Password Reset Utility. Configuration

Similar documents
ADSelfService Plus Client Software Installation via Group Policy Objects (GPOs)

Last updated: January 19, Webtop Setup User Guide

Last updated: May 10, Desktop Setup User Guide

A guide to configure agents for log collection in Log360

Deploying Lightspeed User Agent v

Copyright 2017 Softerra, Ltd. All rights reserved

Autodesk DirectConnect 2010

WMI log collection using a non-admin domain user

Installation of LAPS Password Management Demo Deployment

Farin Foresight/Insight RemoteApp Access Document last updated: 2/7/2017

Qvidian Proposal Automation Enable New Users

Manually Run Ad Logon Script As Administrator Group Policy

10ZiG Technology. Thin Desktop Quick Start Guide

ManageEngine EventLog Analyzer. Installation of agent via Group Policy Objects (GPO)

ms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/grpolwt.htm

Martin Baker Secure Source-to-Pay How to Access and Log In

Enabling Smart Card Logon for Linux Using Centrify Suite

Guide to Deploy the AXIGEN Outlook Connector via Active Directory

EMS MASTER CALENDAR Installation Guide

Team TimeSheet for Outlook & SharePoint Client Installation and Configuration ( Per User Installation and Per Machine Installation )

Installation Guide. . All right reserved. For more information about Specops Command and other Specops products, visit

Partner Integration Portal (PIP) Installation Guide

The Centrify browser extension

ModeChanger

Pearson System of Courses (PSC) Deploying PSC with System Center Configuration Manager (SCCM) for Windows

Installation Guide. . All right reserved. For more information about Specops Deploy and other Specops products, visit

Barracuda Archive Search for Outlook Deployment for Windows Vista and Windows Server 2008

DaDaDocs for Microsoft Dynamics 365 Administrator Guide

Managing the CaseMap Admin Console User Guide

Integrate your CSP Direct Agreement

Network installation guide. Version 3 27 th September 2016

13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.

Briefcase for Mac 1.0. Administrator s Guide

Sage 300. Sage CRM 2018 Integration Guide. October 2017

Rainbow Desktop app Per-user MSI deployment using Microsoft Active Directory Group Policy Objects (AD-GPO)

Setting up Certificate Authentication for SonicWall SRA / SMA 100 Series

R9.7 erwin License Server:

New World ERP-eSuite

CRM Sales Web Portal Installation & Setup Guide

MSI Admin Tool User Guide

citrix MetaFrame Password Manager2.0:Adminsitration

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

Distributed Processing

Exclaimer Mail Archiver

Network Identity Manager with SN-Gina Outlook Web Access

Integrate your CSP Direct Agreement

INSTALLATION GUIDE Spring 2017

Windows 7 Professional 64 bit Installation and Configuration for MassLynx or Empower Controlled Ethernet Instrument Communication

Accops HyWorks v3.0. Installation Guide

SUPER USER GUIDE. For Practice Performance Registry. Rachel Bryan

EMS DESKTOP CLIENT Installation Guide

Enabling Smart Card Logon for Mac OS X Using Centrify Suite

SafeConsole On-Prem Install Guide. version DataLocker Inc. July, SafeConsole. Reference for SafeConsole OnPrem

Enterprise Vault.cloud CloudLink Google Account Synchronization Guide. CloudLink to 4.0.3

One Identity Active Roles 7.2. Azure AD and Office 365 Management Administrator Guide

Deploying SecPod Saner Agent Through Microsoft Active Directory

LepideAuditor. Installation and Configuration Guide

Microsoft Windows Servers 2012 & 2016 Families

Course CLD211.5x Microsoft SharePoint 2016: Search and Content Management

Student Lab Manual MS100.1x: Office 365 Management

Symprex Signature Manager

Chime for Lync High Availability Setup

Symprex Signature Manager

BMC FootPrints 12 Integration with Remote Support

Sophos Central Device Encryption. Administrator Guide

January 12, Prepared by Dina Borisov, Product manager Jetro Platforms. All rights reserved.

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Important notice regarding accounts used for installation and configuration

Tzunami Deployer Hummingbird DM Exporter Guide

Virto Active Directory Service for SharePoint. Release Installation and User Guide

Preupgrade. Preupgrade overview

Contents. Override Default Preferences Pre-Configure Preferences with Transform Files (.MST) Install MSI for current user...

Office Automation Suite 4.4

Clearspan Communicator Desktop R20.2.2

Desktop Authority Installation and Upgrade Guide

Print Audit 6. Print Audit 6 Documentation Apr :07. Version: Date:

9.4 Authentication Server

SafeConsole On-Prem Install Guide

Status Web Evaluator s Guide Software Pursuits, Inc.

Contents. Introduction To CloudSync. 2. System Requirements...2. Installing CloudSync 2. Getting Started 4

Cisco TelePresence Management Suite Extension for Microsoft Exchange

ROCK-POND REPORTING 2.1

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Installation Guide Advanced Authentication - Logon Filter. Version 6.1

Evaluation Guide Host Access Management and Security Server 12.4

Active Directory Auditing Guide

VMware AirWatch Database Migration Guide A sample procedure for migrating your AirWatch database

First Data ServiceCenter Web

OneLogin Integration User Guide

Workstation Configuration Guide

EventTracker v8.2. Install Guide for EventTracker Log Manager. EventTracker 8815 Centre Park Drive Columbia MD

NetIQ Advanced Authentication Framework. Deployment Guide. Version 5.1.0

User Manual. Active Directory Change Tracker

Managing DFS Replication: Directories & Replicated Files

Ricoh Managed File Transfer (MFT) User Guide

Taking SAP Contact Center End-User Applications into Use

Zemana Endpoint Security Administration Guide. Version

Deep Freeze Enterprise - Patch Management

Console 8 Mass Deployment Last Updated November, 2017

Transcription:

Password Reset Utility Configuration

1 Table of Contents 1. Uninstalling Legacy Password Reset... 2 2. Password Reset Utility: How to deploy and configure via Group Policy... 2 3. Configuring Group Policy for ServiceProPasswordresetter... 2 3.1. Password Reset Command Parameters... 3 4. Deploying the computer Startup Script... 4 5. Installing the User Logon Script... 9 6. Uninstalling the password reset utility... 10

2 1. Uninstalling Legacy Password Reset If you are running on Pre-April 2016 version (14.2.5 or earlier version) or using the Legacy Password reset Component, before updating the Password Reset Portal to the newer version, the Legacy Password Reset Component must be uninstalled from all the client PCs where it had been installed through GPO previously. To uninstall the Legacy Password Reset from the client PCs, you need to use the uninstall VB script from the Legacy password reset deploy - Remove the logon script and set the "PasswordResetUnInstallation.vbs" as the startup script to remove the client files from all machines. [This basically just removes the registry keys added when the password reset was installed on the client PCs] If you are currently running on pre-april 2016 version, the uninstall script PasswordResetUnInstallation.vbs for Legacy password reset would be present under the folder for Password Portal. In case you have already updated to the April 2016 or later version, please contact HDT Tech Support to get the uninstall script for Legacy component PasswordResetUnInstallation.vbs. 2. Password Reset Utility: How to deploy and configure via Group Policy ServiceProPasswordResetter.exe can be deployed using Group policy startup and logon scripts. The client utility supports the following Operating systems: Windows 7 SP1 Windows 8.1 Windows 10 Additional information: Windows 7 machines will need.net framework 4 or later present Details about deploying framework via GOP can be found on the Microsoft support site: https://support.microsoft.com/en-us/kb/323886 Active Directory server needs to be Windows 2008R2 or higher. 3. Configuring Group Policy for ServiceProPasswordresetter * Please note that this is a simplified guide to show how the password reset can be deployed under a single OU in your Active Directory structure using sample Startup/Logon scripts. Additional steps or security requirements and considerations may be necessary based on your specific Active Directory configuration and network environment. * During password reset portal installation, you would have been prompted to create and select a network share folder for the password reset utility deployment files. Make sure that this folder has

3 Read/Execute permissions set to Everyone so that domain users and local system accounts have network access to this location. This folder will contain the following files used in the GPO deployment of the passwordresetter utility: ServiceProPasswordResetter.exe ServiceProPasswordResetter.exe.config SPResetterInstall.bat SPResetterRegisterUsr.bat SPResetterUninstall.bat The folder share path and URL path to the password reset portal will need to be updated in the first two batch files, and only the share location for the uninstall batch file. Confirm that the two login scripts SPResetterInstall.bat and SPResetterRegisterUsr.bat have the correct UNC path for the share drive and URL path. @echo off CALL \\yourmachine\pwdshare\servicepropasswordresetter.exe /Install:http://yourwebsite.com/PasswordResetUrl Exit @echo off CALL \\yourmachine\pwdshare\servicepropasswordresetter.exe /Configure:http://yourwebsite.com/PasswordResetUrl Exit 3.1. Password Reset Command Parameters The ServiceProPasswordResetter executable takes the following command parameters during deployment and registration or uninstall: 1. /Install:[Url to your password reset portal deployment] This will install the necessary Windows components needed for the password reset functionality to work on the target client machine. This command needs to be run with Administrator permissions, typically via a Startup GPO script. ServiceProPasswordResetter.exe /Install:http://yourwebsite.com/PasswordResetUrl 2. /Configure:[Url to your password reset portal deployment] This will initiate password reset registration for the currently logged on user. It will launch a registration form for the user to select questions and enter secret answers used for the password reset functionality if they forget their AD password. This does not require administrator permissions and will usually be run via a Logon GPO script. 3. /Uninstall ServiceProPasswordResetter.exe /Configure:http://yourwebsite.com/PasswordResetUrl

4 This will uninstall the password reset components on client machine. The command will need to be run with admin permission similar to the Install command via a startup GPO script. ServiceProPasswordResetter.exe /Uninstall 4. /DefaultCP (Optional) @echo off The DefaultCP switch can be used to set the default credential provider to the HSWCredentialProvider. This will ensure that the user sees the Reset password using ServicePRO on the first login screen that initially loads. The SPResetterInstall.bat batch file can be modified to include this switch at the end of the portal url link. CALL \\yourmachine\pwdshare\servicepropasswordresetter.exe /Install:http://yourwebsite.com/PasswordResetUrl /DefaultCP Exit 4. Deploying the computer Startup Script 1. From Active Directory Users and Computers, select a target Organizational Unit. 2. Create a Global Security group, and add computers on the domain as members of this group that you want the password reset utility to be deployed on. 3. Open the Group Policy Management tool. 4. Select your OU and right click Create a GPO in this domain, and Link it here 5. On the New GPO form, enter a name for GPO: SPStartUpInstallScript 6. Right click on your new GPO and select edit. This will open the Group Policy Editor. 7. Navigate to Scripts from Computer Configuration >> Policies >> Windows Settings >> Scripts.

5 8. Double click Startup to display the Properties. 9. Click Show Files and copy the SPResetterInstall.bat file into this directory if it isn t already there. 10. Select Add and Browse to add the script. Once this is done click OK. 11. Now that the script has been added you need to enable some configuration settings.

6 12. Under the GP Management Editor navigate to: Computer Configuration >> Policies >> Administrative Templates >> System >> Scripts. 13. You need to enable the following settings: Maximum wait time for Group Policy scripts and Run logon scripts synchronously. Note: in some environments, this option might need to be disabled. 14. Now navigate to: Computer Configuration >> Policies >> Administrative Templates >> System >> logon

7 15. Enable the following setting: Always wait for the network at computer startup and logon. 16. Now navigate to: Computer Configuration >> Policies >> Administrative Templates >> System >> Group Policy. 17. Enable the following setting: Group Policy slow link detection. 18. Next, we will need to apply the policy to computer accounts. To simplify this, it is recommended that all computer accounts be placed in a single group. 19. Right-click the main GPO node and click on properties.

8 20. From here switch to the Security tab. We need to add the Security Group that we created at the beginning. This group will contain all of our computer accounts. Once you have added the group, grant them Read and Apply Group Policy permissions. 21. Remove the Apply group policy setting by unchecking the Allow option from the Authenticated Users. 22. Apply these changes and we have finished the first GPO configuration.

9 5. Installing the User Logon Script Option #1: 1. You will need to return to Group Policy Management. Right click on your OU and create another GPO similar to the previous step. 2. Call this new GPO: SPLogonInstallScript. 3. Right click on this new GPO and select edit. 4. You will now be in the GPO Management editor again. 5. Navigate to the following location: User Configuration >> Policies >> Windows Settings >> Scripts (Logon/Logoff). 6. Double-click on the Logon option to display the properties window. 7. Select Show Files and copy the SPResetterRegisterUsr.bat file to this directory if it is not already present. 8. After this is done, select Add and add the script from Browse. 9. After you have added the SPResetterRegisterUsr script you can apply and close the editor. 10. You have now successfully setup the Automatic Registration via Group Policy. Option #2: 1. Please follow the steps 1 through 6 from Option #1. 2. Instead of using the batch file SPResetterRegisterUsr.bat from Option #1, you will need to configure GPO to Execute MFCWebBrowser.exe. 3. In the Scripts tab, select Add and under Script Name add MFCWebBrowser.exe then in the Script Parameters: add the following parameter: http://yourwebsite.com/passwordreseturl/registeruser.aspx?loginname=%username%dm nname=%userdomain%

10 NOTE: This option will only work if SPStartUpInstallScript has successfully installed on computers. 4. After you have added the script, you can apply and close the editor. 5. You have now successfully setup the Automatic Registration via Group Policy. 6. Uninstalling the password reset utility To remove the password reset functionality from a machine, it is recommended that you first remove that machine from the security group used in the install startup scripts. Create another startup script to target the machine(s) for uninstall via another security group. The provided SPResetterUninstall.bat batch file will need to be run via the startup script. Remember to update the share folder location in the file before using it. @echo off CALL \\yourmachine\pwdshare \ServiceProPasswordResetter.exe /Uninstall exit

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback