Chat now with support
Chat with Support

Password Manager 5.14 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Adding or cloning a new Management Policy Configuring access to the Administration Site Configuring access to the Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Customizing help link URL Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Third-party contributions Glossary

Upgrading Password Policy Manager

Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.

To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.

To upgrade from Password Policy Manager version 5.7.1 or later versions

  1. Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM, see Uninstalling Password Policy Manager.

  2. Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM, see Installing Password Policy Manager.

  3. Repeat the steps 2 and 3 for each domain controller in the managed domain.

If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.

Administrative Templates

The Password Manager distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Password Manager Administration Console by default.

In the Password Manger installation package, you can find the below mentioned files in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation media.

These administrative templates are supplied in the following files.

File Description
prm_gina.admx Contains the administrative policies defined by Password Manager.
prm_gina.adml Allows Group Policy Object Editor to display a policy setting in the configured locale (supported language).

 

This chapter consists of the following sections.

Installing Administrative Templates

This section describes how to install administrative templates.

To install the administrative templates (.admx) on Domain Controller

  1. Login to the Active Directory Domain Controller machine with Administrative Privileges.

  2. Copy Administrative Template Configuration folder from the <CD>/Password Manager/Setup/Tools .

  3. Copy the Administrative Template folder into the Machine from <CD>/Password Manager/Setup/Template.

  4. Double click QPM.AdministrativeTemplateConfiguration.exe from the Administrative Template Configuration folder.

  5. In the Password Manager Administrative Template Configuration window, browse the Administrative Template folder path and verify the path to Policy Definitions.

  6. Click Execute to run the tool.

  7. Once the execution is complete, click Exit to close the window.

To install the administrative templates (.admx) on the client computer manually

  1. Copy the prm_gina.admx file into the %windir%\PolicyDefinitions directory.

  2. Copy the prm_gina.adml file into the %windir%\PolicyDefinitions\en-us directory.

  3. Open the Local Group Policy Editor (gpedit.msc).

    1. In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.

    NOTE:

    • You can now see the node One Identity Password Manager appearing automatically.

    • The .admx policies applied on the client computer takes priority.

Configuring Administrative Templates

This section describes how to configure administrative templates.

To configure the settings of the administrative templates on the Domain Controller

  1. Open the Group Policy Management Editor (gpmc.msc).

  2. Right click the domain node, then on the short cut menu, click Create a GPO in the domain and Link it here to link the policy.

  3. Enter a name to the New GPO. For example, OneIdentity.

  4. Right click the new GPO (OneIdentity) and set Enforced to apply the policy.

  5. Right click the new GPO (OneIdentity) and select Edit.

  6. Expand the newly created GPO and perform the following

  7. To view the latest Administrative Template

    1. Expand the newly created GPO.
    2. Go to Computer Configuration > Policies.

    3. Expand Administrative Templates: Policy Definitions(ADMX files) retrieved from the central store > One Identity Password Manager > Generic Settings.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating