立即与支持人员聊天
与支持团队交流

Password Manager 5.9.7 - Administration Guide (AD LDS Edition)

About Password Manager Getting Started Upgrading Password Manager Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Data Replication Phone-Based Authentication Service Overview Configuring Management Policy
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances AD LDS Instance Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Password Policies One Identity Starling Reporting Appendix A: Accounts Used in Password Manager for AD LDS Appendix B: Open Communication Ports for Password Manager for AD LDS Appendix C: Customization Options Overview Glossary

Customizing Redistributable Secret Management log path

By default, the rSMS logs are available in C:\Windows\Temp\rSMS. You have the option to customize the log path to record the logs at a different location.

Customizing rSMS log path

  1. On the system where the Password Manager Admin site is installed, click Start and then Services.

  2. On the Services window, right-click on One Identity rSMS Service.
  3. Select Properties and check the location from the Path to executable section.
  4. Open the command prompt with administrator privileges and navigate to the directory where One Identity rSMS Service is installed.
  5. From the directory where One Identity rSMS Service is installed, run the rSMS.Config.exe LogPath command to view the rSMS log path.

    The log path currently used to record rSMS logs is displayed.

  1. To update the log path, run the rSMS.Config.exe LogPath -f <new path> command. For example, rSMS.Config.exe LogPath -f C:\PM.

    The log path is updated. To confirm the log path run the rSMS.Config.exe LogPath command again.

  1. Restart the One Identity rSMS Service.

Email Templates

Password Manager provides option to set the default template for confirmation e-mail. To send an auto generated email to user if workflow succeeds or fails, configure the email template from the General Settings tab for authentication.

To configure default e-mail template:

  1. On the home page of the Administration site, click General Settings, and then click the Email Template tab.

  2. Select the desired language from the Select language to customize template drop down menu, to customize the email template.

  3. Click the + sign before the desired workflow to edit the template. Edit the subject and body of the notification template in the default language as required. When editing the notification template, you can use the parameters available in the notification editor, for example #USER_ACCOUNT_NAME#, #WORKFLOW_RESULT#, and others.

  4. In the Message format box, select the format to use for the notifications. You can select from two options: either HTML or Plain text.

  5. Select the default language from the Select default language for email drop down menu, to select the default email template to send to the user.

  6. In the User notification settings, select one of the following options for user notification subscription:

    • Subscribe users to this notification. Allow users to unsubscribe.
    • Subscribe users to this notification. Do not allow users to unsubscribe.
    • Do not subscribe users to this notification. Allow users to subscribe to this notification.
  7. Click Save, to save the settings

Password Policies

About Password Policies

By default, an AD LDS instance applies existing local or domain password policies. If a server on which AD LDS is installed belongs to a workgroup, the server’s local password policy settings and account lockout settings are enforced. If the server on which AD LDS is running belongs to a domain, the password policy settings and account lockout settings from the domain are enforced.

You can use Password Manager to create additional password policies that define which passwords to reject or accept. For each policy, you can configure a number rules, for example, a password age rule, complexity and length rules, custom rule, and others. It is recommended to use the custom rule to display the settings of the local or domain password policy applied to the server on which AD LDS is running. For more information, see Custom Rule.

Password policy settings are stored in Group Policy objects (GPOs). A GPO is applied to a target organizational unit. Group Policy objects from parent containers are inherited by default. When multiple Group Policy objects are applied, the policy settings are aggregated. For information on how to apply a password policy and change the policy priority, see Managing Password Policy Scope.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级