About Secure Password Extension
Secure Password Extension is an application that provides access to the complete functionality of the Self-Service site from the Windows logon screen. Secure Password Extension also provides dialog boxes displayed on end-user computers, these dialog boxes notify users who must create or update their Questions and Answers profiles.
Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and Configuring Secure Password Extension.
|
IMPORTANT: Secure Password Extension may be deployed on different workstations by applying different GPOs. This allows you to not upgrade Secure Password Extension on all the workstations at one time, but do it in several steps depending on your needs and preferences. |
You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.
|
IMPORTANT: By default, Secure Password Extension uses the URL of the Self-Service site installed on the computer where Password Manager Service runs. You can modify the URL on the General Settings|Realm Instances page of the Administration site. |
To remove the existing and assign a latest-version package
- Remove the assigned package (Quest Secure Password Extension x86.msi or Quest Secure Password Extension x64.msi) from the list of software to be installed.
- Add the latest-version MSI packages to the list of software to be installed.
When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.
During upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.
Upgrading Multiple Instances of Password Manager
This step is optional. It should be performed only if you have installed multiple instances of Password Manager.
To upgrade multiple instances of Password Manager, you need to export the configuration settings from the first configured instance of Password Manager and then import the settings to other instances. You should upgrade all instances of Password Manager to the latest version.
To import configuration settings
- Open the Administration site of the target instance.
- On the menu bar, click General Settings, then click the Import/Export tab and select the Import configuration settings option.
- Click Upload to select the configuration file that you exported earlier.
- Enter the password and click Import.
- Repeat steps 1-4 for other instances of Password Manager.
Upgrading Password Manager
Upgrading Password Manager
This section briefs about the process to upgrade Password Manager to the latest version (5.11.3).
|
NOTE:
- It is recommended to back up the current configuration by exporting the settings from 5.7.1 or later versions. For more information, see To export configuration settings from Password Manager 5.7.1 or later versions
- Running the Migration Wizard is not required while upgrading from Password Manager 5.7.1 or later versions to 5.11.3.
-
If you are upgrading to 5.9.x, it is recommended to reinstall the license file from the Administration site once the upgrade is complete. Before installing the license, delete the existing SoftLicense binary value from [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Quest Software] registry key.
- Any workflows that are customized in the previous versions of Password Manager should be manually merged with the workflow of the latest version of the Password Manager to avoid any end user data corruption.
For example, changes made to the Register workflow (Self-Service workflows) such as addition/update of any authentication steps to the default configuration, should be manually recreated after upgrade to PM 5.11.3.
-
To update storage files with new encryption mechanism, all realm instances must be updated with the Password Manager 5.11.3 configuration and must have the same encryption key.
To perform the same, login to PMAdmin site from the primary server, Navigate to General Settings > Import/Export > Export. Copy and Save the password securely. Import this configuration data in all the PM secondary replication instances by selecting the exported configuration data and providing the password.
-
If the secondary instances are not updated with new configuration, a notification will be displayed in Administration site as 'Import configuration settings from primary instance”.
In the replication instances, Navigate to General Settings > Import/Export > Import, select the exported data from the primary server and input the password saved.
-
Shared.storage file will be encrypted and copied to Active Directory only when all replication instances are updated with Password Manager 5.11.3 configuration and encryption key.
-
When all the realm instances are updated with Password Manager 5.11.3, Q&A profiles of users will be updated with new encryption key when one of the following is performed:
|
This section consists of the following topics:
To export configuration settings from Password Manager 5.7.1 or later versions
-
Connect to the Administration site by typing the Administration site URL in the address bar of your Web browser. By default, the URL is http://<ComputerName>/PMAdmin/.
|
NOTE: When prompted to log in, provide your domain user name in a domainname\username format. |
- On the left pane of the Admin site, click General Settings, and click the Import/Export tab and select the Export configuration settings option, and then click Export.
After you have exported configuration settings from Password Manager 5.7.1 or later versions, you can uninstall it.
To uninstall Password Manager 5.7.1 or later versions
- Click Start, click Run, type
appwiz.cpl
, and then press ENTER.
- Select One Identity Password Manager x86/x64 in the list, and then click Uninstall.
After you uninstall Password Manager 5.7.1 or later versions, install Password Manager 5.11.3 on the same computer. All configuration settings will be automatically detected by the new version. For more information on how to install Password Manager, see Installing Password Manager.
If you have multiple Password Manager instances installed, when upgrading them, you may experience the following issue: the Realm Instances page of the Administration site displays an incorrect list of installed instances. After you upgrade all instances, the page will display the correct list.
In-place upgrade
In-place upgrade from 5.8.2 or later versions to 5.11.3
- From the autorun window of the installation CD, click Install against Password Manager x64 option. Read the content and click Next.
- Read the content in the Risk of data loss! window and select I acknowledge the above instructions ,and then click Next.
- Select I accept the terms in License Agreement ,and then click Next.
- In the Configuration Backup window, provide the File Location and set a new password, and then click Next.
|
NOTE: Do not forget to store the password securely as it is required to import the configuration post upgrade. The backup of the configuration data is now saved in the provided file location. |
- In the Password Manager Service Account Information window, enter the account name and the password details, and then click Next.
- In the Specify Web Site and Application Pool Identity window, choose the website name, enter the account name and the password, and then click Next.
- After completing the above process, click Install.
Upon successful installation, the Password Manager installs the following sites:
- Administration Site
- Helpdesk Site
- Password Manager Self-Service Site
- Legacy Self Service Site
|
NOTE: The above mentioned upgrade steps are not applicable for 5.7.1 or other lower versions. |