-
Title
How to manually configure the Offline Password Reset (OPR) on the client computer -
Description
How to configure the Offline Password Reset (OPR) manually on the client computer. -
Cause
Product design -
Resolution
WORKAROUND:
The supported method of deploying the OPR is through Group Policy (GPO), using the included ADM template, and the included MSI file These can be found in the installation media.
However there maybe a scenario where you must manually configure the OPR after a manual installation of the MSI. In this case there are specific Registry keys the must be manually created and configured in order for the OPR to function.
HKLM->SOFTWARE->Policies->One Identity-> Password Manager->Local Password Reset
New dword = Enabled
Hex value = 1New string = SharedSecretAllowAccess
value =Domain UsersNew dword = ShareSecretUpdatePeriod
Hex value =24HKLM->SOFTWARE->Policies->One Identity-> Password Manager->Local Password Reset-> 1033
NOTE: 1033 is for US English. For other languages, enter the appropriate region code. For example, UK English is 2057.
New String = text
Value = Offline Password ResetThese are the same keys that the ADM template configures when deployed via GPO.
The OPR client is also dependent on the SPE (Secure Password Extension) to be installed on the client machine.
Please refer to the attached screenshots for reference.
-
Attachments
