The Defender Management Portal database is stored in a file named SelfReg.sdf, held in the folder “%ProgramFiles%\One Identity\Defender\Management Portal\WWW\App_Data” on the computer running the Defender Management Portal. This section covers the following database management tasks:
By default, the Defender Management Portal database is not encrypted. However, as this database contains a service account password used by the Defender Management Portal, you may want to encrypt the database.
To encrypt the database
- In IIS Manager, stop the Defender Web Interface site.
- On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
- Select the Encrypt Database check box.
- In the New Password and Confirm New Password boxes, type the password with which you want to encrypt the database.
- Click Apply, and then close the dialog box.
- In the Web.config file, update the database connection string with the new password:
- In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
- In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to include the new password. Example:
connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091;password=NewDatabasePassword"
where NewDatabasePassword
is the password you have set in Step 2 of this procedure.
- Save and close the Web.config file.
- Use the aspnet_regiis.exe tool to encrypt the database connection string in the Web.config file, so that the password is not displayed as plain text. You can find aspnet_regiis.exe in one of these folders:
- On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
- On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319
Sample command to encrypt the database connection string on an x86 system:
%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW" -prov "DataProtectionConfigurationProvider"
- In IIS Manager, start the Defender Web Interface site.
Note: Encrypting database is only applicable for SQL Compact and not for SQL Express database.
To change the password
- In IIS Manager, stop the Defender Web Interface site.
- On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
- In the Old Password box, type the password with which the database was encrypted.
- In the New Password and Confirm New Password boxes, type the new password with which you want to encrypt the database.
- Click Apply, and then close the dialog box.
- Use the aspnet_regiis.exe tool to decrypt the database connection string in the Web.config file, so that you can specify the new password in that file. You can find aspnet_regiis.exe in one of these folders:
- On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
- On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319
Sample command to decrypt the database connection string in the Web.config file on an x86 system:
%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW"
- In the Web.config file, update the database connection string with the new password:
- In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
- In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to include the new password. Example:
connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091;password=NewDatabasePassword"
where NewDatabasePassword
is the password you have set in Step 2 of this procedure.
- Save and close the Web.config file.
- Use the aspnet_regiis.exe tool to encrypt the database connection string in the Web.config file, so that the password is not displayed as plain text. You can find aspnet_regiis.exe in one of these folders:
- On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
- On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319
Sample command to encrypt the database connection string on an x86 system:
%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW" -prov "DataProtectionConfigurationProvider"
- In IIS Manager, start the Defender Web Interface site.