1. Knowledge Base
  2. SurePassID Authentication Server

How do I apply different bypass codes to some systems using GPO?

This would be used when you need a new/different bypass code to use on some systems separate from others.
  1. In Active Directory Users and Computers (ADUC), create a new Organization Unit (OU) under the original OU containing the computer.
  2. In Group Policy Management Tool (GPMT), create a new Group Policy Object (GPO) linked to the new OU that changes the bypass code to a new value that is created using the Windows Logon Manager Configuration Tool (WLMCT), extracted from the registry then copied and pasted into the GPO.
  3. The above can be done using a computer GPO and the Preferences, Windows Settings, Registry section of the policy.
  4. Note that the bypass code is changed with and written into the registry using the Windows Logon Manager Configuration Tool (WLMCT) and then the value in the registry under HKLM:Software\Surepassid\Credprov\BypassCode can be placed in the same location in the registry on machines for which the code should be applied.
  5. In ADUC, move the machine(s) into the new OU and run "gpupdate  /force" from an elevated command prompt on the machine(s) in the new OU.
  6. The new bypass code should be applied to the machine(s) and can be confirmed with a lock/unlock of the machine(s) using the new bypass code.
  7. Because the Bypass Code (Master Passcode Override) is a value in the registry, different machines or classes of machines can have different codes, workstations vs servers for example.