Best Practices
This page contains some best practices for using Specops Password Reset.
Placing a Specops Password Reset Web Server in a DMZ
The Specops Password Reset Web Server can be safely exposed to the Internet, to allow users to reset their password when they’re not on the internal network. For example company users travelling or external users.
Prerequisites
The Specops Password Reset Server component must be installed on a server on the internal network.
The port used for communication (default is 4371) between the SPR Web server and the SPR Server must be opened in the firewall. The port number can be configured on the Web server if required.
The server where the SPR Web server is installed can be a standalone server or a domain-joined server.
Installation
Installation is accomplished using the Setup Assistant. Run SETUP.EXE from the installation package, select the Web Installation tab and follow the instructions below to complete all necessary steps.
Operating system for the server
The web server software requires one of the following operating system configurations:
- Windows Server 2008
- Windows Server 2003, including R2
Local permissions on server for user
Some of the setup steps requires you to be part of the local administrator group. Make sure that the account you are running with meet this requirement.
.NET Framework version
Microsoft .NET Framework 3.5 or later must be installed.
Internet Information Services
The Specops Password Web application requires Internet Information Services (IIS) to be installed in order to work.
If IIS isn’t installed, click the Install button to start the IIS installation.
Select remoting server
The remoting server is the server where the Specops Password Reset Server is installed. Select the name of the server where the Password Reset Server is installed.
Select Web Site
Select the web site where the application will be installed and then select the The current computer is located in a DMZ checkbox:
Select Certificate
A server authentication certificate is required to enable Secure Socket Layer (SSL) encryption on the Specops Password Reset Web server. If the web site selected is already SSL enabled then a certificate does not have to be selected. If you don’t have an existing server authentication certificate from a trusted Certification Authority (CA), you can choose to create a self-signed certificate for you Specops Password Reset Web server.
Caution! It is not a security best practice to deploy a Specops Password Reset Web server in a production environment using a self-signed server authentication certificate
Specops Password Web installation
Click the Install button to install the component.
Page last modified on October 28, 2008, at 12:02 PM