Chat now with support
Chat with Support

Password Manager 5.7.1 - How to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Troubleshooting

Overview

This guide is intended for Password Manager 5.7.1. For versions 5.6.1 up to and including 5.7.0, please refer to the 5.7 How-To Guide. Unless otherwise stated, any reference to Password Manager in this guide is only applicable to versions 5.7.1.

For information on the Product Life Cycle, please visit the Password Manager product page at https://support.oneidentity.com/password-manager/.

What’s new in Password Manager 5.7.1

What’s new in Password Manager 5.7.1

For new features and enhancements in Password Manager 5.7.1, see Password Manager 5.7.1 Release Notes.

System requirements

Operating systems supported for Password Manager and components installation:

 

Table 1:

Password Manager and supported operating systems

Password Manager versions

Microsoft Windows versions

5.7.x

  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

NOTE: Password Manager is not supported on Windows Server Core mode setup.

 

Table 2:

Password Policy Manager and supported operating systems

Password Policy Manager versions

Microsoft Windows versions

5.7.x

  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

NOTE: Password Manager is not supported on Windows Server Core mode setup.

 

Table 3:

Secure Password Extension and supported operating systems

Secure Password Extension versions

Microsoft Windows versions

5.7.x

  • Microsoft Windows 7 Service Pack 1
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows 10

NOTE: Password Manager is not supported on Windows Server Core mode setup.

 

Table 4:

Offline Password Reset and supported operating systems

Offline Password Reset versions

Microsoft Windows versions

5.7.x

  • Microsoft Windows 7 Service Pack 1
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows 10

NOTE: Password Manager is not supported on Windows Server Core mode setup.

Microsoft SQL Server versions supported for Password Manager service installation:

Table 5:

Password Manager and supported Microsoft SQL server

Password Manager versions

Microsoft SQL Versions

5.7.x

  • Microsoft SQL Server 2008
  • Microsoft SQL Server 2008 R2
  • Microsoft SQL Server 2008 R2 Service Pack 2
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2012 R2
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016

 

Table 6:

Password Manager and supported Web browsers

Password Manager versions

Web browsers

5.7.x

  • Microsoft Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox 10 or later
  • Apple Safari 5
  • Google Chrome 15 or later

Minimum permissions

As Password Manager sets passwords and other information on User objects in Active Directory, One Identity recommends that the best method to grant sufficient permissions is to make the Password Manager service account a member of Domain Admins.

However, if the Password Manager service account cannot be added to Domain Admins due to security and internal company restrictions, the following minimum set of permissions are required:

  • Membership in the Domain Users group
  • Read permission for all attributes of user objects
  • Write permission for the following attributes of user objects:
    • pwdLastSet
    • comment
    • userAccountControl
    • lockoutTime
  • The right to Reset user passwords
  • Write permission to Create user accounts and Containers in the Users container
  • Read permission for attributes of the OrganizationalUnit object and Domain objects
  • Write permission for the gpLink attribute of the organizationalUnit objects and Domain objects
  • The Read permission for the attributes of the Container and serviceConnectionPoint objects in Group Policy containers
  • The permission to Create container objects in the System container
  • The permission to Create the serviceConnectionPoint objects in the System container
  • The permission to Delete the serviceConnectionPoint objects in the System container
  • The Write permission for the keywords attribute of the serviceConnectionPoint objects in the System container

If you want to use the same domain connection in password policies as well, make sure the account has the following permissions:

  • The Read permission for attributes of the groupPolicyContainer objects.
  • The Write permission to create and delete the groupPolicyContainer objects in the System Policies container
  • The Read permission for the nTSecurityDecriptor attribute of the groupPolicyContainer objects
  • The permission to Create and Delete container and the serviceConnectionPoint objects in Group Policy containers
  • The Read permission for the attributes of the Container and serviceConnectionPoint objects in Group Policy containers
  • The Write permission for the serviceBindingInformation and displayName attributes of the serviceConnectionPoint objects in Group Policy containers
  • The Write permission for the following attributes of the msDS-PasswordSettings object:
    • msDS-LockoutDuration
    • msDS-LockoutThreshold
    • msDS-MaximumPasswordAge
    • msDS-MinimumPasswordAge
    • msDS-MinimumPasswordLength
    • msDS-PasswordComplexityEnabled
    • msDS-PasswordHistoryLength
    • msDS-PasswordReversibleEncryption
    • msDS-PasswordSettingsPrecedence
    • msDS-PSOApplied
    • msDS-PSOAppliesTo
    • name

SQL database and Reporting required permissions:

  • When creating the database, the account specified must have permission to create a database
  • When specifying the Report Server URL, the specified account must have permissions to deploy reports. Example:
    • Under Site Settings, add the specified account as a System Administrator
    • Under the root folder (Home) at http://<sqlserver>/Reports, add the specified account as a Content Manager.

      In some environments, the specified account may have to be added explicitly as a Local Administrator on the SQL Reporting server.

For comprehensive step-by-step instructions, please follow this guide:

https://support.oneidentity.com/password-manager/kb/27946

In addition, the accounts you specify when installing Password Manager must meet the following requirements:

  • Password Manager service account must be a member of the local Administrators group on the server where Password Manager is installed
  • The Application pool identity account must be a member of the IIS_IUSRS local group when using IIS 7.0. The account must also have permissions to create files in the <Password Manager installation folder>\App_Data folder
  • The Application pool identity account must have the Full Control permission set for the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager

 

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
RSS Feed
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents