CALS Identity Finder Client Config for MSI and Server Policies
Note - on server HKLM maps to "System" policies and HKCU maps to "User" policies. The registry key names and policy wording are identical.
Base Properties
- Install the Endpoint Service - Property/INSTALLIDFSERVICE=1
- Turn off automatically launching after install - Property/LAUNCHPRODUCT=0
- Automatically agree to license agreement - Property/IAgree
Registry Keys in HKLM\Software\Identity Finder\Client (not user modifiable)
- Turn off the registration page: Software\Identity Finder\Client\Initialization\ShowRegistrationPage=0
- Turn off Customer Experience page: Software\Identity Finder\Client\Initialization\ShowCustomerExperiencePage=0
- Enable sending of data to the console: Software\Identity Finder\Client\Console\enable=1
- Provide encryption key for the console: Software\Identity Finder\Client\Console\encKey=<encryption key>
- Set the polling interval for every 4 hours: Software\Identity Finder\Client\Console\pollingInterval=14400 (default is every 5 minutes)
- Do not send match text to server:Software\Identity Finder\Client\Console\ sendMatch=0
- Connect to server: Software\Identity Finder\Client\Console\serverUrl= http://calsserver.calsnet.cornell.edu/services(note IDF encrypts all communications with the client regardless of whether SSL is used)
- Send only info about SSNs and CCs to server: Software\Identity Finder\Client\Console\matchTypes=10001,10002
- Disable guest login: Software\Identity Finder\Client\Profile\RequireProfileLogin=1
- Set password strength to Stronger: Software\Identity Finder\Client\Profile\PasswordStrength=2
- Enable the password strength capability: Software\Identity Finder\Client\Profile\EnablePasswordStrength=1
- Disable ability to change attributes of read-only files: Software\Identity Finder\Client\Settings\Actions\Disable\disableChangeReadOnly=1
- Disable ability to change attributes of hidden files: Software\Identity Finder\Client\Settings\Actions\Disable\disableChangeHidden=1
- Allow user to doubleclick on .idf files and open them in IDF: Software\Identity Finder\Client\Settings\Explorer\FileAssociation_idf=1
- Exclude all non-local drives from the search: Software\Identity Finder\Client\Settings\Locations\Files\OnlySearchLocalDrivesWhenSearchingMyComputer=1
- Set type of files to search to be "Custom": Software\Identity Finder\Client\Settings\Locations\Files\FileTypeSearchOption=2
- Set the file extension list to be the exclude list: Software\Identity Finder\Client\Settings\Locations\Files\FileExtensions\FileExtensionListIsExcludeList=1
Wiki Markup Set the custom folder exclude list to exclude Thunderbird files (messages are still scanned) and system directories (replace "\!" with "~" in the following text): Software\Identity Finder\Client\Profile\Admin\CustomFolderExcludeList=<ExcludeFolders>\[\!\] <Entry>\[\!\] <FileName>%ProgramFiles%</FileName>\[\!\] </Entry>\[\!\] <Entry>\[\!\] <FileName>%AppData%\Thunderbird\Profiles</FileName>\[\!\] </Entry>\[\!\] <Entry>\[\!\] <FileName>%windir%</FileName>\[\!\] </Entry>\[\!\]</ExcludeFolders>
- Turn off Quarantine action
- Turn off Secure action
Registry Keys in HKCU\Software\Identity Finder\Client (user modifiable)
Note - email settings may move to HKLM in the future
- Uncheck client experience checkbox: Software\Identity Finder\Client\Initialization\enable=0
- Set file location to be "My Computer" instead of "My Documents": Software\Identity Finder\Client\Settings\Locations\Files\FileLocations=1
- Set maximum file size to search to 96mb: Software\Identity Finder\Client\Settings\Performance\MaxFileSize=100663296 (note - IDF says to generally keep this under 128mb for performance)
- Turn off searching for passwords: Software\Identity Finder\Client\Settings\Identities\Password\EnableAnyFind=0
- Turn on MBOX searching for Eudora: Software\Identity Finder\Client\Settings\Locations\Email\MBOX\EnableSearchByExtension=1
- Identify MBX as an MBOX file: Software\Identity Finder\Client\Settings\Locations\Email\MBOX\MBOXFileExtensionList=mbx
- Search remote mail folders: Software\Identity Finder\Client\Settings\Locations\Email\Microsoft\SearchRemoteMailFolders=1
- Search detached PST files: Software\Identity Finder\Client\Settings\Locations\Email\Microsoft\SearchDetachedPST=1
- Enable inclusion of Outlook Express or Windows Mail in the search: Software\Identity Finder\Client\Settings\Locations\Email\Microsoft\IncludeWinMailInEmailSearch=1
- Include Thunderbird in search: Software\Identity Finder\Client\Settings\Locations\Email\Thunderbird\IncludeThunderbirdInEmailSearch=1
- Disable balloon tips on the taskbar: Software\Identity Finder\Client\Settings\UserInterface\ShowBalloonTips=0
Wiki Markup Set file extensions to skip (replace "\!" with "~" in the following text): Software\Identity Finder\Client\Settings\Locations\Files\FileExtensions\FileExtensionList="aac;1\[\!\]acs;1\[\!\]adc;1\[\!\]..."
- Turn off the startup wizard: Software\Identity Finder\Client\Settings\Wizards\UseStartupWizard=0
- Install updates with no prompt: Software\Identity Finder\Client\Settings\Updates\AutomaticallyDownloadandInstallUpdates=1 (note - this will likely move to HKLM in the future)