Chat now with support
Chat mit Support

Identity Manager 8.1.4 - Secure Password Extension Administration Guide

Secure Password Extension

It is very common for business users to forget their password and be unable to log in to the system. One Identity Manager allows users to securely and conveniently reset their network passwords, or manage their passwords in multiple enterprise systems, before even logging in to the system. To enable users to access the Password Reset Portal from the Windows login screen, One Identity Manager implements Secure Password Extension.

Secure Password Extension is an application that provides one-click access to the complete functionality of the Password Reset Portal from the Windows login screen. Secure Password Extension is included on the installation CD and is deployed through a group policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and configuring Secure Password Extension.

Secure Password Extension supports the authentication model in the following systems:

  • Windows 7

  • Windows 8

  • Windows 8.1

  • Windows 10

On workstations running Windows 7, Secure Password Extension adds the Forgot My Password link to the Windows login screen. In Windows 8, 8.1 and 10, Secure Password Extension adds an icon under the login options to the user tile on the login screen. By clicking these buttons and links, users open the Password Reset Portal.

When users connect to the Password Reset Portal from the Windows login screen, anonymous access is enabled and the functionality of Microsoft Internet Explorer is restricted, thereby preventing the actions that may pose a security threat. Once users open the Password Reset Portal home page from the Windows login screen, they cannot access any other website, or open a new browser window or a context menu.

For Secure Password Extension to function properly, you must specify the corresponding URL to the Password Reset Portal in the supplied administrative template prm_gina.adm or prm_gina.admx located in the \Password Manager\Setup\Administrative Template\ folder of the installation CD and apply the template to selected users. For more information, see Configuring Secure Password Extension.

Deploying and configuring Secure Password Extension

This section describes the prerequisites and steps for deploying and configuring Secure Password Extension to provide access to the Password Reset Portal from the Windows login screen on end-user computers.

Detailed information about this topic

Configuring the Password Reset Portal

To ensure that forwarding to the Password Reset Portal works correctly, you must configure the Password Reset Portal (server-sided configuration).

To configure the forwarding to the Password Reset Portal

  1. Start Internet Information Services Manager.

  2. Navigate to the Password Reset Portal entry.

  3. Right-click the Password Reset Portal entry and in the context menu, click Explore.

  4. In the Explorer window, create the subfolder EntryPoint.

  5. Open the subfolder EntryPoint and create the web.config file.

  6. Edit the web.config file and insert the following content:

    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpRedirect enabled="true" destination="<URL-path-to-the-Password-Reset-Portal>" exactDestination="true" />
    </system.webServer>
</configuration>

  7. Save the file changes.

Deploying Secure Password Extension

Secure Password Extension is deployed on client computers through a group policy. You can create a new group policy object (GPO) or use an existing one to assign the installation package with Secure Password Extension for installing it on the destination computers. Secure Password Extension is then installed on computers to which the GPO applies. Depending on the operating system running on the destination computers, you must apply one of the following installation packages included on the installation CD:

  • SecurePasswordExtension_x86.msi - Installs Secure Password Extension on computers running x86 versions of operating systems.

  • SecurePasswordExtension_x64.msi - Installs Secure Password Extension on computers running x64 versions of operating systems.

You can modify the behavior and on-screen appearance of Secure Password Extension components by configuring the settings of an administrative template, and then applying the template to the target computers through a group policy.

The administrative template is available in two formats: prm_gina.adm and prm_gina.admx.

The prm_gina.adm administrative template file is located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension\Administrative Template folder of the installation CD. Before using the file, copy it from the installation CD. The recommended target location is the \inf subfolder of the Windows folder on a domain controller.

The prm_gina.admx administrative template file is located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension\Administrative Template folder of the installation CD. This administrative template is designed to be used with Windows Server 2008 R2 or later operating systems. Before using this administrative template, copy the prm_gina.admx and prm_gina.adml files from the installation CD to the following locations: %systemroot%\policyDefinitions (for the prm_gina.admx file) and %systemroot%\policyDefinitions\En-US (for the prm_gina.adml file).

Follow these steps to configure and deploy the Secure Password Extension on end-user computers.

To deploy and configure Secure Password Extension

  1. Copy the required installation package (SecurePasswordExtension_x86.msi or SecurePasswordExtension_x64.msi) from the installation CD to a network share accessible from all domain controllers where you want to install Secure Password Extension. The MSI packages are located in the Modules\ADS\dvd\AddOn\SecurePasswordExtension folder of the installation CD.

  2. Create a GPO and link it to all computers, sites, domains, or organizational units where you want to use Secure Password Extension. You may also choose an existing GPO to use with Secure Password Extension.

  3. Open the GPO in the Group Policy Management Editor, and perform the following actions:

    1. Expand Computer ConfigurationPolicies | Software Settings.
    2. Right-click Software installation and select New | Package.
    3. Browse for the MSI package you have copied in step 1, and click Open.
    4. In the Deploy Software window, select a deployment method and click OK.
    5. (Optional) Verify and configure the properties of the installation.
    Related topics
Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen