Chat now with support
Chat with Support

Password Manager 5.7.1 - How to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Troubleshooting

Requirements

  • The client machine must have the Offline Password Reset utility installed along with the SPE (Secure Password Extension).
  • The user must have Internet access from another machine or Internet-capable Smartphone to access the public-facing corporate Password Manager Self Service site
  • The Forgot My Password workflow (or similar) must have the Allow Users to reset passwords offline option enabled on the Change Password In Active Directory action.
  • Cached logon attempts must be configured
  • The Password Manager administrative template must be configured to turn on Offline Reset functionality

To enable the offline password reset functionality

  1. Install the offline password reset component on target users’ computers via group policy. Use the Password Manager 5.6.x and later files (OfflinePasswordReset_64.msi and OfflinePasswordReset_x86.msi) located in the \Password Manager\Setup folder on the installation CD.

    Secure Password Extension (SPE) must be installed on target users’ computers as well.

  2. Set the required number of cached user logon attempts. This is necessary because the offline password reset functionality will be available only for users who have previously logged in on their computers. You can use Microsoft knowledge base article http://support.microsoft.com/kb/172931 to change the number of cached logon attempts. It is recommended to use the default value (10).

Figure 3: Setting Logon Count via GPO

Figure 4:  

  1. Use the administrative template prm_gina.adm or prm_gina.admxto turn on the offline password reset functionality. The administrative template file is located in the \Password Manager\Setup\Administrative Template\ folder of the installation CD. In the template, enable the following settings:
    • Display the Offline Password Reset button (command link)
    • Set custom name for the Offline Password Reset button (command link) in <Language>”

Figure 5:  

  1. Use the Reset password in Active Directory activity in a required workflow and select the Allow users to reset passwords offline option.

Figure 6:  

Figure 7:  

  1. Save the workflow.

    To provide authentication during the offline password reset procedure, a shared secret is used. The shared secret is stored locally on the user’s computer and its copy is published in Active Directory in the computer’s account during the first logon if the computer is connected to the domain. By default, only domain administrators and the computer account have access to the shared secret. You can specify other users and groups who will have the permission to read the shared secret from the domain. To do this, use the “Configure scope for accessing the shared secret in Active Directory” setting in the administrative template.

Password Policy Manager

Overview

In addition to providing the ability to manage user passwords, Password Manager also provides the ability to configure Password Policies similar to native Password Policies and Windows Fine-Grained Password Policies found in Active Directory. Password Manager Password policies can provide restrictions such as password length, dictionary lookup and history.

The Password Policies are stored in Group Policy Objects (GPOs) and are applied by linking the GPO to a target container defined in Active Directory, such as an Organizational Unit or group.

Password Policy Manager (PPM) is an optional and independently deployed component of Password Manager. The Password Policy Manager component is necessary to enforce password policies configured in Password Manager in instances when users change their passwords using tools other than Password Manager. To enforce password policies which you define with Password Manager, you must deploy Password Policy Manager on all Domain Controllers (DCs) in a managed domain.

Overview

Password Policy Manager

In addition to providing the ability to manage user passwords, Password Manager also provides the ability to configure Password Policies similar to native Password Policies and Windows Fine-Grained Password Policies found in Active Directory. Password Manager Password policies can provide restrictions such as password length, dictionary lookup and history.

The Password Policies are stored in Group Policy Objects (GPOs) and are applied by linking the GPO to a target container defined in Active Directory, such as an Organizational Unit or group.

Password Policy Manager (PPM) is an optional and independently deployed component of Password Manager. The Password Policy Manager component is necessary to enforce password policies configured in Password Manager in instances when users change their passwords using tools other than Password Manager. To enforce password policies which you define with Password Manager, you must deploy Password Policy Manager on all Domain Controllers (DCs) in a managed domain.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating