How to transition many (or all) existing SecureDoc-protected devices to Token Protection from Password protection
To "automatically” change users’ protection from password to certificate, e.g. automatically send token-protected key files to computers,
1 - Make sure the following settings are enabled in the Key File section of Tools -> Options:
Checkbox: When key file is created for the device, automatically send it to device - should be Checked/Enabled
Checkbox: Automatically update key file on device when user/device key file properties are modified - should be Checked/Enabled
Checkbox: Automatically generate key file when user is added to device - should be Checked/Enabled
2 - ALL affected user records must have token protection set as their default Protection Type:
Checkbox: Use Token protection as protection type - should be Checked/Enabled
3 - When you import the user certificates from Active Directory (AD), the newly changed certificates will be considered a "change”, thanks to the settings enabled above, so these new/updated key files will be sent to computers to effect the change.
NOTE: There is a lot more information available in the SES User Guide and the SecureDoc Manual on converting between Token and Password-based protection, recovery from a lost or damaged token. This article is simply a brief, focused distillation of information commonly available in the documentation.
If you're looking to install SecureDoc such that newly-installed devices will be Token-protected, please see the documentation.