Getting Started
This section is a walk-through guiding you through the process of configuring and testing the core functionality of Specops Password Reset. First read the information in the Setup section to get the system installed and configured.
The following section assumes that the Specops Password reset server, administrative tools and the client are installed.
Client Installation Note that after installing the client on a Windows XP computer the computer must be restarted. On a Vista computer, logging out and back in is sufficient.
The Administrator’s computer
To get started you must use the administrative tools that were installed on the administrators computer.
Edit a Group Policy object
To enable the Password Reset service for your users you must use a Group Policy Object (GPO) that applies to the users. Locate or create such a GPO from the Group Policy Management Console (GPMC.)
Make sure that the GPO you use is linked so that it applies to the users you want to configure the Password Reset service for. Right-click the GPO and select Edit.
This will open the Group Policy Editor MMC. From here, open the user part and browse to the Windows Settings node and the Specops Password Reset node.
Configuring Password Reset
Click the Enable Password Reset button to get started. This will bring up the main configuration window for Specops Password Reset. Most of the settings have reasonably default values that you can use for your first tests. If you are to use secret questions you must selected which questions that should be available for the users to select.
Click the Import Questions button to select questions from the pool of premade questions.
Saving the Configuration
When you are satisifed with all the settings and questions in the GPO click OK on the main window. As soon as you have done this the settings are saved in the GPO and the settings applied to the affected users.
Editing Questions
Clicking the Import Questions button will bring up the dialog where you can select questions to include in the GPO. Check the questions you want to include or click the Select All button if you want to include all. You can also opt to include localized questions in any of the available languages. Check the languages you want to include.
Click OK when you are happy with the selection.
After you have imported questions and closed the dialog you also have the option to make custom changes to the questions. This includes adding custom questions, editing questions or removing them. You can also indicate that some questions should be required as well as configure a minimum required length for the answer for each question.
To make any of the above changes click the Edit Questions button.
The end users computer
To test the next part you need to be running on a computer where the Specops Password Client has been installed. And you must be logged on as a user affected by the GPO you just edited above.
Enrollment notification
When the GPO was edited and saved the Specops Password Client will inform the user that they need to enroll for the Password Reset service. The balloon tip in the notification area will be displayed on logon, when enrollment is required, and once every hour until the user has enrolled.
Enrollment
Click the Enrollment Notification balloon to open the Specops Password Enrollment web page. Follow the instructions in the wizard, selecting and responding to the number of questions you configured in the GPO.
When you have completed the enrollment an email will be sent to the email address configured on your user object in Active Directory, informing about the completed enrollment.
Resetting the password
Now, lets try out the actual reset feature. To simulate a real world scenario log out to the Windows startup screen. This is where the end user will be when they have forgotten their password. This screen looks different on Windows Vista and Windows XP. The images to the right are screenshots of the two different screens.
Notice the Reset Password link that is available on both screens. This, obviously, is where the user needs to click to be able to reset a forgotten password. Click the link to open the Password Reset web page.
From the Password Reset page the user will be able to respond to the questions he/she selected and answered when enrolling. Failing to supplying the correct answer to a question will increment the lockout count. The number of allowed incorrect anwswer attempts before being locked out was configured by the administrator in the GPO above.
The next question is not displayed until a correct answer has been supplied to the current question. When the user has responded to all the questions the Change Password page is displayed. From here the user types the new desired password while getting instant feedback about which password policy requirements that are met or not.
When a valid password has been entered and the user clicks the finish button the password will be reset. An email is sent to the email address configured on the user in Active Directoy. The next step is to close the Password Reset web page and login to Windows with the new password.
Start menu shortcuts
When the Specops Password client is installed on a computer a few shortscuts are also added on the start menu. These are links to the Enroll and Reset pages described above. There is also a link to the Change Password page. This page is the same as the last page of the Reset wizard but this page can be used by an end user whenever they want to change their password, for example if it is about to expire.
Using this web page when changing passwords is vastly superior to using the built in page in Windows, especially if you have a strong and secure Password Policy.
Page last modified on May 14, 2008, at 10:15 AM