立即与支持人员聊天
与支持团队交流

Password Manager 5.9.7 - Administration Guide

About Password Manager Getting Started Password Manager Architecture
Password Manager Components and Third-Party Solutions Typical Deployment Scenarios Password Manager in Perimeter Network Management Policy Overview Password Policy Overview Secure Password Extension Overview reCAPTCHA Overview User Enrollment Process Overview Questions and Answers Policy Overview Password Change and Reset Process Overview Data Replication Phone-Based Authentication Service Overview
Management Policies
Checklist: Configuring Password Manager Understanding Management Policies Configuring Access to the Administration Site Configuring Access to the Self-Service Site Configuring Access to the Helpdesk Site Configuring Questions and Answers Policy Workflow overview Custom workflows Custom Activities Self-Service Workflows Helpdesk Workflows Notification Activities User Enforcement Rules
General Settings
General Settings Overview Search and Logon Options Import/Export Configuration Settings Outgoing Mail Servers Diagnostic Logging Scheduled Tasks Web Interface Customization Instance Reinitialization Realm Instances Domain Connections Extensibility Features RADIUS Two-Factor Authentication Unregistering users from Password Manager Working with Redistributable Secret Management account Email Templates
Upgrading Password Manager Administrative Templates Secure Password Extension Password Policies One Identity Starling Reporting Password Manager Integration Appendixes Glossary

Launching User Notification

Every unique Password Manager instance creates a configuration storage account in Active Directory. Password Manager uses this account to store its configuration data. Secure Password Extension uses the account to launch user notification.

  1. Secure Password Extension locates the configuration storage account and obtains information on notification schedule.
  2. Secure Password Extension locates the user's account to check whether the user has been marked by the Password Manager scheduled task and should be notified to create or update his Questions and Answers profile.

Deploying and Configuring Secure Password Extension

This section describes the prerequisites and steps for deploying and configuring Secure Password Extension to provide access to the Self-Service site from the Windows logon screen on end-user computers. Secure Password Extension also provides dialog boxes displayed on end-user computers, these dialog boxes notify users who must create or update their Questions and Answers profiles with Password Manager.

Deploying Secure Password Extension

Secure Password Extension is deployed on client computers through Group Policy. You can create a new Group Policy object (GPO) or use an existing one to assign the installation package with Secure Password Extension for installing it on the destination computers. Secure Password Extension is then installed on computers to which the GPO applies. Depending on the operating system running on the destination computers, you must apply either of the following installation packages included on the installation CD:

  • SecurePasswordExtension_x86.msi - Installs Secure Password Extension on computers running x86 versions of operating systems.
  • SecurePasswordExtension_x64.msi - Installs Secure Password Extension on computers running x64 versions of operating systems.

You can modify the behavior and on-screen appearance of Secure Password Extension components by configuring an administrative template's settings, and then applying the template to the target computers through Group Policy.

The administrative template is available in only one format: prm_gina.admx.

The prm_gina.admx administrative template file is located in the \Password Manager\Setup\Template\Administrative Template\ folder of the installation CD. This administrative template is designed to be used with Windows Server 2012 R2 or later operating systems. Before using this administrative template, copy the prm_gina.admx and prm_gina.adml files from the installation CD to the following locations: %systemroot%\SYSVOL\domain\Policies\PolicyDefinitions(for the prm_gina.admx file) and %systemroot%\SYSVOL\sysvol\domain\Policies\PolicyDefinitions\en-US (for the prm_gina.adml file).

Alternatively, you could use the Administrative Template configuration tool to copy and use the admx templates.

Follow the steps below to configure and deploy the Secure Password Extension on end-user computers.

To deploy and configure Secure Password Extension

  1. Copy the required installation package (SecurePasswordExtension_x86.msi or SecurePasswordExtension_x64.msi) from the installation CD to a network share accessible from all domain controllers where you want to install Secure Password Extension. The MSI packages are located in the \Password Manager\Setup\ folder of the installation CD.
  2. Create a GPO and link it to all computers, sites, domains, or organizational units where you want to use Secure Password Extension. You may also choose an existing GPO to use with Secure Password Extension.
  3. Open the Group Policy Management Editor in the Group Policy Management, and then do the following
    • Expand Computer Configuration/Policies/Software Settings, right-click Software installation, and then select New | Package.
    • Browse for the MSI package you have copied in step 1, and then click Open.
    • In the Deploy Software window, select a deployment method and click OK.
    • Verify and configure the properties of the installation, if needed.

Configuring Secure Password Extension

This section describes how to override automatic location of the Self-Service site and customize Secure Password Extension.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级