AD Self Password Reset Installation and configuration

AD Self Password Reset Installation and configuration AD Self Password Reset Installation 1 Manual v1.4

Table of Contents TABLE OF CONTENTS 2 SUMMARY 3 INSTALLATION 4 REMOVAL 6 AD SELF PASSWORD RESET CONFIGURATION 6 SETTINGS 8 General 8 Questions group 8 SMTP 9 EXPIRY NOTIFICATIONS 10 REMINDERS 10 USER LOCKOUT 11 PASSWORD HISTORY 11 PRIVILEGED USERS 11 INTERFACE 13 EXCLUDE 13 CAPTCHA 14 ENROLLMENT 15 RESET PASSWORD 17 UNLOCK ACCOUNT 19 CHANGE PASSWORD 20 HELP AND SUPPORT 21 AD Self Password Reset Installation 2 Manual v1.4

Summary Users forgetting their passwords is a common headache for IT departments. AD Self Password Reset allows your users to safely reset their own password without calling the IT helpdesk. We ve added some great new features in this release, one such feature is Privileged Users. This allows the privileged users group to reset the passwords of the managed users group. The ideal scenario for this is teachers being given the ability to reset their students passwords right there in the classroom, no need to call the helpdesk. Thanks to your feedback we re improving AD Self Password Reset all the time, please keep your feedback coming. AD Self Password Reset Installation 3 Manual v1.4

Installation The following steps will guide you through the installation of AD Self Password Reset. Step 1 Double click the ADSelfPasswordResetSetup.exe Icon Step 2 Begin the installation. Click Next > AD Self Password Reset Installation 4 Manual v1.4

Step 3 Select a website where you want to install AD Self Password Reset. Choose or add an Application Pool for the program to use (e.g. PasswordReset).Click Install Step 4 Wait until the Installation is finished. Click Finish AD Self Password Reset Installation 5 Manual v1.4

Removal Step 1 Step 2 Step 3 Go to Add/Remove Programs (typically under Settings > Control Panel) Scroll down in the list of currently installed programs and select Click the Remove button on the right. AD Self Password Reset Configuration Before using the application, you first need to make a few configuration changes. Step 1 Select the AD Self Password Reset Configuration from the start menu AD Self Password Reset Installation 6 Manual v1.4

Step 2 The program requires a user account that has permission to reset user account passwords. Click Add Domain and fill in the sections listed under Domain Information. Click Test to confirm a successful connection to Active Directory. AD Self Password Reset Installation 7 Manual v1.4

Step 3 Click OK. You will then get confirmation of settings being saved successfully. Settings General Unchecking options in the General section (see below) will disable these specific features from the application. For example unchecking Allow users to unlock their accounts will remove the corresponding button from the main page. Questions group You can specify how many questions the users will be asked at enrolment and how many questions they will need to answer to reset/change their password. You can also add your own or remove questions. Note the option Allow users to enter a custom question, this allows users to create their own question. AD Self Password Reset Installation 8 Manual v1.4

Choosing Questions Pay close attention to the type of questions the users can choose, take care not to choose questions were the information is easily learned, for example asking What street do you live on? could be easily learned. A more secure question to ask would be Where did your parents meet as this could be a city or an event etc. Allowing the user to create their question can add security as the user may ask a question only they could ever know the answer to. The user is limited to creating only 1 question to ensure they don t create easily guessable questions. SMTP Enter the details of your mail server, the mail server is used to notify users that their password will expire. Secure SMTP connection options are available when checking SMTP requires authentication AD Self Password Reset Installation 9 Manual v1.4

Expiry Notifications When a user s password is due to expire they can be notified via email, they can then click a link in the email to change their password. This reduces the chances users will be locked out. You can enable or disable the password expiry notifications. You can choose how frequently to notify users of that their password will expire. Reminders Via the admin page (http://localhost/passwordreset/admin) you are can see who and who hasn t enrolled. You can also send users an email reminding them to enroll. The admin page can only be accessed on the server via http://localhost/ You can customize the message body and subject of this reminder. AD Self Password Reset Installation 10 Manual v1.4

User Lockout To prevent brute-force access attempts repeated incorrect answer attempts will prevent the user from using the program for a specified amount of time. On the User Lockout tab you specify how many failed attempts would prevent access and how soon they are allowed to try again. Password History To prevent users using the same password continuously you can enable the password history feature. This forces the user to choose a different password each time. Privileged Users You can allow a specified group of users the ability to change the password of another group of users. The ideal use of this feature is for teachers to reset student s passwords or the help desk to reset user s passwords. Specify the name of an Active Directory group such as 'Teachers' or 'Helpdesk'. AD Self Password Reset Installation 11 Manual v1.4

Enabling Privileged Users will add a button to the main page, the Helpdesk/Teacher button can be used by members of the Privileged Users group. You can change the text shown on this button on the Interface tab. AD Self Password Reset Installation 12 Manual v1.4

Interface All the text seen by users can be changed on the Interface tab, you can also add a logo and change the colours used on the buttons and header. The logo should be 185px wide by 60px high and no larger than 30kb. Exclude If you want to prevent selected users from using AD Self Password Reset then you can do this by adding Organization Units or groups to the Exclude tab. For example adding the organizational unit OU=Students,DC=Domain,DC=Com would prevent any users in the Students OU from using the program. Adding a group Students has the same effect. AD Self Password Reset Installation 13 Manual v1.4

CAPTCHA CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge-response test used to determine whether or not the user is human. To use CAPTCHA you will first need to register with Google s free recaptcha service to obtain a public and private key. After registration you need to the site address where users will access AD Self Password Reset e.g. http://internal.domain.com, you will then be given a public and private key, copy these keys and paste them into the corresponding text boxes and click Save. The CAPTCHA is shown when a user tries to reset their password or unlock their account. The CAPTCHA is shown before the user enters any details other than their username to ensure the user is human before attempts to answer questions are made. AD Self Password Reset Installation 14 Manual v1.4

Enrollment To reset their passwords or unlock their accounts users must first enroll, this only take a few minutes and involves entering their username and password and then choosing and answering a number of questions. The number of questions the user has to choose from is set by the administrator via the Config program (see Questions group on page 9 above). Step 1 Open a web browser and navigate to http://server/passwordreset Step 2 To enroll a new user, simple click Enroll Step 3 The user needs to answer a number of personal questions (default is 4 but this can be changed) there is an option to allow them to add their own question and answer. Click Next AD Self Password Reset Installation 15 Manual v1.4

You will then receive confirmation of that account creation. Now the user is enrolled they can reset and change their password at any time. AD Self Password Reset Installation 16 Manual v1.4

Reset Password Step 1 Open a web browser and navigate to http://server/passwordreset Step 2 To reset your password, simply click Reset Password Step 3 Step 4 Enter username and domain. Click Next You will be asked to confirm the answers to two of the secret questions you set upon enrollment. Click Next AD Self Password Reset Installation 17 Manual v1.4

Step 4 Enter your new password, use the strength indicator (can be disabled in Configuration) to create a secure password. Click Next Step 5 You will receive confirmation the password was changed successfully. AD Self Password Reset Installation 18 Manual v1.4

Unlock Account Step 1 Open a web browser and navigate to http://server/passwordreset Step 2 To unlock a user account, simple click Unlock Account Step 3 Step 4 Enter username and domain. Click Next You will be asked to confirm the answers to two of the secret questions you set upon enrollment. Click Next AD Self Password Reset Installation 19 Manual v1.4

Step 5 You will receive confirmation the account was unlocked successfully. Change Password Step 1 Step 2 Open a web browser and navigate to http://server/passwordreset To change your password, simple click Change Password AD Self Password Reset Installation 20 Manual v1.4

Step 3 Enter the details below, select a new password. Click Next Step 5 You will receive confirmation the password was changed successfully. Help and Support If you require any help installing or configuring AD Self Password Reset contact support@dovestones.com. AD Self Password Reset Installation 21 Manual v1.4