立即与支持人员聊天
与支持团队交流

Password Manager 5.13.2 - Administration Guide

About Password Manager Getting started Password Manager architecture
Password Manager components and third-party applications Typical deployment scenarios Password Manager in a perimeter network Management Policy overview Password policy overview Secure Password Extension overview reCAPTCHA overview User enrollment process overview Questions and Answers policy overview Password change and reset process overview Data replication Phone-based authentication service overview
Management policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring access to the Administration Site Configuring access to the Legacy Self-Service Site or Password Manager Self-Service Site Configuring access to the Helpdesk Site Configuring Questions and Answers policy Workflow overview Custom workflows Custom activities Legacy Self-Service or Password Manager Self-Service Site workflows Helpdesk workflows Notification activities User enforcement rules
General Settings
General Settings overview Search and logon options Importing and exporting configuration settings Outgoing mail servers Diagnostic logging Scheduled tasks Web Interface customization Instance reinitialization Realm Instances Domain Connections Extensibility features RADIUS Two-Factor Authentication Internal Feedback Password Manager components and third-party applications Unregistering users from Password Manager Bulk Force Password Reset Fido2 key management Working with Redistributable Secret Management account Email templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies Enable 2FA for administrators and helpdesk users Reporting Password Manager integration Accounts used in Password Manager Open communication ports for Password Manager Customization options overview Feature imparities between the legacy and the new Self-Service Sites Third-party contributions Glossary

Password Policy Manager

Password Policy Manager is an independently deployed component of Password Manager. Password Policy Manager is necessary to enforce password policies configured in Password Manager in those cases where users change their passwords using means other than Password Manager. For example, when user change their password on the Self-Service Site, a new password is checked against password policy rules immediately, and if it complies with password policies configured in Password Manager, the new password is accepted. But when user change their password by pressing CTRL+ALT+DELETE, for example, the password’s compliance with password policies cannot be checked by Password Manager unless Password Policy Manager is deployed on all domain controllers in a managed domain. Password Policy Manager installs the dictionary file in the SYSVOL folder to set a dictionary rule for new passwords. If the dictionary file already exists in the SYSVOL folder, Password Policy Manager setup will not replace the file while installing.

If Password Policy Manager is not installed on all domain controllers in the domain, password policies configured in Password Manager will be ignored when users change password by means other than Password Manager.

NOTE: The user account that is used to install Password Policy Manager must have write access to the SYSVOL folder in domain controller.

NOTE: When the user uninstalls Password Policy Manager, the installer will not remove the dictionary file from the SYSVOL folder. The user must remove the dictionary file manually if the file is not needed.

Caution: Removing the dictionary file from the SYSVOL folder in one Domain Controller will result deletion of the dictionary file in all Domain Controllers .

For more information on Password Policy Manager, see About Password Policies.

Password Policy Rules

Password Manager uses a set of powerful and flexible rules to define requirements for domain passwords. Each password policy has rules that are configured independently of the rules in other policies.

The following rules duplicate and extend system password policy rules: Password Age rule, Length rule, Complexity rule, and User Properties rule.

For information on how to create and configure a password policy, see Creating and Configuring a Password Policy.

To display the properties of a password policy

  1. On the home page of the Administration Site, click the Password Policies tab.

  2. Click the <N> One Identity Password Policies link under the domain that you want to manage.

  3. On the One Identity Password Policies for Domain <DomainName> page, click Edit under the policy whose properties you want to view or modify.

Installing Password Policy Manager

To install the Password Policy Manager component in your managed domain, you must deploy it on all Domain Controllers (DC) via a Group Policy. You can create a new Group Policy Object (GPO), or use an existing one, to assign the Password Manager installation package with Password Policy Manager to the destination computers. Password Policy Manager is then installed on the computers to which the GPO applies.

The installer of the Password Policy Manager component is located at the following subfolder of the Password Manager ISO image or extracted installation archive:

/Password Manager/Setup/PasswordPolicyManager_x64.msi

To install Password Policy Manager on a single DC

  1. Run the PasswordPolicyManager_x64.msi installation package.

  2. Restart the computer once the installation is completed.

To deploy Password Policy Manager on multiple domain controllers

  1. Copy the PasswordPolicyManager_x64.msi installation package to a network share accessible from all DCs in the managed domain.

  2. Create a GPO and link it to all DCs in your managed domain. You may also choose an existing GPO to deploy Password Policy Manager.

  3. Under the selected GPO, open Computer Configuration > Software Settings.

  4. Right-click Software installation, then select New > Package.

  5. Select the PasswordPolicyManager_x64.msi installation package.

  6. Click Open.

  7. Select the deployment method and click OK.

  8. Verify and configure the installation properties, if needed.

Uninstalling Password Policy Manager

To uninstall Password Policy Manager, remove it from all Domain Controllers (DC) in your managed domain.

To uninstall Password Policy Manager

  1. Remove Password Policy Manager from the DC of the managed domain.

  2. Restart the computer when prompted.

  3. Repeat the previous steps for all remaining DCs in the managed domain.

If you have deployed Password Policy Manager via a Group Policy, then uninstall Password Policy Manager by removing the PasswordPolicyManager_x64.msi installation package from the Software installation list.

To remove the Password Policy Manager installation package from a Group Policy

  1. Start the Group Policy Management snap-in. To do so, click Start, and navigate to Programs > Administrative Tools > Group Policy Management.

  2. In the console tree, click the group policy object that you used to deploy the package, and click Edit.

  3. Expand the Software Settings container that contains the Software installation item that you used to deploy the package.

  4. Click the Software installation container that contains the PasswordPolicyManager_x64.msi package.

  5. In the right pane of the Group Policy window, right-click the PasswordPolicyManager_x64.msi package, point to All Tasks, and then click Remove.

  6. Click Immediately uninstall the software from users and computers, and then click OK.

  7. Quit the Group Policy Object Editor snap-in, and then quit the Group Policy Management snap-in.

    IMPORTANT: If you uninstall Password Manager, but do not remove Password Policy Manager from DCs in a managed domain, configured password policies will still be enforced. To stop the enforcement of password policies configured in Password Manager, uninstall Password Policy Manager from all DCs in the managed domain.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级