Chat now with support
Chat with Support

Password Manager 5.7.1 - How to Guide

Overview Licensing Upgrading Secure Password Extension Password Policy Manager Configuration Reinitialization Reports Troubleshooting

How it Works

When a user changes a password in Password Manager, the new password is checked right away, and if it complies with password policies configured in Password Manager, the new password is accepted.

When a user changes a password outside of Password Manager, such as pressing CTRL+ALT+DELETE, the new password will not be checked immediately by Password Manager. The password's compliance with password policy rules will be checked on a Domain Controller. This is why Password Policy Manager must be installed on all Domain Controllers in a managed domain. If Password Policy Manager is not installed, in this case when the user changes password not in Password Manager, password policies configured in Password Manager will be ignored.

Password Policy Manager extends the default password policy settings and allows configuring policy scopes for each policy, so that only specified Organizational Units and groups are affected by the policy.

Password policy settings are stored as Group Policy Objects. Password Policy Manager creates new GPOs, and it does not change any existing GPOs.

Depending on whether a Domain Controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of Password Policy Manager must be installed.

NOTE: Password Policy Manager does not override the native Windows security policy rules, rather the more restrictive of the two rules will be enforced. So if both Password Manager and the Windows Password policy have minimum length requirements and they are not the same, then the more restrictive of the two will be enforced. Password Manager does not overwrite or exclude the native default Windows policies. If you don't want those in place, you will need to disable them.

Installing Password Policy Manager

Password Policy Manager is deployed on all Domain Controllers through Group Policy. You can create a new Group Policy object (GPO) or use an existing one to assign the installation package with Password Policy Manager to the destination computers. Password Policy Manager is then installed on computers on which the GPO applies. Depending on the operating system running on the destination computers, you must apply the appropriate installation package included on the installation media:

 
  • PasswordPolicyManager_x86.msi

    Or

  • PasswordPolicyManager_x64.msi

The installation packages are located in the \Password Manager\Setup\ folder on the installation media.

Settings Controlled by the Password Policy

  • Password Age Rule: Ensures that users cannot use expired passwords or change their passwords too frequently.
  • Length Rule: Ensures that passwords contain the required number of characters.
  • Complexity Rule: Ensures that passwords meet minimum complexity requirements.
  • Required Characters Rule: Ensures that passwords contain certain character categories.
  • Disallowed Characters Rule: Rejects passwords that contain certain character categories.
  • Sequence Rule: Rejects passwords that contain more repeated characters than it is allowed.
  • User Properties Rule: Rejects passwords that contain part of a user account property value.
  • Dictionary Rule: Rejects passwords that match dictionary words or their parts.
  • Symmetry Rule: Ensures that password or its part does not read the same in both directions.
  • Custom Rule: Use this rule to display the custom policy rule message for users when other policy rules cannot be read or to hide the configured policy rules.

Configuring rules for a Password Policy

To configure rules for a password policy:

  1. On the home page of the Administration site, click the Password Policies tab
  2. Under the Password Policies for Managed Domains tab, click Add domain connection
  3. If you already have a Domain Connection configured (such as for User and Helpdesk scopes), click Use this connection
  4. Click One Identity password policies are not configured
  5. Click Add new password policy
  6. Enter an appropriate policy name when prompted
  7. Click Edit and configure the required settings under the Policy Rules tab
  8. Click Policy Scope tab
  9. Click Add in both the Organizational Units and Groups options to link the Policy to the appropriate Organizational Unit and corresponding Group.

NOTE: You must select both or the policy will not be applied to users. The options set here are exactly as you would see the Link option in the native Microsoft Group Policy Management Console (GPMC.msc) MMC Snap-In.
  1. Once the Policy Rules are configured and the Policy is linked, click the Policy Settings tab and un-check the Disable this policy feature to enable the policy
  2. Click Save
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating