Chat now with support
Chat with Support

Password Manager 5.9.5 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow Overview Custom Workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Hybrid Subscription One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Logging in Secure Password Extension

For diagnostic purposes you can turn on logging in Secure Password Extension. The log file can contain the following information: exceptions and errors, debug messages and functions’ returns, etc. You can use this diagnostic data to identify issues with Secure Password Extension.

Caution: This section describes how to modify the Registry. However, incorrectly modifying the Registry may severely damage the system. Therefore, you should follow the steps carefully. It is also recommended to back up the Registry before you modify it.

To enable logging in Secure Password Extension

  1. On a computer where Secure Password Extension is installed, click the Start button, click Run, and type regedit. Click OK.
  2. In the Registry tree (the left tab), create the following key: HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging.
  3. Add a new string value to the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key. To do it, click the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key. On the Edit menu, select New, and then click String Value.
  4. Type LogLevel and then press ENTER to name the string value.
  5. Right-click the LogLevel value and select Modify.
  6. In the Edit String dialog box, type All under Value data. Click OK.
  7. Add a new string value to the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key. To do it, click the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key. On the Edit menu, select New, and then click String Value.
  8. Type LogFolder and then press ENTER to name the string value.
  9. Right-click the LogFolder value and select Modify.
  10. In the Edit String dialog box, type the path to the log file under Value data. For example, C:\Logs. Click OK.
  11. Exit the Registry Editor.
  12. Restart the computer.

To disable logging in Secure Password Extension

  1. On a computer where Secure Password Extension is installed, click the Start button, click Run, and type regedit. Click OK.
  2. In the HKEY_LOCAL_MACHINE\SOFTWARE\One Identity\Password Manager\Logging registry key, select the LogLevel value.
  3. Right-click the LogLevel value and select Modify.
  4. In the Value data box, type Off, and click OK.

 

Password Policies

About Password Policies

You can use Password Manager to create password policies that define which passwords to reject or accept. Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied by linking the GPOs to a target container defined in Active Directory, such an organizational unit or a group.

Group Policy objects from parent containers are inherited by default. When multiple Group Policy objects are applied, the policy settings are aggregated.

For information on how to apply a password policy and change policy link order, see Managing Password Policy Scope.

Password Policy Manager

Password Policy Manager (PPM) is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in such cases, when users change their passwords using tools other than Password Manager. To enforce password policies that you define with Password Manager, you must deploy Password Policy Manager on all domain controllers in a managed domain.

When a user changes password in Password Manager, new password is checked right away, and if it complies with password policies configured in Password Manager, the new password is accepted.

But when a user changes password by pressing CTRL+ALT+DELETE for example, the new password will not be checked immediately by Password Manager. The password's compliance with password policy rules will be checked on a domain controller, that is why PPM must be installed on all domain controllers in a managed domain. If PPM is not installed, in this case when the user changes password not in Password Manager, password policies configured in Password Manager will be ignored.

Password Policy Manager extends the default password policy settings and allows configuring policy scopes for each policy, so that only specified organizational units and groups are affected by the policy.

Password policy settings are stored as Group Policy Objects. PPM creates new GPOs, and it does not change any existing GPOs.

Depending on whether a domain controller is running an x86 or x64 version of Microsoft Windows Server operating system, the appropriate version of Password Policy Manager must be installed. The procedure for installing PPM is outlined in Installing Password Policy Manager.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating