Upgrading Password Policy Manager
Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.
To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.
To upgrade from Password Policy Manager version 5.x.x
- Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM,
Uninstalling Password Policy Manager
To uninstall Password Policy Manager, you should remove it from all domain controllers in a managed domain.
To uninstall Password Policy Manager
- Remove Password Policy Manager from a domain controller in a managed domain.
- Restart the computer when prompted.
- Repeat steps 1 and 2 for all domain controllers in the managed domain.
If Password Policy Manager was deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list.
To remove MSI package
- Start the Group Policy Management snap-in. To do this, click Start, point to Programs, point to Administrative Tools, and then click Group Policy Management.
- In the console tree, click the group policy object with which you deployed the package, and then click Edit.
- Expand the Software Settings container that contains the Software installation item with which you deployed the package.
- Click the Software installation container that contains the package.
- In the right pane of the Group Policy window, right-click the PasswordPolicyManager_x64(x86).msi package, point to All Tasks, and then click Remove.
- Click Immediately uninstall the software from users and computers, and then click OK.
- Quit the Group Policy Object Editor snap-in, and then quit the Group Policy Management snap-in.
| IMPORTANT: If you uninstall Password Manager, but do not remove Password Policy Manager from domain controllers in a managed domain, configured password policies will still be enforced. To stop enforcement of password policies configured in Password Manager, you should uninstall Password Policy Manager from all domain controllers in the managed domain. |
- Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM,
Installing Password Policy Manager
This section describes the steps for deploying Password Policy Manager in a managed domain.
Password Policy Manager is deployed on all domain controllers through Group Policy. You can create a new Group Policy object (GPO), or use an existing one, to assign the installation package with Password Policy Manager to the destination computers. Password Policy Manager is then installed on computers on which the GPO applies. Depending on the operating system running on the destination computers, you must apply either of the following installation packages included on the installation CD:
- PasswordPolicyManager_x86.msi - Installs Password Policy Manager on domain controllers running an x86 Microsoft Windows Server operating system.
- PasswordPolicyManager_x64.msi - Installs Password Policy Manager on domain controllers running an x64 Microsoft Windows Server operating system.
The installation packages are located in the \Password Manager\Setup\Password Policy Manager\ folder on the installation CD.
| NOTE: Depending on whether a domain controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of the Password Policy Manager must be installed. |
To install Password Policy Manager on a single domain controller
- Run the appropriate Password Policy Manager MSI package located in the \Password Manager\Setup\Password Policy Manager\ folder on the installation CD.
- Restart the computer once the installation completes.
To deploy Password Policy Manager on multiple domain controllers
- Copy the appropriate Password Policy Manager MSI package from the installation CD to a network share accessible from all domain controllers in a managed domain.
- Create a GPO and link it to all domain controllers in a managed domain. You may also choose an existing GPO to deploy the Password Policy Manager.
- Open the Computer Configuration folder under the selected GPO, and then open the Software Settings folder.
- Right-click Software installation, and then select New | Package.
- Select the MSI package you have copied in step 1.
- Click Open.
- Select the deployment method and click OK.
- Verify and configure the installation properties, if needed.
-
- Repeat the steps 2 and 3 for each domain controller in the managed domain.
If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.