Chat now with support
Chat with Support

Password Manager 5.7.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Secure Password Extension Password Policies Reporting Password Manager Integration Appendixes Glossary About us

About Password Policies

You can use Password Manager to create password policies that define which passwords to reject or accept. Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied by linking the GPOs to a target container defined in Active Directory, such an organizational unit or a group.

Group Policy objects from parent containers are inherited by default. When multiple Group Policy objects are applied, the policy settings are aggregated.

For information on how to apply a password policy and change policy link order, see Managing Password Policy Scope.

Password Policy Manager

Password Policy Manager (PPM) is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in such cases, when users change their passwords using tools other than Password Manager. To enforce password policies that you define with Password Manager, you must deploy Password Policy Manager on all domain controllers in a managed domain.

When a user changes password in Password Manager, new password is checked right away, and if it complies with password policies configured in Password Manager, the new password is accepted.

But when a user changes password by pressing CTRL+ALT+DELETE for example, the new password will not be checked immediately by Password Manager. The password's compliance with password policy rules will be checked on a domain controller, that is why PPM must be installed on all domain controllers in a managed domain. If PPM is not installed, in this case when the user changes password not in Password Manager, password policies configured in Password Manager will be ignored.

Password Policy Manager extends the default password policy settings and allows configuring policy scopes for each policy, so that only specified organizational units and groups are affected by the policy.

Password policy settings are stored as Group Policy Objects. PPM creates new GPOs, and it does not change any existing GPOs.

Depending on whether a domain controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of Password Policy Manager must be installed. The procedure for installing PPM is outlined in Installing Password Policy Manager.

Password Policy Rules

Password Manager uses a set of powerful and flexible rules to define requirements for domain passwords. Each password policy has rules that are configured independently of the rules in other policies.

The following rules duplicate and extend system password policy rules: Password Age rule, Length rule, Complexity rule, and User Properties rule.

For information on how to create and configure a password policy, see Creating and Configuring a Password Policy.

To display the properties of a password policy

  1. On the home page of the Administration site, click the Password Policies tab.
  2. Click the <N> One Identity Password Policieslink under the domain that you want to manage.
  3. On the One Identity Password Policiesfor Domain<DomainName> page, click Edit under the policy whose properties you want to view or modify.

Installing Password Policy Manager

This section describes the steps for deploying Password Policy Manager in a managed domain.

Password Policy Manager is deployed on all domain controllers through Group Policy. You can create a new Group Policy object (GPO), or use an existing one, to assign the installation package with Password Policy Manager to the destination computers. Password Policy Manager is then installed on computers on which the GPO applies. Depending on the operating system running on the destination computers, you must apply either of the following installation packages included on the installation CD:

  • PasswordPolicyManager_x86.msi - Installs Password Policy Manager on domain controllers running an x86 Microsoft Windows Server operating system.
  • PasswordPolicyManager_x64.msi - Installs Password Policy Manager on domain controllers running an x64 Microsoft Windows Server operating system.

The installation packages are located in the \Password Manager\Setup\Password Policy Manager\ folder on the installation CD.

NOTE: Depending on whether a domain controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of the Password Policy Manager must be installed.

To install Password Policy Manager on a single domain controller

  1. Run the appropriate Password Policy Manager MSI package located in the \Password Manager\Setup\Password Policy Manager\ folder on the installation CD.
  2. Restart the computer once the installation completes.

To deploy Password Policy Manager on multiple domain controllers

  1. Copy the appropriate Password Policy Manager MSI package from the installation CD to a network share accessible from all domain controllers in a managed domain.
  2. Create a GPO and link it to all domain controllers in a managed domain. You may also choose an existing GPO to deploy the Password Policy Manager.
  3. Open the Computer Configuration folder under the selected GPO, and then open the Software Settings folder.
  4. Right-click Software installation, and then select New | Package.
  5. Select the MSI package you have copied in step 1.
  6. Click Open.
  7. Select the deployment method and click OK.
  8. Verify and configure the installation properties, if needed.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating