The Password Capture Agent provides a Windows PowerShell module for remote and automated installing, configuring and uninstalling. You can use this method to automatically deploy the Password Capture Agent on each domain controller in the source Active Directory domain.

For uninstalling the Password Capture Agent remotely use the following command in an elevated Active Directory.

Import-Module OneIM-PasswordCaptureAgentMgmt

Uninstall-PasswordCaptureAgent`

-ComputerName <Computer name>`

-LogFile <UNC path to log file>`

–LogVerbose

Fine-Tuning Automated Password Synchronization

The One Identity Manager Password Capture Agent > Fine-Tuning Automated Password Synchronization

This section provides information about the optional tasks related to configuring automated password synchronization from an Active Directory domain to connected data systems.

Detailed information about this topic

Configuring Password Capture Agent

The One Identity Manager Password Capture Agent > Fine-Tuning Automated Password Synchronization > Configuring Password Capture Agent

Configuring Password Capture Agent

The Password Capture Agent has several settings you can modify. After you install the Password Capture Agent, each of these parameters is assigned a default value.

NOTE: If you do not configure the thumbprint for the Password Capture Agent, the password will be secured by transport layer security only (HTTPS).

Detailed information about this topic

Configuration Parameters

The One Identity Manager Password Capture Agent > Fine-Tuning Automated Password Synchronization > Configuring Password Capture Agent > Configuration Parameters

Some of the configuration parameters for the Password Capture Agent are changeable with the Windows Registry Editor. The parameters are split up into those that are used by the Password Capture Agent service and those used by the Password Capture Agent driver.

The base path for the parameters of the Password Capture Agent service is:

HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Service\

Configuration parameters for the Password Capture Agent service

Table 1: parameter "WebService_URL"
Default	Type	Description
	String	This setting determines the location - Uniform Resource Locator (URL) - of the Webservice to which the Password Capture Agent provides information about changed user passwords. In the Form: https://<serverfqdn>/SoapService/Q1IMService.asmx

Table 2: parameter "CertificateThumbprint"

Default

Type

Description

String

This setting specifies a certificate used to encrypt the data transfer channel between the Password Capture Agent and the Webservice. The certificate must be accessible both for the Password Capture Agent and the Webservice.

NOTE: If you disable this setting or do not configure it, the password will be secured by transport layer security only (HTTPS).

The base path for the parameters of the Password Capture Agent driver is:

HKLM\SOFTWARE\One Identity\One Identity Manager\Password Capture Agent\Driver\

NOTE: No reboot is required to take effect.

Configuration parameters for the Password Capture Agent driver

Table 3: parameter "Diagnostic"
Default	Type	Description
0	DWORD	Controls the logging behavior of Password Capture Agent driver. If enabled event log logging will be verbose, if the parameter "Logfile" has been set, additional trace logging will be written to that log file.

Table 4: parameter "FaultToleranceWaitTimeBeforeRetryInSeconds"
Default	Type	Description
120	DWORD	Time to wait in seconds before attempting a retry after a connection error.

Table 5: parameter "Logfile"
Default	Type	Description
	String	Diagnostics log file that should be used in addition to event log logging.

Table 6: Configuration parameter "LoggingSuccessfulOperations"
Default	Type	Description
0	DWORD	Enable to force the One Identity Manager to log successful transmissions to the Webservice to the event log.

Table 7: parameter "RequiredServices"
Default	Type	Description
RpcSs EventSystem COMSysApp	MultiString	Services that Password Capture Agent driver is waiting for, before starting the Password Capture Agent service.

Table 8: parameter "Ignoring\PasswordResetOperations"
Default	Type	Description
0	DWORD	Enable to force One Identity Manager to ignore password resets and only transmit password changes to One Identity Manager Service.

Table 9: parameter "Ignoring\UserNames"
Default	Type	Description
^.*$$	MultiString	Regular expressions that identify accounts that should be ignored. By default '^.*$$' ignores all machines accounts, e.g.: accounts ending with a $..

Table 10: parameter "Ignoring\UserRids"
Default	Type	Description
500 501 502	MultiString	UserRIDS that should be ignored by default. The default ignores built-in accounts.

Identity Manager 8.0 - Password Capture Agent Administration Guide

Using Windows PowerShell to Uninstall the Password Capture Agent

Using Windows PowerShell to Uninstall the Password Capture Agent

Related Topics

Fine-Tuning Automated Password Synchronization

Detailed information about this topic

Configuring Password Capture Agent

Configuring Password Capture Agent

Detailed information about this topic

Configuration Parameters

Configuration parameters for the Password Capture Agent service

Configuration parameters for the Password Capture Agent driver

Related Topics

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

Identity Manager 8.0 - Password Capture Agent Administration Guide

Using Windows PowerShell to Uninstall the Password Capture Agent

Using Windows PowerShell to Uninstall the Password Capture Agent

Related Topics

Fine-Tuning Automated Password Synchronization

Detailed information about this topic

Configuring Password Capture Agent

Configuring Password Capture Agent

Detailed information about this topic

Configuration Parameters

Configuration parameters for the Password Capture Agent service

Configuration parameters for the Password Capture Agent driver

Related Topics