Converting Q&A Profiles
After you have configured Password Manager 5.13.2, you can convert users’ Q&A profiles to make it compatible with the latest Password Manager version. To convert Q&A profiles, you must use the Migration Wizard.
When converting users’ Q&A profiles, specify whether to convert profiles of all users belonging to the user scope, users in a specified group or users of a Management policy. You can also select whether to convert Q&A profiles in test or production mode.
IMPORTANT:
-
Before converting users’ Q&A profiles it is recommended to prevent users from accessing the Self-Service Site. For more information, see To specify groups or OUs that are denied access to the Self-Service Site.
-
To avoid bad data error during user migration, run the migration wizard in test mode. View the report to check if the user information have been migrated successfully.
To convert Q&A profiles
-
On the computer where Password Manager is installed, run the Migration Wizard from the Password Manager autorun window. It is recommended to run the Migration Wizard under the Password Manager Service account.
-
On the Welcome page, select the Convert users’ Q&A profiles task.
-
In the Select management policy drop-down box, select the Management Policy to convert Q&A profiles of users from its user scope and click Next.
-
On the second page, do one of the following and click Next:
-
Click All users from the user scope to convert Q&A profiles of all users from the user scope of the selected Management Policy.
-
Click The following groups to specify the groups of users whose Q&A profiles will be converted. To select groups, click Add and do the following:
-
In the Add Groups dialog, enter the group name, select the domain from the list and click Search.
-
Select the required groups in the list and click Save.
-
On the third page, do one of the following and click Next:
-
Click Convert Q&A profiles in test mode to covert profiles in test mode. The existing profiles will not be replaced.
-
Click Convert Q&A profiles in production mode to convert profiles in production mode. All existing profiles will be replaced.
-
On the status page, click View the report for detailed information to view a detailed account of profile conversion. If you converted Q&A profiles in test mode, click Convert Q&A profiles in production mode.
-
Click Finish to close the wizard.
IMPORTANT: After profile conversion, some users may not be able to edit their Q&A profiles. Such users will be able to reset their passwords and unlock accounts on the Self-Service Site, but if they want to edit their Q&A profiles, they will be forced to create new Q&A profiles.
If users’ Q&A profiles have been skipped during profile conversion, such users will not be able to use Password Manager 5.13.2 until they create new Q&A profiles.
Upgrading Secure Password Extension
You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.
To remove the existing and assign a latest-version package
-
Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.
-
Add the latest-version MSI packages to the list of software to be installed.
When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation media.
During the upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.
Upgrading Password Policy Manager
Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.
To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.
To upgrade from Password Policy Manager version 5.7.1 or later versions
-
Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM, see Uninstalling Password Policy Manager.
-
Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM, see Installing Password Policy Manager.
-
Repeat the steps 2 and 3 for each domain controller in the managed domain.
If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.
Administrative Templates
The Password Manager distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Password Manager Administration Console by default.
In the Password Manger installation package, you can find the below mentioned files in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation media.
These administrative templates are supplied in the following files.
File |
Description |
prm_gina.admx |
Contains the administrative policies defined by Password Manager. |
prm_gina.adml |
Allows Group Policy Object Editor to display a policy setting in the configured locale (supported language). |
This chapter consists of the following sections.