University of Colorado at Boulder  
Map A to Z Index Search CU Home
ITS logo
Information Technology Services News | ITS Search
UCB Windows 2000 Resource Center

 
Learn More
Back to the UCB Windows 2000 Resource Center
UCB W2K Admin Guide Start
Why Windows 2000 and Active Directory at UCB?
Joining the AD infrastructure at UCB
Using the AD infrastructure at UCB
Additional information and resources
Quick index of the administrators guide documents


 

Configuring a Windows 2000 Campus Domain Client for IdentiKey Logon

This document describes two processes by which an administrator can configure their client computers to allow users to login using their IdentiKey usernames and passwords. It assumes that the department and all client computers are participating in the campus Windows 2000 domain.

There are two methods for configuring a client for IdentiKey logon. First is a simple registry modification using a file distributed by ITS. Second is a command-line process that can be executed via batch or script.

ITS registry file method

This method has been removed due to problems with the registry file. If you previously downloaded the file, please do not use it. There have been no problems with the command line method.

Command line method

  1. Install Windows 2000 Service Pack 1 or later on all client computers.
  2. Extract ksetup.exe from the X:\support\tools\support.cab file from any Windows 2000 CD (Professional, Server, or Advanced Server)
  3. Login as a user with permission to write to the Local Machine section of the registry.
  4. Copy ksetup.exe to a client computer.
  5. Run the following two commands:
    • ksetup /addkdc COLORADO.EDU idkey-tcom.colorado.edu
    • ksetup /addkdc COLORADO.EDU idkey-comp.colorado.edu
  6. Reboot the computer

Once a client has been configured, users must select "COLORADO.EDU (Kerberos Realm)" from the domain pull-down menu in the logon interface to user their IdentiKey username and password.

Common problems

  • Since faculty and staff often do not use their IdentiKey usernames and passwords, they may not know them. Their IdentiKey usernames are the same as their e-mail account usernames. Their IdentiKey passwords are different than their e-mail account passwords. Faculty and staff who do not know their IdentiKey passwords should contact the ITS service center.
  • If a user has not changed their IdentiKey password for a very long time they may receive an error message that their password is incorrect. This is because their IdentiKey account is using an old encryption technique not supported by Windows 2000. If they change their password, their account will be updated to the current encryption method.
  • If you are attempting to use a client configured in Windows 2000 for a colorado.edu DNS name (instead of ad.colorado.edu) some additional configuration may be required. Note: This only applies if the full computer name listed under the Network Identification tab of the system properties lists the computer as having a name of xxx.colorado.edu instead of xxx.ad.colorado.edu. This does not necessarily reflect the computer's actual DNS name.

Getting Help

help@colorado.edu
       
       Support | Training | Facilities | About ITS | ITS Home
 

Last reviewed: October 30, 2006

IT Service Center: 303-735-4357 (5-HELP), help@colorado.edu, Location and Hours of Operation
Computer Support Representative (CSR) look-up tool

itsfeedback@colorado.edu  | Policies | Privacy
© 2000 The Regents of the University of Colorado