立即与支持人员聊天
与支持团队交流

Password Manager 5.11.1 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable S2FA for Administrators & Enable S2FA for HelpDesk Users Reporting Password Manager Integration Appendixes Glossary

Upgrading Secure Password Extension

You can centrally upgrade workstations to the latest version of Secure Password Extension by assigning the software for deployment using Group Policy. It is recommended to remove the existing MSI package from the Software installation list, and then assign the latest-version package.

To remove the existing and assign a latest-version package

  1. Remove the assigned package (Quest One Secure Password Extension x86.msi or Quest One Secure Password Extension x64.msi) from the list of software to be installed.
  2. Add the latest-version MSI packages to the list of software to be installed.

When upgrading Secure Password Extension, do not forget to upgrade the prm_gina.admx administrative template with the one located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.

During the upgrade of prm_gina.admx administrative template, the previously made template settings are preserved and picked up by newer versions.

Upgrading Password Policy Manager

Both removal and installation of Password Policy Manager (PPM) requires computer restart. Upgrade PPM on all domain controllers in sequential order. Perform the upgrade during off-peak hours to cause minimal impact to your organization’s operations.

To guarantee that all the passwords in your organization comply with the established policies, Password Policy Manager must be deployed on all domain controllers in the managed domain.

To upgrade from Password Policy Manager version 5.7.1 or later versions

  1. Remove the previous version of Password Policy Manager from a domain controller and restart the computer when prompted. For more information on uninstalling PPM, see Uninstalling Password Policy Manager.
  2. Install the new version of Password Policy Manager on that domain controller and restart the computer when prompted. For more information on installing PPM, see Installing Password Policy Manager.
  3. Repeat the steps 2 and 3 for each domain controller in the managed domain.

If the previous version of Password Policy Manager has been deployed through Group Policy, it should be uninstalled by removing the previously assigned MSI package from the Software installation list. For more information, see Uninstalling Password Policy Manager. After the previous version is removed from the domain controllers, the new version may be deployed to those DCs through Group Policy.

Administrative Templates

The Password Manager distribution package includes Group Policy administrative templates, which you can use to configure the additional features and options that are not available in the Password Manager Administration Console by default.

In the Password Manger installation package, you can find the below mentioned files in \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD.

These administrative templates are supplied in the following files.

File Description
prm_gina.admx Contains the administrative policies defined by OneIdentity Password Manager.
prm_gina.adml Allows Group Policy Object Editor to display a policy setting in the configured locale(supported language).

 

This chapter consists of the following sections

Installing Administrative Templates

To install the administrative templates (.admx) on Domain Controller

  1. Login to the Active Directory Domain Controller machine with Administrative Privileges.

  2. Copy Administrative Template Configuration folder from the <CD>/Password Manager/Setup/Tools .

  3. Copy the Administrative Template folder into the Machine from <CD>/Password Manager/Setup/Template.

  4. Double click QPM.AdministrativeTemplateConfiguration.exe from the Administrative Template Configuration folder.

  5. In the Password Manager Administrative Template Configuration window, browse the Administrative Template folder path and verify the path to Policy Definitions.

  6. Click Execute to run the tool.
  7. Once the execution is complete, click Exit to close the window.

 

To install the administrative templates (.admx) on the client computer manually

  1. Copy the prm_gina.admx file into %windir%\PolicyDefinitions folder directory.
  2. Copy the prm_gina.adml file into %windir%\PolicyDefinitions\en-us directory.
  3. Open the Local Group Policy Editor (gpedit.msc).
    1. In the left pane (console tree) of the Local Group Policy Editor, expand Computer Configuration\Administrative Templates.

    NOTE:

    • You can now see the node One Identity Password Manager appearing automatically.
    • The .admx policies applied on the client computer takes priority.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级