Is it possible to add an extra security measure to the Ivanti Workspace Control Console by triggering a Windows authentication pop-up for Smart Card Authentication when starting the Ivanti Workspace Control Console?
With the introduction of Ivanti Workspace Control 10.2.900.0, this behavior can be configured, the following prerequisites should already be in place.
- Windows Smart Card Policies are configured and working already.
- Users are required to sign in to a machine by using a Smart Card. This can be enforced using the Interactive logon: Require smart card GPO located in Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
- The GPO mentioned above will set the ScForceOption located in [HKLM\Software\Microsoft\Windows\CurrentVersion\policies\System] to 1. If this is set to 0 or not available, then the feature will not work.
- No other third-party software is needed to use the available Smart Card Solution.
More information about the Smart Card Group Policy can be found here: https://docs.microsoft.com/en-us/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings
With the above prerequisites in place, the Ivanti Workspace Control Console can enforce an Authentication pop-up by configuring an Administrative Role.
- Open the Ivanti Workspace Control Console
- Go to Administration > Administrative Roles > Open or create an Administrative Role
- On the bottom of the Access Control tab, the feature can be enabled
Ivanti recommends to first create a test Administrative Role for your test Administrator, this way a locked out situation can be prevented.