:

fprconsole user delete domain0\testuser

fprconsole user delete testuser

fprconsole user delete /ALL

1.1.4       Enumerate enrolled users

Syntax: LIST

1.1.5       Export enrolled user to a file

This command will export an enrolled user to a file on the HDD. The user then can be imported using the IMPORT command on other computer or on the same computer if the user is deleted. The data are encrypted using Blowfish algorithm using the specified password.

Syntax: EXPORT <username> [| <domain>\<username>] <file> <password>

1.1.6       Import enrolled user

Syntax: IMPORT <file> <password>

The import will import the user from the specified file. The data are encrypted using Blowfish algorithm using the specified password.

WARNING: If the user in the file is already enrolled on the same computer using the same fingerprints then it is not guaranteed which user will have a precedence in the identification operation.

1.2        Global settings commands

The global settings of the Fingerprint Software can be changed by the SETTINS section. All the commands in this section need administrator’s rights.

Syntax: FPRCONSOLE SETTINGS <command>

Where <command> is one of the following commands: SECUREMODE, LOGON, CAD, TBX, SSO.

1.2.1       Security mode

This setting switches between Convenient and Secure mode of the FS.

Syntax: SECUREMODE 0|1

Example:

To set to convenient mode:

fprconsole settings securemode 0

1.2.2       Logon type

This setting enables (1) or disables (0) the logon application. If the /FUS parameter is used the logon is enabled in Fast User Switching mode if the computer configuration allows this.

Syntax: LOGON 0|1 [/FUS]

1.2.3       CTRL+ALT+DEL message

This setting enables (1) or disables (0) the “Press CTRL+ALT+DEL” text in logon.

Syntax: CAD 0|1

1.2.4       Power-on security

This settings globally turns off (0) power-on security support in the fingerprint software. When the power-on security support is turned off no power-on security wizards or pages are shown and it does not matter what are the BIOS settings.

Syntax: TBX 0|1

1.2.5       Power-on security single sign-on

This setting enables (1) or disables (0) the usage of fingerprint used in BIOS in logon to automatically logon user when the user was verified in BIOS.

Syntax: SSO 0|1

1.3        TPM commands

In order to use TPM following conditions must be met:

·         TPM chip must be operational (check your BIOS to ensure that TPM HW is enabled and activated),

·         TPM software stack must be installed (check your TPM manufacturer’s TPM management software) and

·         must be configured to work with TPM (this can be done using fprconsole, see below for details).

Syntax: FPRCONSOLE TPM <command> [<command-parameters>]

Available commands are:

 ...