Chat now with support
Chat with Support

Identity Manager 8.0 - Password Capture Agent Administration Guide

The One Identity Manager Password Capture Agent Appendix About us

Using Windows PowerShell to Uninstall the Password Capture Agent

Using Windows PowerShell to Uninstall the Password Capture Agent

The Password Capture Agent provides a Windows PowerShell module for remote and automated installing, configuring and uninstalling. You can use this method to automatically deploy the Password Capture Agent on each domain controller in the source Active Directory domain.

For uninstalling the Password Capture Agent remotely use the following command in an elevated Active Directory.

Import-Module OneIM-PasswordCaptureAgentMgmt

Uninstall-PasswordCaptureAgent`

-ComputerName <Computer name>`

-LogFile <UNC path to log file>`

–LogVerbose

Related Topics

Fine-Tuning Automated Password Synchronization

This section provides information about the optional tasks related to configuring automated password synchronization from an Active Directory domain to connected data systems.

Detailed information about this topic

Configuring Password Capture Agent

Configuring Password Capture Agent

The Password Capture Agent has several settings you can modify. After you install the Password Capture Agent, each of these parameters is assigned a default value.

NOTE: If you do not configure the thumbprint for the Password Capture Agent, the password will be secured by transport layer security only (HTTPS).
Detailed information about this topic

Configuration Parameters

Some of the configuration parameters for the Password Capture Agent are changeable with the Windows Registry Editor. The parameters are split up into those that are used by the Password Capture Agent service and those used by the Password Capture Agent driver.

The base path for the parameters of the Password Capture Agent service is:

HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Service\

Configuration parameters for the Password Capture Agent service
Table 1: parameter "WebService_URL"
Default Type Description
  String

This setting determines the location - Uniform Resource Locator (URL) - of the Webservice to which the Password Capture Agent provides information about changed user passwords.

In the Form:

https://<serverfqdn>/SoapService/Q1IMService.asmx

Table 2: parameter "CertificateThumbprint"
Default Type Description
  String

This setting specifies a certificate used to encrypt the data transfer channel between the Password Capture Agent and the Webservice. The certificate must be accessible both for the Password Capture Agent and the Webservice.

NOTE: If you disable this setting or do not configure it, the password will be secured by transport layer security only (HTTPS).

The base path for the parameters of the Password Capture Agent driver is:

HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Driver\

NOTE: No reboot is required to take effect.
Configuration parameters for the Password Capture Agent driver
Table 3: parameter "Diagnostic"
Default Type Description
0 DWORD

Controls the logging behavior of Password Capture Agent driver. If enabled event log logging will be verbose, if the parameter "Logfile" has been set, additional trace logging will be written to that log file.

Table 4: parameter "FaultToleranceWaitTimeBeforeRetryInSeconds"
Default Type Description
120 DWORD

Time to wait in seconds before attempting a retry after a connection error.

Table 5: parameter "Logfile"
Default Type Description
  String

Diagnostics log file that should be used in addition to event log logging.

Table 6: Configuration parameter "LoggingSuccessfulOperations"
Default Type Description
0 DWORD

Enable to force the One Identity Manager to log successful transmissions to the Webservice to the event log.

Table 7: parameter "RequiredServices"
Default Type Description
RpcSs EventSystem COMSysApp MultiString

Services that Password Capture Agent driver is waiting for, before starting the Password Capture Agent service.

Table 8: parameter "Ignoring\PasswordResetOperations"
Default Type Description
0 DWORD

Enable to force One Identity Manager to ignore password resets and only transmit password changes to One Identity Manager Service.

Table 9: parameter "Ignoring\UserNames"
Default Type Description
^.*$$ MultiString

Regular expressions that identify accounts that should be ignored. By default '^.*$$' ignores all machines accounts, e.g.: accounts ending with a $..

Table 10: parameter "Ignoring\UserRids"
Default Type Description
500 501 502 MultiString

UserRIDS that should be ignored by default. The default ignores built-in accounts.

Related Topics
Related Documents