Installation
Specops Password Reset is installed by using the Setup Assistant. Execute SpecopsPasswordSetup.exe to start the Setup Assistant.
The Setup Assistant automatically detects if the 32-bit or 64-bit setup package should be used during installation.
Follow the instructions of the Setup Assistant and complete the steps below.
1. Install/update the license
- On the Welcome page, in the Specops Password Reset panel, install the license by pressing the “Import license” button or the “Update license” button if a license is already installed.
- Press the “Start Installation” button.
- Press the “Next” button in the lower right corner.
The Setup Assistant automatically detects if the 32-bit or 64-bit setup package should be used during installation.
Follow the instructions of the Setup Assistant and complete the steps below.
2. Install the Server
Prerequisites
The following prerequisites need to be met to successfully install all Specops Password Reset Server component.
Operating system for the server
The server software requires one of the following operating system configurations:
- Windows Server 2008
- Windows Server 2003, including R2
Local permissions on server for user
Some of the setup steps requires you to be part of the local administrator group. Make sure that the account you are running with meet this requirement.
Setup steps
Password Reset Service Account
Select the user account that the service will run as. The selected account doesn’t need to have any special administrative privileges in the domain, it will be delegated appropiate permissions during setup.
Note! The account must have permissions to read GPO objects that contains Specops Password Reset settings.
Select management level
The selected management level is used for delegation of administration. The service account will be given appropiate permissions at the selected management level.
It is also used in the license validation process to calculate the number of affected users.
Apply security settings
The step will apply the appropiate permissions for the selected service account. The permissions will be applied at the selected management level and down. The following permissions will be given to the selected account:
- Create and delete classStore objects, underneath user objects, that holds enrollment information
- Read the userAccountControl attribute on user objects
- Reset passwords on user objects
- Unlock locked out user accounts
- Force the user to change password at next logon
- List the child objects underneath user objects
- The step also makes the service account local administrator on the computer.
- Local group creation for managing Specops Password Reset
This step will create a group named Specops Password Helpdesk Admins on the local computer. Helpdesk users that will access the Helpdesk web page must be members of this group in order to access the functionality.
Note! The administrator must make sure to add the correct users to the Specops Password Helpdesk Admins group.
Administrator notification settings
Use this step to configure email server settings that used to send license reminder emails to the administrator. It is also the default email settings for all Group Policy Objects that does not override the settings.
Mobile phone validation message settings
This step configures email server settings that are used by the Helpdesk web page to send send SMS to users.
Specops Password Reset Server installation
Click the Install button to install the component.
When the installation has completed, press the “Next” button in the lower right corner.
3. Install the Administration tools
Prerequisites
MMC version
MMC 3.0 must be installed on the computer where the Admin Tools will be installed
Group Policy Management Console
Group Policy Management Console (GPMC) must be installed on the computer where the Admin Tools will be installed.
Setup steps
Specops Password Reset Admin Tools installation
Click the Install button to install the component.
When the installation has completed, press the “Next” button in the lower right corner.
4. Install the Web server
Prerequisites
Operating system for the server
The web server software requires one of the following operating system configurations:
- Windows Server 2008
- Windows Server 2003, including R2
Local permissions on server for user
Some of the setup steps requires you to be part of the local administrator group. Make sure that the account you are running with meet this requirement.
.NET Framework version
Microsoft .NET Framework 3.5 or later must be installed.
Setup steps
Internet Information Services
The Specops Password Web application requires Internet Information Services (IIS) to be installed in order to work.
If IIS isn’t installed, click the Install button to start the IIS installation.
Select remoting server
The remoting server is the server where the Specops Password Reset Server is installed. If the web server is installed on a different server than the Password Reset Server, you must select the name of the Password Reset Server here. The default value is the local server.
Select Web Site
Select the web site where the application will be installed. A virtual directory named SpecopsPassword will be created underneath the selected web site.
Select Certificate
A server authentication certificate is required to enable Secure Socket Layer (SSL) encryption on the Specops Password Reset Web server. If the web site selected is already SSL enabled then a certificate does not have to be selected. If you don’t have an existing server authentication certificate from a trusted Certification Authority (CA), you can choose to create a self-signed certificate for your Specops Password Reset Web server.
Caution! It is not a security best practice to deploy a Specops Password Reset Web server in a production environment using a self-signed server authentication certificate
Specops Password Web installtion
Click the Install button to install the component.
5. Deploy the Specops Password Client
Install client locally
Click the Install button to install the client locally.
Deploy client using Group Policy
To deploy the Specops Password client using GPSI (Group Policy Software Installation) follow the steps below.
- Select the Group Policy object that will be used to deploy the Specops Password Client
- Select a network share from where the setup files will be deployed
- Click the Deploy button de deploy the Specops Password client
Register Active Directory Users and Computers extension
The Active Directory Users and Computers extension can be used to determine which password policy that affects a given user. To be able to use the Active Directory Users and Computers extension the Specops Active Directory Users and Computers menu extension must be registered once within the domain.
Page last modified on April 03, 2009, at 09:31 PM