The following are the common configuration recommendations:
The duplicate entries increase the size of the Shared.storage file, which in turn gets replicated to Active Directory, which will increase network traffic with a larger replicated data size. The duplicate entries also cause numerous duplicate connections with the Scheduled Tasks and thus increases the time it takes to complete each Scheduled Task.
For example, if you have a total of 20 Management Scopes, you should only have 20 Domain Connections. If you were to select Add domain connection for every User Scope, Helpdesk Scope and Password Policy setting you would have 60 total Domain Connections.
The Helpdesk site handles typical tasks performed by Helpdesk operators, such as resetting passwords, unlocking user accounts, assigning temporary passcodes, and managing users' Questions and Answers profiles.
The Helpdesk site can be installed either on the same server as the Administration Site and Password Manager service, or on a stand-alone server.
The Helpdesk site uses a form-based authentication which prompts users to logon:
Password Manager allows a Helpdesk group to be added for each Management Scope. If you require different Helpdesk groups to be able to administer different scopes of users, additional Management Scopes will have to be created to accommodate the restrictions for the Helpdesk groups.
The Scope of who can logon to the Helpdesk site can be configured in the Admin site for each Management Policy:
To select the Groups who can access the Helpdesk site, first click Helpdesk Scope, then click Add domain connection.
If you already have a Domain connection, select Use this connection:
If you do not see the desired Domain Connection, click Add domain connection and enter the required information.
Once the Domain has been added, select Edit:
Add in the Groups to be allowed access to the Helpdesk site and perform Helpdesk actions.
As of version 5.5.1, Password Manager now has the ability to change the configuration options, such as the encryption level and the attribute used to store Users’ Q&A Profile settings without the need to reinstall or modify configuration files.
If you choose to perform a Reinitialization, please keep the following in mind:
When changing the Encryption algorithm within the PMAdmin site | General settings | Reinitialization section the following message occurs:
|Warning: Although 5.5.x components such as the SPE and Password Policy Manager may work with the 5.6.x or later servers, it has not been fully tested and is not officially supported.|
|Warning: You are changing configuration and security settings. To prevent users from losing their Q&A profiles use the Migration Wizard to update the profiles.|
What are the next steps?