Upgrading Secure Password Extension
You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.
To remove the existing and assign a latest-version package
- Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.
- Add the latest-version MSI packages to the list of software to be installed.
When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.
During the upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.
Upgrading Password Policy Manager
Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.
To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.
To upgrade from Password Policy Manager version 5.7.1 or later versions
- Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM, see Uninstalling Password Policy Manager.
- Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM, see Installing Password Policy Manager.
- Repeat the steps 2 and 3 for each domain controller in the managed domain.
If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.
The Password Manager distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Password Manager Administration Console by default.
In the Password Manger installation package, you can find the below mentioned files in \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.
These administrative templates are supplied in the following files.
||Contains the administrative policies defined by OneIdentity Password Manager.|
||Allows Group Policy Object Editor to display a policy setting in the configured locale(supported language).|
This chapter consists of the following sections
Installing Administrative Templates
To install the administrative templates (.admx) on Domain Controller
Login to the Active Directory Domain Controller machine with Administrative Privileges.
Copy Administrative Template Configuration folder from the <CD>/Password Manager/Setup/Tools .
Copy the Administrative Template folder into the Machine from <CD>/Password Manager/Setup/Template.
Double click QPM.AdministrativeTemplateConfiguration.exe from the Administrative Template Configuration folder.
In the Password Manager Administrative Template Configuration window, browse the Administrative Template folder path and verify the path to Policy Definitions.
- Click Execute to run the tool.
- Once the execution is complete, click Exit to close the window.
To install the administrative templates (.admx) on the client computer manually
- Copy the prm_gina.admx file into %windir%\PolicyDefinitions folder directory.
- Copy the prm_gina.adml file into %windir%\PolicyDefinitions\en-us directory.
- Open the Local Group Policy Editor (gpedit.msc).
- In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.
- You can now see the node One Identity Password Manager appearing automatically.
- The .admx policies applied on the client computer takes priority.