3. Expand the Organizational Unit—GroupB, in this example
3.3 Litronic CAC Settings
The following are the CAC Manager settings that are not required by DoD CAC Middleware Requirements Release 3.0:
For all settings:
Default = Not Configured 1 = Enable
0 = Disable
0 online.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\VerifyCerts
Note: This setting is configurable through CAC PIV MD Manager Build 1.0.0.13. It is permanent in build 1.0.0.14 onward.
Allow Update Checking
Purpose: To allow CAC Manager to check for software updates through the Internet whenever the computer reboots.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will not check for updates automatically.
1 If you enable this setting, CAC Manager will automatically check for updates.
0 If you disable this setting, CAC Manager can only be updated manually.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\AllowUpdates
Allow Combination Certificate Propagation
Purpose: To allow CAC Manager to match the UPN in the computer to either the CAC container ID or the longer PIV container ID.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will check the shorter CAC UPN.
1 If you enable this setting, CAC Manager will check the CAC UPN first and then check the PIV UPN.
0 If you disable this setting, CAC Manager will check the CAC UPN.
Disable the Certificate Browser Tab
Purpose: To control whether to disable (hide) the Certificate Browser tab.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will display the Certificate Browser tab.
1 If you enable this setting, CAC Manager will hide the Certificate Browser tab.
0 If you disable this setting, CAC Manager will display the Certificate Browser tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC
\disableCertBrowseTab
Disable the Logging Tab
Purpose: To control whether to disable (hide) the Logging tab.
Value Meaning
Default=1 If you do not configure this setting, CAC Manager will hide the Logging tab.
1 If you enable this setting, CAC Manager will hide the Logging tab.
0 If you disable this setting, CAC Manager will display the Logging tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disableDebugTab
Disable the PIN Change Tab
Purpose: To control whether to disable (hide) the PIN Change tab.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will display the PIN Change tab.
1 If you enable this setting, CAC Manager will hide the PIN Change tab.
0 If you disable this setting, CAC Manager will display the PIN Change tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disablePinChangeTab
0 Information tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disableSystemInfoTab
Disable the Tokens (Card) Tab
Purpose: To control whether to disable (hide) the Tokens (Card) tab.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will display the Tokens (Card) tab.
1 If you enable this setting, CAC Manager will hide the Tokens (Card) tab.
0 If you disable this setting, CAC Manager will display the Tokens (Card) tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disableTokensTab
Disable the Settings Tab
Purpose: To control whether to allow users to set options on their workstations.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will display the Settings tab.
1 If you enable this setting, CAC Manager will hide the Settings tab.
0 If you disable this setting, CAC Manager will display the Settings tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disableSettingsTab
Disable the Welcome Tab
Purpose: To control whether to disable (hide) the Welcome tab.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will display the Welcome tab.
1 If you enable this setting, CAC Manager will hide the Welcome tab.
0 If you disable this setting, CAC Manager will display the Welcome tab.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\disableWelcomeTab
Expiration Countdown for Certificates
Purpose: To set the amount of notice to give a user that his certificates are about to expire.
Value Meaning
Default=60 If you do not configure this setting, CAC Manager will notify the user that certificates are about to expire in 60 days.
1 If you enable this setting, you can enter a number from 1 to 360 for the amount of notice to give a user that certificates are about to expire.
0 If you disable this setting, CAC Manager returns control of number of days’ notice to the user.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\expiringDays
Do Not Display the Card Removal Dialog
Purpose: To determine whether to display the following dialog box when a CAC card is removed from the reader.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\NoCardRemovalDialog
Set the UserCertificate Field in the GAL to a Signing or Encryption Certificate Purpose: To determine whether to publish the signing certificate (X.509) or the encryption certificate (S/MIME).
Value Meaning
Default=1 If you do not configure this setting, CAC Manager will publish the Signing Certificate to the GAL.
1
If you enable this setting, you can use the dropdown menu to choose either Signing Certificate or Encryption Certificate from the List of options to populate the userCertificate field in the GAL.
0 If you disable this setting, CAC Manager will use the value set in Enable the Publishing of the S/MIME Certificate setting.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\setUserCertificate
Enable the Publishing of the S/MIME Certificate
Purpose: To determine whether to publish the S/MIME certificate to the GAL in addition to the X.509 certificate.
Value Meaning
Default=1 If you do not configure this setting, CAC Manager will publish the S/MIME certificate in addition to the X.509 certificate.
1 If you enable this setting, CAC Manager will publish the S/MIME certificate to the GAL in addition to the X.509 certificate.
0 If you disable this setting, CAC Manager will not publish the S/MIME certificate. It will publish only the X.509 certificate.
Fade Notification Display Duration
Purpose: To set the number of seconds an alert dialog box will fade in or fade out.
Value Meaning
Default=3 3 Seconds
1 If you enable this setting, you can enter 0 to 10 seconds in the Enable Fade Notification Display Duration text box.
0 If you disable this setting, CAC Manager will use the default value of 3 seconds.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\notificationinterval
Fade Notification Hold (Non-Fading) Duration
Purpose: To set the number of seconds an alert dialog box will display solidly after fading in, and before fading out.
Value Meaning
Default=1 1 Second
1 If you enable this setting, you can enter 0 to 10 seconds in the Enable Hold Duration text box.
0 If you disable this setting, CAC Manager will use the default value of 1 second.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\notificationholdinterval
Enable User Notifications
Purpose: To turn user notifications on or off.
Value Meaning
Default=1 If you do not configure this setting, CAC Manager will display notices to the user.
1 If you enable this setting, CAC Manager will display notices to the user.
0 If you disable this setting, CAC Manager will not display notices to the user.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\notificationEnable
2 will use fading pop up alert dialog boxes from the notification area of the taskbar.
0 This setting does not have a 0 value.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\notificationType
Force the Publication of Certificates
Purpose: To control whether new certificates are published automatically to the GAL.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will not publish certificates automatically.
1 If you enable this setting, CAC Manager will publish new certificates automatically to the GAL.
0
If you disable this setting, CAC Manager will not publish new certificates automatically to the GAL. Certificates will only be published manually.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\ForcePub
Lock on Card Removal
Purpose: To control whether CAC Manager will lock the computer when a card is removed.
Value Meaning
Default=0 If you do not configure this setting, CAC Manager will take no action when a card is removed.
1 If you click the radio button to enable this setting, CAC Manager will lock the computer when a card is removed.
0 If you click the radio button to disable this setting, CAC Manager will take no action when a card is removed.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\LockOnCardRemoval
Revocation Network Retries
Purpose: To set the number of times to attempt to connect with the revocation server.
Value Meaning
Default=3 3 Tries
1 If you enable this setting, you can enter 1 to 6 tries in the Enable Revocation Network Retries text box.
0 If you disable this setting, CAC Manager will use the default value of 3 tries.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\revocationRetries
Revocation Timeout Wait Period
Purpose: To determine how long to wait during checking for certificate revocation, before the operation times out.
Value Meaning
Default=30 30 Seconds
1 If you enable this setting, you can enter 10 to 60 seconds in the Enable Revocation Timeout Wait Period text box.
0 If you disable this setting, CAC Manager will use the default value of 30 seconds.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\networkTimeOut
0 logging.
Registry Key HKEY_LOCAL_MACHINE\SOFTWARE\Litronic\CAC\setupTraceLogging Note: The level of detail in trace logging is set in the Set Log Detail setting, and in the Set Trace Level section of the Log tab.
System Logging Level Setting
Purpose: To set the level of detail to report in trace logs.
Level 0 provides the most detailed log of trace messages, including the calling