Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.
To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.
To upgrade from Password Policy Manager version 5.x.x
If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.
It is very common for business users to forget their password and be unable to log on to the system. Password Manager allows users to securely and conveniently reset their forgotten network passwords, or manage their passwords in multiple enterprise systems, before even logging on to the system. To enable user’s access to the Self-Service site from the Windows logon screen, Password Manager implements Secure Password Extension.
Secure Password Extension is an application that provides one-click access to the complete functionality of the Self-Service site from the Windows logon screen. Secure Password Extension also provides dialog boxes displayed on end-user computers, these dialog boxes notify users who must create or update their Questions and Answers profiles with Password Manager. Secure Password Extension is included on the installation CD and is deployed through Group Policy. For information on how to deploy and configure Secure Password Extension on end-user workstations in the managed domain, see Deploying and Configuring Secure Password Extension.
Secure Password Extension supports the authentication model in the following systems:
On workstations running Windows 7, Secure Password Extension adds the Forgot My Password link to the Windows logon screen. In Windows 8, 8.1 and 10, Secure Password Extension adds an icon under the Sign-in options to the user tile on the logon screen. By clicking these buttons and links, users open the Self-Service site.
When users connect to the Self-Service site from the Windows logon screen, anonymous access is enabled and the functionality of Microsoft Internet Explorer is restricted, thereby preventing the actions that may pose a security threat. Once users open the Self-Service site home page from the Windows logon screen, they cannot access any other Web site, or open a new browser window or a context menu.