Before you start the upgrade process, follow this checklist to ensure you have made the necessary preparations and met the essential upgrade requirements.
Step |
Comment |
Back up the current configuration by doing one of the following:
|
UI customizations will be lost during upgrade. Follow the steps to save the configuration. For more information on saving the configuration, see Import/Export Configuration Settings. |
Ensure that you installed or upgraded the third-party redistributable packages required for the latest version of Password Manager. |
|
Ensure that you know the user name and password for domain management accounts. |
For more information on what permissions are required for a domain management account, see Configuring Permissions for Domain Management Account. |
Ensure that Password Manager Service account is a member of the Administrators group on the Web server where Password Manager is installed. |
|
Ensure that in IIS 7.0, application pool identity account is a member of the IIS_IUSRS local group. This account must also have permissions to create files in the <Password Manager installation folder>\App_Data folder. |
|
Ensure that you know the user name and password for SQL database account. |
That is needed only if Password Manager Service account is configured to use special SQL account (different from Password Manager Service account) to access the SQL database. |
Ensure that the account, that is used to upgrade Password Manager, is a member of the local Administrators group on the server where you upgrade the product. |
|
Ensure that the account, that is used to upgrade Password Manager, is a member of the database creators (db_creator) fixed role on the SQL server hosting the Password Manager configuration database. |
|
Depending on your environment, refer to one of the sections below: “Side-by-Side Upgrade” or “In-Place Upgrade”.
When upgrading to Password Manager 5.6.3, it is recommended to perform a side-by-side upgrade. When performing a side-by-side upgrade, you install Password Manager 5.6.3 on a computer alongside the computer running an earlier version of Password Manager.
Thus, you have two versions of Password Manager and can export and import configuration settings several times using the Migration wizard 5.6.3. This allows you to review the results of the configuration settings import in Password Manager 5.6.3, change export settings if necessary and repeat the procedure of importing configuration settings.
|
IMPORTANT: It is recommended to perform a side-by-side upgrade from Password Manager version 4.7. |
Side-by-side upgrade should be performed in the following order:
This step is optional and should be performed if you have multiple instances of Password Manager.
If you upgrade Password Manager from version 4.6.x, before converting users’ Q&A profiles make sure you stop the scheduled tasks (“Quest Password Manager” and “Quest Password Manager Publisher”) and stop the QPM application pool in IIS console on a computer running Password Manager 4.6.x.
By default, Secure Password Extension automatically discovers the Self-Service site. Before you upgrade Secure Password Extension, you should use the prm_gina.adm(x) administrative template to enforce connection to the Self-Service site 4.x. This will allow users, whose Q&A profiles have not been converted yet, to use the Self-Service site and perform password management tasks. To force Secure Password Extension to connect to the Self-Service site 4.x, you must enable the “Force connection to the Self-Service site 4.x” setting.
To force Secure Password Extension to connect to Self-Service site 4.x on a computer running Windows Server 2008 R2 or later
- OR -
If you used the prm_gina.adm file, select Classic Administrative Templates (ADM) node, and then double-click the One Identity Password Manager template on the right pane.
After you install Password Manager 5.6.3 and convert users’ Q&A profiles, you must disable the “Force connection to the Self-Service site 4.x” setting to allow Secure Password Extension to connect to the Self-Service site 5.6.3.
Secure Password Extension is an application that provides access to the complete functionality of the Self-Service site from the Windows logon screen. Secure Password Extension also provides dialog boxes displayed on end-user computers, these dialog boxes notify users who must create or update their Questions and Answers profiles.
Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and Configuring Secure Password Extension.
|
IMPORTANT: Secure Password Extension may be deployed on different workstations by applying different GPOs. This allows you to not upgrade Secure Password Extension on all the workstations at one time, but do it in several steps depending on your needs and preferences. |
You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.
|
IMPORTANT: By default, Secure Password Extension uses the URL of the Self-Service site installed on the computer where Password Manager Service runs. You can modify the URL on the General Settings|Realm Instances page of the Administration site. |
To remove the existing and assign a latest-version package
When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.adm(x) administrative template with the one located in the \Password Manager\Setup\Administrative Template\ folder of the installation CD.
During upgrade of prm_gina.adm(x) administrative template, the previously made template settings are preserved and picked up by newer versions.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy