Citrix Password Manager Using the Account Self-Service Feature. Citrix Password Manager 4.6 with Service Pack 1 Citrix XenApp 5.0, Platinum Edition



Similar documents
Citrix Password Manager Evaluator s Guide. Citrix Password Manager 4.6 with Service Pack 1 Citrix XenApp 5.0, Platinum Edition

Web Interface with Active Directory Federation Services Support Administrator s Guide

Citrix Password Manager Administrator s Guide. Citrix Password Manager Citrix Password Manager 4.5 Citrix Access Suite

Citrix Password Manager Administrator s Guide. Citrix Password Manager 4.6 Citrix Presentation Server 4.5 with Feature Pack 1, Platinum Edition

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Java User Guide. Citrix Access Gateway 8.1, Enterprise Edition

Citrix XenApp Administrator s Guide

Citrix XenApp 6 Fundamentals Edition for Windows Server 2008 R2 Administrator's Guide

Citrix Application Streaming Guide. Citrix Presentation Server 4.5 for Windows

Citrix Access Gateway Plug-in for Windows User Guide

Single Sign-on :30:46 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Configuring a Custom Load Evaluator Use the XenApp1 virtual machine, logged on as the XenApp\administrator user for this task.

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Citrix XenApp Fundamentals Administrator s Guide

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

XenApp Plugin for Hosted Apps for Windows Administrator s Guide

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Windows User Guide. Citrix Access Gateway 9.0, Enterprise Edition

Networking Best Practices Guide. Version 6.5

Citrix Systems, Inc.

Monitoring Server Performance with Citrix Presentation Server For other guides in this document set, go to the Document Center.

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

Advanced Installation & Reference Guide. for OneTouch DataLink Data Management System and OneTouch DataLink Web

OneStop Reporting 3.7 Installation Guide. Updated:

Installation Instruction STATISTICA Enterprise Server

Installation Instruction STATISTICA Enterprise Small Business

StarWind SMI-S Agent: Storage Provider for SCVMM April 2012

Telephony System Integrator s Guide for ShoreTel. Citrix EasyCall Gateway 3.0

Citrix EasyCall Gateway Telephony System Integrator s Guide for Cisco Unified Communications Manager. Citrix EasyCall Gateway 1.2

Administrators Help Manual

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.8

Secure IIS Web Server with SSL

Citrix Access Gateway Enterprise Edition Citrix Access Gateway Plugin for Windows User Guide. Citrix Access Gateway 8.1, Enterprise Edition

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Crystal Reports Installation Guide

Citrix Systems, Inc.

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Citrix EdgeSight for Load Testing User s Guide. Citrix EdgeSight for Load Testing 3.8

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

Windows Server Update Services 3.0 SP2 Step By Step Guide

STATISTICA VERSION 10 STATISTICA ENTERPRISE SERVER INSTALLATION INSTRUCTIONS

Interact for Microsoft Office

Password Manager Windows Desktop Client

Web Filter. SurfControl Web Filter 5.0 Installation Guide. The World s #1 Web & Filtering Company

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Dell Statistica Statistica Enterprise Installation Instructions

Quick Start Guide for Parallels Virtuozzo

Redeploying Microsoft CRM 3.0

INSTALLING MICROSOFT SQL SERVER AND CONFIGURING REPORTING SERVICES

Sage ERP Accpac 6.0A. SageCRM 7.0 I Integration Guide

High Availability Setup Guide

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

Administrator s Guide

Installing GFI Network Server Monitor

LifeSize Control Installation Guide

Installing Sage ACT! 2013 for New Users

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

Citrix EdgeSight for Load Testing Installation Guide. Citrix EdgeSight for Load Testing 3.5

Installation Manual UC for Business Unified Messaging for Exchange 2010

VERITAS Backup Exec TM 10.0 for Windows Servers

Telephony System Integrator s Guide for Alcatel OmniPCX Enterprise. Citrix EasyCall Gateway 2.1

STATISTICA VERSION 11 CONCURRENT NETWORK LICENSE WITH BORROWING INSTALLATION INSTRUCTIONS

NSi Mobile Installation Guide. Version 6.2

Deploying System Center 2012 R2 Configuration Manager

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

NetWrix Password Manager. Quick Start Guide

Sage 300 ERP Sage CRM 7.1 Integration Guide

StarWind iscsi SAN Configuring HA File Server for SMB NAS

StarWind iscsi SAN: Configuring HA File Server for SMB NAS February 2012

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

Version 5.0. SurfControl Web Filter for Citrix Installation Guide for Service Pack 2

DameWare Server. Administrator Guide

Foxit Reader Deployment and Configuration

Windows Azure Pack Installation and Initial Configuration

Sage 300 ERP Sage CRM 7.2 Integration Guide

2X SecureRemoteDesktop. Version 1.1

Telephony System Integrator s Guide for Avaya S8300/S87xx-Series. Citrix EasyCall Gateway 2.2.1

Installing Act! for New Users

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

Team Foundation Server 2012 Installation Guide

Getting started. Symantec AntiVirus Business Pack. About Symantec AntiVirus. Where to find information

WhatsUp Gold v16.2 Installation and Configuration Guide

EventTracker: Support to Non English Systems

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

Getting started. Symantec AntiVirus Corporate Edition. About Symantec AntiVirus. How to get started

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

XenDesktop Implementation Guide

Feith Rules Engine Version 8.1 Install Guide

File Auditor for NAS, Net App Edition

Business Portal for Microsoft Dynamics GP Field Service Suite

HELP DOCUMENTATION E-SSOM CONFIGURATION GUIDE

The cloud server setup program installs the cloud server application, Apache Tomcat, Java Runtime Environment, and PostgreSQL.

Oracle Enterprise Single Sign-on Provisioning Gateway. Administrator Guide Release E

Adobe Acrobat 9 Deployment on Microsoft Windows Group Policy and the Active Directory service

Citrix EdgeSight for Load Testing User s Guide. Citrx EdgeSight for Load Testing 2.7

Installation Guide Sybase ETL Small Business Edition 4.2 for Windows

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Windows SharePoint Services Installation Guide

Oracle Enterprise Single Sign-on Logon Manager. Installation and Setup Guide Release E

ControlPoint. Advanced Installation Guide. Publication Date: January 12, Metalogix International GmbH., All Rights Reserved.

Transcription:

Citrix Password Manager Using the Account Self-Service Feature Citrix Password Manager 4.6 with Service Pack 1 Citrix XenApp 5.0, Platinum Edition

2 Citrix Password Manager - Account Self-Service Copyright and Trademark Notice Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of the End User License Agreement is included on your installation media. Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. Citrix Password Manager replaces specific end users encryption keys each time their primary authentication method changes, such as a domain password change or issuance of a new smart card. Password Manager can be configured to perform this operation automatically by using the optional Key Management Module. Password Manager can also be configured to use the Microsoft Data Protection API (DPAPI). When using the optional Key Management Module and/ or DPAPI, be advised that an administrator may be able to access user business or personal credentials stored in Password Manager if the administrator logs on as this end user. For additional security, end users can be asked to verify the user s identity with unique user-provided information. This provides an additional layer of protection for the user s secondary credentials. Regional government user computing regulations may require that you notify your end users about the possible security and privacy implications of deploying the Key Management Module and DPAPI security configurations. Review your company policies and determine what kind of notification, if any, is required for your end users. 2003-2008 Citrix Systems, Inc. All rights reserved. v-go code 1998-2003 Passlogix, Inc. All rights reserved. Citrix and ICA (Independent Computing Architecture) are registered trademarks, and Citrix XenApp, Citrix Password Manager, and Citrix Access Gateway are trademarks of Citrix Systems, Inc. in the United States and other countries. RSA Encryption 1996 1997 RSA Security Inc. All rights reserved. FLEXnet Operations and FLEXnet Publisher are trademarks and/or registered trademarks of Acresso Software Inc. and/ or InstallShield Co. Inc. Trademark Acknowledgements Java, Sun, SunOS, Solaris, JavaServer Pages, and Sun Java System Application Server are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and/or other countries. Microsoft, MS, Windows, Windows Server, Win32, Outlook, ActiveX, Visual J#, ClearType, Excel, SQL Server, Microsoft Access, Windows Vista,.NET, Media Player, and Active Directory are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Novell, Novell Directory Services, NDS, NetWare, Novell Client, and edirectory are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. This product includes software developed by The Apache Software Foundation (http://www.apache.org/) This product includes software developed by Salamander Software Ltd. 2002 Salamander Software Ltd. Parts 2003 Citrix Systems, Inc. All rights reserved. Portions of this software are based in part on the work of the Independent JPEG Group. Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rights reserved. All other trademarks and registered trademarks are the property of their respective owners.

Using the Account Self-Service Feature Citrix Password Manager Enterprise Edition customers have the option of deploying the Account Self-Service features Self-Service Password Reset and Account Unlock with no other single sign-on features available to users. The Account Self-Service features of Citrix Password Manager help reduce calls to your computer help desk by allowing your employees to perform the following on their own: Change their Microsoft Windows domain password Unlock their Windows domain account The Account Self-Service Feature The Account Self-Service features allow you to establish a set of security questions for identity verification. After the question-based authentication is enabled and the Account Self-Service features are made available to them, your users enroll, or register, with the service by answering the series of security questions. Once registered, your users can click Account Self-Service (A), found on the Log On to Windows dialog box, or for Microsoft Windows Vista users, the Welcome screen (B). Administrators can require users to re-register by: Revoking a single user's question data Prompting all users to re-register

4 Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature Changing the existing questionnaire Note: To learn more about these re-registration options, see Creating User Configurations in thecitrix Password Manager Administrator s Guide. Enrolled users can also start the re-registration process whenever they want to change their answers to the security questions. This document describes how to install and configure Password Manager to provide users with only the Account Self- Service features. Note: Account Self-Service does not support user principal name (UPN) logons, such as username@domain.com. Using Licenses A Password Manager license is consumed during the re-enrollment process when users submit new responses for question-based authentication. Using concurrent user licenses ensures maximum license availability within your organization. A concurrent user license is returned to the license pool after the user completes the re-enrollment process. A named user license in the same situation remains with the user, even though it is not in use, for a minimum of two days. Ratios are used to provide a greater number of Account Self-Service only licenses per Password Manager license. Concurrent user licenses use a 10:1 ratio, where 100 concurrent user licenses translates to 1,000 Account Self-Service licenses. Named user license use a 5:1 ratio, with 100 licenses translating to 500 Account Self-Service licenses. Getting Started Before starting these procedures, you must complete the following tasks. See "Installing Password Manager" in thecitrix Password Manager Installation Guide for details. Created a central store Installed and configured the Key Management and Self-Service modules of Password Manager Service Installed the Password Manager Console, including completion of the Configure and run discovery process Installed the Password Manager agent software Creating an Account Self-Service-Only User Configuration Use the following steps to create a user configuration that allows Account Self-Service functionality without enabling single sign-on capability. Note: Application definitions are not included in this user configuration because the feature does not include single sign-on functionality. If users need full single sign-on functionality, place them in a user configuration that does not include the Account Self-Service-Only modifications. To start the User Configuration Wizard 1. Click Start > All Programs > Citrix > Management Consoles > Access Management Console. 2. Expand the Password Manager node and click User Configurations. 3. In the Common Tasks area, click Add new user configuration. The User Configuration Wizard appears.

Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature 5 To identify the configuration Complete the following steps within the User Configuration Wizard 1. On the Name user configuration page, in the Name field, type the user configuration name. 2. In the User configuration association area, choose how the user configuration will be associated to the users by identifying the Active Directory hierarchy (organizational unit or user) or Active Directory group, and click Next. 3. On the Select product edition page, select Password Manager Enterprise and click Next. 4. On the Choose applications page, click Next. The Configure agent interaction page appears. To configure plugin interaction 1. On the Configure agent interaction page, ensure the following check boxes are cleared (C): Automatically detect applications and prompt user to store credentials New item Automatically process defined forms when the agent detects them 2. Click Advanced Settings (D). 3. Select Agent User Interface (E) and then ensure the Show notification icon check box (F) is cleared.

6 Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature 4. Select Application Support (G) and then ensure the Detect client-side application definitions check box (H) is cleared. 5. Click OK. The Advanced Agent Settings page closes. 6. Click Next. The Configure licensing page appears. To configure licensing 1. On the Configure licensing page, in the License server address area, type the name of your license server and its port number. 2. In the Licensing Model area, select Named User Licensing or Concurrent User Licensing and click Next. Note: Using concurrent user licenses ensures maximum license availability within your organization. A concurrent user license is returned to the license pool when the user completes the re-enrollment process. A named user license in the same situation remains with the user, even though it is not in use, for a minimum of two days. 3. On theselect data protection methods page, provide information as needed and click Next. Note: See "User Configurations" in thecitrix Password Manager Administrator's Guide for more information about the Select data protection method page. 4. On the Select secondary data protection page, select Prompt user to select the method: previous password or security questions (I) and click Next.

Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature 7 5. On the Enable self-service features page, select one or both of the following options: Allow users to reset their primary domain password Allow users to unlock their domain account 6. Click Next. The Key Management Module page appears. To finish the user configuration 1. On the Key Management Module page, provide the service address and click Next. 2. On the Provisioning module page, click Next. 3. On the Confirm settings page, click Finish. The User Configuration Wizard closes and the user configuration is created. Preparing the Computer Running the Agent Software Note: Consider automating the following procedures through scripts to help increase efficiency and improve accuracy. After the Password Manager agent software is installed on the users computers, you must modify the ssoshell.exe shortcut and the Start menu to provide user access to only the Account Self-Service features. During the basic installation of the Password Manager agent software, the ssoshell.exe shortcut contains the following command-line switch: /background this switch must be changed to: /qbaenroll /noforceqbaenroll Making this change causes the Password Manager agent software on the user's computer, upon user logon, to synchronize with the central store and determine the status of the user's question-based authentication registration. If the registration process is complete and current, the user is not prompted to register. The user is prompted to register if one of the following conditions is discovered during synchronization: The user did not complete the question-based authentication registration process The administrator reset the user's question-based authentication questions The administrator modified the question-based authentication questionnaire After completing the synchronization and, if necessary, starting the registration process, ssoshell exits automatically. To update the Password Manager ssoshell.exe Shortcut (Desktop Installation) 1. Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\ProgramData\Microsoft \Windows\Start Menu\Programs\Startup. Non-Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\Documents and Settings \All Users\Start Menu\Programs\Startup. 2. From the Startup folder, select Password Manager Background Process and select File > Properties. 3. In the Password Manager Background Process Properties dialog box, click in the Target field, scroll to the end of the text in that field, and delete /background. 4. In the Target field, following the remaining text, type /qbaenroll /noforceqbaenroll. 5. Click OK. The ssoshell.exe file is modified for Account Self-Service functionality only.

8 Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature To update the Password Manager ssoshell.exe Shortcut (Server Installation) 1. Open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows NT \CurrentVersion\Winlogon\AppSetup. Caution: Editing the Registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it. 2. In this subkey, double-click the default entry. The Edit String dialog box appears. 3. In the Value Data field, change %SystemDrive%\Citrix\Metaframe Password Manager\WTS \SSOlauncher.exe /no ssoshutdown to %SystemDrive%\Citrix\Metaframe Password Manager\ssoshell.exe /qbaenroll /noforceqbaenroll. 4. Close the Registry Editor. The ssoshell.exe file is modified for Account Self-Service functionality only. To add a self-service registration shortcut to the Start menu Add a shortcut to the Start menu to allow users to start the enrollment process on their own. This helps eliminate service calls if users do not provide answers during their initial logon or want to change answers they provided earlier. 1. Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\ProgramData\Microsoft \Windows\Start Menu\Programs\Citrix\. Non-Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\Documents and Settings \All Users\Start Menu\Programs\Citrix\. 2. From the File menu, select New > Shortcut. The Create Shortcut wizard appears. 3. Click Browse. 4. Navigate to %InstallationDirectory%\Program Files\Citrix\Metaframe Password Manager\, select ssoshell.exe, and click OK. The Browse for Folder dialog box closes and the path to ssoshell.exe appears in the Type the location of the item field. 5. In the Type the location of the item field, place the insertion point after ssoshell.exe and type a space followed by /qbaenroll (J). 6. Click Next. 7. Type Citrix Account Self-Service Registration and click Finish. The shortcut appears in Start > All Programs > Citrix.

Citrix Password Manager - Account Self-Service Using the Account Self-Service Feature 9 To remove the Password Manager shortcut During installation of the Password Manager agent software, a shortcut is placed in the Start menu. If a user configured to use only the Account Self-Service features selects this command, ssoshell.exe launches and, unless there are changes to the user's Question-Based Authentication, exits. This may result in confusion to the user and cause support calls. To avoid this, remove the shortcut from the Start menu. 1. Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\ProgramData\Microsoft \Windows\Start Menu\Programs\Citrix\. Non-Windows Vista computers: Using Windows Explorer, navigate to %SystemDrive%\Documents and Settings \All Users\Start Menu\Programs\Citrix\. 2. Delete the Password Manager shortcut. The Password Manager shortcut is removed from the Start menu. Configuring Citrix Web Interface for Account Self-Service To implement Account Self-Service with Citrix Web Interface, see the Web Interface Administrator s Guide, available from the Citrix support Web site at http://support.citrix.com.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information