Self-Service Site
The Self-Service Site provides users with the ability to easily and securely manage their passwords, thus eliminating the need for assistance from high-level administrators and reducing Helpdesk workload.
The Self-Service Site can be installed on the same server as the Administration Site and Password Manager Service, or on a stand-alone server, for example, if you want to install the Self-Service Site in a perimeter network (DMZ).
Password Manager Self-Service Site
The Password Manager Self-Service Site provides functionality similar to the Legacy Self-Service Site. The Password Manager Self-Service Site includes enhancements to the user interface to improve the usability of the site.
Limitations & Restrictions of the Password Manager Self-Service Site:
-
The Password Manager Self-Service Site can co-exist along with the Legacy Self-Service Site.
-
It is possible to revert to the Legacy Self-Service Site at any time.
-
The Password Manager Self-Service Site is only available in English.
As an alternative to using Password Manager Self-Service Site, use the Legacy Self-Service Site.
Helpdesk Site
The Helpdesk Site handles typical tasks performed by Helpdesk operators, such as resetting passwords, unlocking user accounts, assigning temporary passcodes, and managing user Questions and Answers profiles.
The Helpdesk Site can be installed either on the same server as the as the Administration Site and Password Manager Service, or on a standalone server.
Password Policy Manager
Password Policy Manager is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in those cases where users change their passwords using means other than Password Manager. For example, when user change their password on the Self-Service Site, a new password is checked against password policy rules immediately, and if it complies with password policies configured in Password Manager, the new password is accepted. But when user change their password by pressing CTRL+ALT+DELETE, for example, the password’s compliance with password policies cannot be checked by Password Manager unless Password Policy Manager is deployed on all domain controllers in a managed domain. Password Policy Manager installs the dictionary file in the SYSVOL folder to set a dictionary rule for new passwords. If the dictionary file already exists in the SYSVOL folder, Password Policy Manager setup will not replace the file while installing.
If Password Policy Manager is not installed on all domain controllers in the domain, password policies configured in Password Manager will be ignored when users change password by means other than Password Manager.
NOTE: The user account that is used to install Password Policy Manager must have write access to the SYSVOL folder in domain controller.
NOTE: When the user uninstalls Password Policy Manager, the installer will not remove the dictionary file from the SYSVOL folder. The user must remove the dictionary file manually if the file is not needed.
|
Caution: Removing the dictionary file from the SYSVOL folder in one Domain Controller will result deletion of the dictionary file in all Domain Controllers . |
For more information on Password Policy Manager, see About Password Policies.
Secure Password Extension
Secure Password Extension is an independently deployed component that provides one-click access to the complete functionality of the Self-Service Site from the Windows login screen. Secure Password Extension also provides dialog displayed on end-user computers that notify users who must create or update their Questions and Answers profiles with Password Manager.
Secure Password Extension should be installed on users’ computers through group policy.
For more information, see Secure Password Extension overview.