Policy issues after Imprivata appliance upgrade


Recently I have performed an upgrade of an Imprivata environment at a customer site. At this customer (a hospital) Imprivata is used as a alternative for entering a username and password. This makes it for the user possible to roam there session by swiping an proximity card over a card reader  that is attached to every computer at the hospital.

Imprivata can also be used as a single sign on solution. Imprivata has it’s primarily focus on healthcare environment. This solution is perfect for a hospital environment. The doctors and nurses don’t have to think about there username and/or password for Windows or various applications, they just need to swipe there proximity card



Tekening1The image above shows the logon procedure at the customer site with Imprivata.

Last Friday the upgrade from version 4.5 to version 4.8.100 was scheduled. The Imprivata environment consists of two appliances, one physical appliance and one virtual appliance. Before we did start the upgrade we informed the users that during the upgrade they could continue with there work , we advised them not to roam there session during the upgrade. Before we can start the installation the upgrade package needs to be uploaded to both appliances (there is a separate upgrade package for the virtual and physical appliances) before you can start the installation. The installation goes fully automatic and after the upgrade is finished both appliances are restarted. During testing we found out that with the old appliance we had to configure an registry setting to make sure that the reboot and restart buttons are available on the Imprivata logon screen. With the new version of the appliance this setting is moved from the endpoint device to the computer policy.

2013-11-13 10_23_05-s-mgt07 - Remote Desktop Connection With this checkbox checked the reboot and restart buttons are available to the users. Please make sure that you don’t apply this setting to your computer policy for the XenApp servers.

When the appliances where back online we did some testing, everything seemed fine.

On Monday we received a issue from the helpdesk that some users where complaining that there computer automatically locked the desktop after 5 minutes. After some research I found out that the problem was limited to a small group of computers that used a none-default computer policy. These computers where configured to never go to the lock screen or the screensaver. This is done because these computers are used during meetings about patients.

2013-11-13 10_25_37-s-mgt07 - Remote Desktop Connection Let me first show you policy setting for these diagnostic meeting client that is different from the default policy. These settings make is possible that the computer remains logged on during the meeting. At the end of the meeting the user enters the defined hotkey and the workstation is locked. The setting that caused the problem was on a different tab.

2013-11-13 10_24_10-s-mgt07 - Remote Desktop Connection

The above settings was set after the upgrade what caused the affected computers to be locked after 5 minutes of inactivity.