Password Manager includes an Offline Password Reset option to allow users to reset passwords on the local machine (i.e. laptop) when users have forgotten their current passwords and their computers are not connected to the Intranet (Active Directory is not available).
This functionality is based on resetting user password in locally cached logon data.
The Allow users to reset passwords offline option to enable users to use the offline password reset
functionality provided by Password Manager. This functionality allows resetting passwords when users have
forgotten their current passwords and their computers are not connected to the intranet (Active Directory is not
This functionality is based on resetting user password in locally cached logon data. The security is provided by
using the challenge-response mechanism that guarantees the following:
• A user can reset the locally cached password only after resetting the password online on the Self-Service
• A user must specify the same password on the Self-Service site and on the computer in the Offline
password reset wizard.
When offline password reset is enabled on users’ computers, a user must perform the following steps to reset
his or her password:
How users are to use the Offline Password Reset:
1 Open the Offline Password Reset wizard by clicking the corresponding link on the Windows logon screen.
2 In the wizard, enter the user name (this step is optional). Click Next.
3 Open the Self-Service site on a computer connected to the Internet and find the user account.
4 Select the corresponding task to reset password.
5 When performing the task, the user must specify a new password. When the task is successfully
performed, a response code is displayed for the user.
6 Then, in the Offline Password Reset wizard, the user must enter the response code and the new
password the user specified on the Self-Service site. Click Next.
7 If the password is successfully reset, click Finish to close the wizard.
To enable the offline password reset functionality
How to configure the Offline Password Reset:
1 Install the offline password reset component on target user computers via group policy. Use the
OfflinePasswordReset_x64.msi or OfflinePasswordReset_x86.msi files located in the \Password
Manager\Setup folder on the installation CD.
NOTE: The Secure Password Extension must be installed on target user computers as well. For more
information on installing Secure Password Extension, see Deploying and Configuring Secure Password
Extension in the Admin Guide.
2 Set the required number of cached user logon attempts. This is necessary because the offline password
reset functionality will be available only for users who have previously logged in on their computers. You
can use Microsoft knowledge base article http://support.microsoft.com/kb/172931 to change the
number of cached logon attempts. It is recommended to use the default value.
3 Use the administrative template prm_gina.adm or prm_gina.admx to turn on the Offline Password Reset
functionality. The administrative template file is located in the \Password Manager\Setup\Administrative
Template\ folder of the installation CD. In the template, enable the following settings: “Display the
Offline Password Reset button (command link)” and “Set custom name for the Offline Password Reset
button (command link) in <Language>”. For more information on using the administrative template, see
Managing Secure Password Extension Using Administrative Templates on page 159.
4 Use the Reset password in Active Directory activity in a required workflow and select the Allow users to
reset passwords offline option.
5 Save the workflow.