立即与支持人员聊天
与支持团队交流

Defender 6.5.1 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Managing portal database

The Defender Management Portal database is stored in a file named SelfReg.sdf, held in the folder “%ProgramFiles%\One Identity\Defender\Management Portal\WWW\App_Data” on the computer running the Defender Management Portal. This section covers the following database management tasks:

Encrypting database

By default, the Defender Management Portal database is not encrypted. However, as this database contains a service account password used by the Defender Management Portal, you may want to encrypt the database.

To encrypt the database

  1. In IIS Manager, stop the Defender Web Interface site.
  2. On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
    1. Select the Encrypt Database check box.
    2. In the New Password and Confirm New Password boxes, type the password with which you want to encrypt the database.
    3. Click Apply, and then close the dialog box.
  3. In the Web.config file, update the database connection string with the new password:
    1. In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
    2. In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to include the new password. Example:

      connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091;password=NewDatabasePassword"

      where NewDatabasePassword is the password you have set in Step 2 of this procedure.

    3. Save and close the Web.config file.
  4. Use the aspnet_regiis.exe tool to encrypt the database connection string in the Web.config file, so that the password is not displayed as plain text. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to encrypt the database connection string on an x86 system:

    %WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW" -prov "DataProtectionConfigurationProvider"

  5. In IIS Manager, start the Defender Web Interface site.

Note: Encrypting database is only applicable for SQL Compact and not for SQL Express database.

Changing password for encrypted database

To change the password

  1. In IIS Manager, stop the Defender Web Interface site.
  2. On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
    1. In the Old Password box, type the password with which the database was encrypted.
    2. In the New Password and Confirm New Password boxes, type the new password with which you want to encrypt the database.
    3. Click Apply, and then close the dialog box.
  3. Use the aspnet_regiis.exe tool to decrypt the database connection string in the Web.config file, so that you can specify the new password in that file. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to decrypt the database connection string in the Web.config file on an x86 system:

%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW"

  1. In the Web.config file, update the database connection string with the new password:
    1. In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
    2. In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to include the new password. Example:

      connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091;password=NewDatabasePassword"

      where NewDatabasePassword is the password you have set in Step 2 of this procedure.

    3. Save and close the Web.config file.
  2. Use the aspnet_regiis.exe tool to encrypt the database connection string in the Web.config file, so that the password is not displayed as plain text. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to encrypt the database connection string on an x86 system:

    %WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW" -prov "DataProtectionConfigurationProvider"

  3. In IIS Manager, start the Defender Web Interface site.

Decrypting database

To decrypt the database

  1. On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
    1. Clear the Encrypt Database check box.
    2. In the Old Password box, type the password with which the database was encrypted.
    3. Click Apply, and then close the dialog box.
  2. Use the aspnet_regiis.exe tool to decrypt the database connection string in the Web.config file. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to decrypt the database connection string in the Web.config file on an x86 system:

    %WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW"

  3. In the Web.config file, update the database connection string to remove the password:
    1. In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
    2. In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to remove the password. Example:

      connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091"

    3. Save and close the Web.config file.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级