サポートと今すぐチャット
サポートとのチャット

Identity Manager 8.2 - Secure Password Extension Administration Guide

Generic settings

The following table outlines generic administrative template policy settings you can use to customize the behavior of Secure Password Extension.

NOTE: One Identity Manager does not support all settings displayed in the administrative template. This document only lists settings supported by One Identity Manager.

Table 1: Generic administrative template policy settings

Policy name

Description

Generic Settings

Specify URL path to the Self-Service site

Specify the URL to access the Password Reset Portal from the Windows login screen. This URL is opened when users click the Forgot My Password or Manage My Password buttons on the Windows login screen in pre-Windows Vista operating systems, and the Forgot My Password command link in Windows 7 operating systems.

Override URL path to the Self-Service site

Enable the use of the URL to the Password Reset Portal specified in the Specify URL path to the Self-service site setting.

Maximum number of attempts to connect to the Self-Service site

Specify the maximum number of attempts to connect to the Password Reset Portal from Secure Password Extension.

If you disable or do not configure this policy setting, the maximum number of attempts is five.

Add the Forgot My Password link to credential provider tile

Enable this policy setting to add the Forgot my password link to the tile of the selected credential provider on the login screen.

You can select a credential provider from the list or specify the GUID of another credential provider. The GUID must be specified in the following format: {00000000-0000-0000-0000-000000000000}

If you disable or do not configure this policy setting, the Forgot my password link is added to the default Microsoft Password provider tile.

Create a separate tile for Secure Password Extension

Enable this policy setting to create a separate tile for Secure Password Extension on the Windows login screen. You can enable this setting when there are compatibility issues with other credential providers.

If you disable or do not configure this policy setting, the Forgot my password link is added to a default Microsoft Password provider tile or tiles of the credential provider selected in the Add the Forgot my password link to credential provider tile policy.

Refresh interval

Specify how often domain settings are refreshed for Secure Password Extension.

The default value is 5 minutes. If you want to reduce network load, you can increase the refresh interval. If you disable or do not configure this policy setting, the default refresh interval will be used.

Proxy Settings

Enable proxy server access

Enable this policy setting to establish the connection from the Windows login screen to the Password Reset Portal through a proxy server.

Configure required proxy settings

Specify the settings required to enable proxy server access to the Password Reset Portal from the Windows login screen.

Configure optional proxy settings

Specify optional settings for the proxy server access.

Shortcut Policies

Restore desktop shortcuts for the Self-Service site

Enable this policy setting to re-create the desktop shortcut to the Password Reset Portal on a user's computer by Secure Password Extension if the user deletes the desktop shortcut.

Do not create desktop shortcuts for the Self-Service site

Enable this policy setting if you do not want desktop shortcuts to be created by Secure Password Extension on end-user computers.

Do not create any shortcuts for the Self-Service site

Enable this policy setting if you do not want any shortcuts to be created by Secure Password Extension on end-user computers.

Secure Password Extension Title Settings

Display custom names for the Secure Password Extension window title

Enable this policy setting to use custom titles for the Secure Password Extension window.

Set custom name for theSecure Password Extension window title in <Language>

Specify a custom title for the Secure Password Extension window. You can specify the title for each of the required login languages. There are 36 language-specific policy settings available.

The title you specify must not exceed 32 characters. If you use a hieroglyphic font, the title must not exceed 14 characters (because of hieroglyph’s width).

Usage Policy Settings

Display the usage policy button (command link)

Enable this policy setting to use custom usage policy buttons and command links.

The usage policy command link on Windows 7 operating system is displayed on the Windows login screen, and is intended to open an HTML document that describes the enterprise usage policy or contains any information that you may want to make available to end-users.

Set default URL

Specify a URL referring to the usage policy document that is opened by clicking the usage policy button (command link) if no login language-specific URLs are set. The default URL may refer to an HTML file.

Set name and URL for the usage policy button (command link) in <Language>

Specify the labels of the usage policy buttons (command link) and set the links to the usage policy documents that are opened by clicking the usage policy button or command link. You can specify the label and URL for each of the required login languages. There are 36 language-specific policy settings available.

The label you specify must not exceed 32 characters. If you use a hieroglyphic font, the label must not exceed 14 characters (because of hieroglyph’s width). The length of the URL must not exceed 256 characters.

Forgot My Password Settings

Display custom names for the Forgot My Password button (command link)

Enable this policy setting to use custom labels for the Forgot My Password button and the command link.

The Forgot My Password button (command link) opens the Password Reset Portal from the Windows login screen. On Windows 7 operating system, the command link is displayed on the Windows login screen irrespective of whether the user is logged in to the system or not.

Set custom name for the Forgot My Password button (command link) in <Language>

Specify a custom label for the Forgot My Password button (command link). You can specify the label for each of the required login languages. There are 36 language-specific policy settings available.

Secure Password Extension Separate Tile Settings

Create a separate tile for Secure Password Extension

Enable this policy setting to create a separate tile for Secure Password Extension on the Windows login screen. You can enable this setting when there is a compatibility issue with other credential providers.

If you disable or do not configure this policy setting, the Forgot My Password link is added to a default Microsoft Password provider tile or tiles of the credential provider specified in the Add the Forgot my password link to credential provider tile policy.

Set tile image

Select an image that is used for the Secure Password Extension tile on the Windows login screen.

You can use the following image types: bmp, gif, jpg, or png. The image may have any size suitable for your requirements. The recommended size is 128 x 128 pixels.

If you disable or do not configure this policy setting, the default tile picture is displayed.

Set Custom Names

Display custom names of the tile

Enable this policy setting to use custom titles for the Secure Password Extension tile.

The Secure Password Extension tile is displayed under the credential tile on the Windows login screen.

If you disable or do not configure this setting, the default tile title (Secure Password Extension) is displayed.

NOTE: If you disabled the Create a separate tile for Secure Password Extension policy setting, this policy setting has no effect.

Set custom tile name in <language>

Specify a custom title for the Secure Password Extension credential tile on the Windows login screen. You can specify the title for each of the required login languages.

If you disable or do not configure this setting, the default tile title is displayed.

Pre-Windows Vista settings

The following table outlines administrative template policy settings for Secure Password Extension in pre-Windows Vista operating systems.

NOTE: One Identity Manager does not support all settings displayed in the administrative template. This document only lists settings supported by One Identity Manager.

Table 2: Settings for pre-Windows Vista operating systems

Policy name

Description

Secure Password Extension Logo

Set dialog background image

Select an image that is used as background for the Secure Password Extension dialog that is displayed on the Windows login screen.

Secure Password Extension Window Settings

Set the Secure Password Extension window position

Specify the position of the Secure Password Extension window on the Windows login screen of end-user computers.

Manage My Password Settings

Display custom names for the Manage My Password button

Enable this policy setting to use custom labels for the Manage My Password button.

The Manage My Password button opens the Password Reset Portal on pre-Windows Vista operating systems, and is displayed on the Windows login screen provided that you are logged in to the system.

Set custom name for the Manage My Password button in <Language>

Specify a custom label for the Manage My Password button. You can specify the label for each of the required login languages. There are 36 language-specific policy settings available.

Windows 8 settings

The following table outlines administrative template policy settings for Secure Password Extension in Windows 8, 8.1, and 10 operating systems.

NOTE: One Identity Manager does not support all settings displayed in the administrative template. This document only lists settings supported by One Identity Manager.

Table 3: Settings for Windows 8, 8.1, and 10 OS

Policy name

Description

Credential Provider’s Description

Display custom description of the Secure Password Extension credential provider

Enable this policy setting to use custom descriptions for the Secure Password Extension credential provider.

The credential provider description is displayed when users select the Secure Password Extension credential provider in the Sign-in options under their user tiles in the Windows login screen.

If you disable or do not configure this policy setting, the default language-specific description of the Secure Password Extension credential provider is displayed.

Set the custom description in <Language>

Specify a custom description for the Secure Password Extension credential provider. You can specify the description for each of the required login languages.

If you disable or do not configure this policy setting, the default language-specific description of the Secure Password Extension credential provider is displayed.

Icon’s Text Label

Display custom labels for the Secure Password Extension credential provider’s icon

Enable this policy setting to use custom labels for the icon of the Secure Password Extension credential provider.

The text label for the credential provider icon is displayed in a tooltip when a user hovers over the credential provider's icon under the Sign-in options on the Windows login screen.

If you disable or do not configure this policy setting, the default language-specific label for the Secure Password Extension credential provider's icon is displayed.

Set the custom label in <Language>

Specify a custom label for the icon of the Secure Password Extension credential provider. You can specify the label for each of the required login languages.

If you disable or do not configure this policy setting, the default language-specific label for the Secure Password Extension credential provider's icon is displayed.

Link to the Self-Service Site

Display custom names of the Open the Self-Service site link

Specify a custom name for the Open the Password Reset Portal link. You can specify the name for each of the required login languages.

This link opens the Password Reset Portal from the login screen.

If you disable or do not configure this policy setting, the default language-specific name of the Open the Password Reset Portal link is displayed.

Set the custom names of the Open the Self-Service site link in <Language>

Specify a custom name for the Open the Password Reset Portal link. You can specify the name for each of the required login languages.

If you disable or do not configure this policy setting, the default language-specific name for the link is displayed.

Logging

For diagnostic purposes you can turn on logging in Secure Password Extension. The log file can contain the following information: exceptions and errors, debug messages and functions' returns, and so on. You can use this diagnostic data to identify issues with Secure Password Extension.

CAUTION: This section describes how to modify the registry. However, incorrectly modifying the registry may severely damage the system. Therefore, you should follow the steps carefully. It is also recommended to back up the registry before you modify it.

To enable logging

  1. In Windows, click Start and open the Run application.

  2. In the Run dialog, enter regedit and click OK.

  3. In the Registry Editor, create the following key: HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging.

  4. Add a new string value to the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key by performing the following actions:

    1. Click the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key.

    2. In the menu bar, click Edit | New | String Value.

    3. Enter LogLevel and press Enter.

    4. Right-click the LogLevel value.

    5. In the context menu, click Modify.

    6. In the Edit String dialog under Value data, enter All.

    7. Click OK.

  5. Add a new string value to the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key by performing the following actions:

    1. Click the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key.

    2. In the menu bar, click Edit | New | String Value.

    3. Enter LogFolder and press Enter.

    4. Right-click the LogFolder value.

    5. In the context menu, click Modify.

    6. In the Edit String dialog under Value data, enter the path to the log file. For example, C:\Logs.

    7. Click OK.

  6. Exit the Registry Editor.

  7. Restart the computer.

To disable logging

  1. In Windows, click Start and open the Run application.

  2. In the Run dialog, enter regedit and click OK.

  3. In the Registry Editor, click the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key.

  4. Right-click the LogLevel value.

  5. In the context menu, click Modify.

  6. In the Value data box, enter Off.

  7. Click OK.

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択