This would be used when you need a new/different bypass code to use on some systems separate from others.
- In Active Directory Users and Computers (ADUC), create a new Organization Unit (OU) under the original OU containing the computer.
- In Group Policy Management Tool (GPMT), create a new Group Policy Object (GPO) linked to the new OU that changes the bypass code to a new value that is created using the Windows Logon Manager Configuration Tool (WLMCT), extracted from the registry then copied and pasted into the GPO.
- The above can be done using a computer GPO and the Preferences, Windows Settings, Registry section of the policy.
- Note that the bypass code is changed with and written into the registry using the Windows Logon Manager Configuration Tool (WLMCT) and then the value in the registry under HKLM:Software\Surepassid\Credprov\BypassCode can be placed in the same location in the registry on machines for which the code should be applied.
- In ADUC, move the machine(s) into the new OU and run "gpupdate /force" from an elevated command prompt on the machine(s) in the new OU.
- The new bypass code should be applied to the machine(s) and can be confirmed with a lock/unlock of the machine(s) using the new bypass code.
- Because the Bypass Code (Master Passcode Override) is a value in the registry, different machines or classes of machines can have different codes, workstations vs servers for example.