Overview

It is possible to automate the users' authentication process in Kerio Control by creating a Group Policy Object containing scripts to log in and log out users from Kerio Control.

This article serves as a guide to configuring the Windows Active Directory GPO to automatically log in and log out users from Kerio Control

Important: The screenshots used in this article are based on Active Directory running on Microsoft Windows Server 2008 Domain Controller.

Solution

1. Connect to your domain controller. Go to Start > Administrative Tools > Group Policy Management.

   

2. Select the domain and go to Action > Create a GPO in this domain, and Link it here...

   

3. Enter an appropriate name to this policy.

   

4. After creating the object, select Action > Edit....

   

5. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Internet Zone.

   

6. Look for Logon options and double-click on it.
7. In the Logon options dialog box, click on Enabled and select Automatic logon with current username and password option from the Options drop-down menu.
8. Apply these changes.

   

9. Select User Configuration > Policies > Windows Settings > Scripts (Logon/Logoff).

   

10. Double click Logon and click Add... in the properties box.

    

11. Click Browse....

    

12. Create two files: logon.vbs and logon.bat. Use the sample code in the table below for reference, changing the logon script path:

    File	Code
    logon.vbs	Dim oIE Set oIE = CreateObject("InternetExplorer.Application") oIE.Visible = False oIE.Fullscreen = False oIE.Toolbar = True oIE.Statusbar = True oIE.Navigate("http://www.google.com/") WScript.Sleep(30000) oIE.quit
    logon.bat	cscript //nologo \\domain\sysvol\..\logon.vbs

13. Select logon.bat with a double-click and click OK.

    

14. Select Logoff with a double-click and click Add....

    

15. Click Browse...

    

16. Create two files: logoff.vbs and logoff.bat. Use the sample code in the table below for reference, changing the logoff script path:

    File	Code
    logoff.vbs	Dim oIE Set oIE = CreateObject("InternetExplorer.Application") oIE.Visible = False oIE.Fullscreen = False oIE.Toolbar = True oIE.Statusbar = True oIE.Navigate("http://<Kerio Control Server IP address>:4081/internal/logout") WScript.Sleep(30000) oIE.quit
    logoff.bat	cscript //nologo \\domain\sysvol\..\logout.vbs

17. Select logoff.bat with a double-click and click OK.

    

18. Double-check GPO settings and close Group Policy Management.

    

19. Open Kerio Control Web Administration Interface. Go to Advanced Options and disable Force SSL secured connection (recommended).
20. Apply this change.

    IMPORTANT DISCLAIMER:

    Disabling this option will ignore the browser message: website's security certificate contains invalid information and it will allow Kerio Control authentication using NTLM authentication even the SSL certificate is not trusted on the local machine (eg. in case of self-signed SSL certificate). At the same time, this can be a security risk because users send their credentials to Kerio Control server using a plain-text format over an unencrypted channel.

    For correct encrypted communication, it is required to have trusted signed SSL certificate for the URL of the Kerio Control web interface.

    

21. Go to Domains and User Login and enable Always require users to be authenticated when accessing web pages and Enable automatic authentication using NTLM.
22. Apply these changes.