Password agent: Difference between revisions

From UmsWiki
Jump to navigation Jump to search
Khm (talk | contribs)
No edit summary
Rum (talk | contribs)
No edit summary
Line 1: Line 1:
The Password module handles the password synchronization between the domain controllers. It must be installed on all domain controllers. 
The Password module handles the password synchronization between the domain controllers. It must be installed on all domain controllers. 


== Prerequisites ==
==Prerequisites==
=== Module requirements ===
===Module requirements===
[[UMS]]
[[UMS]]


=== Files that are required ===
===Files that are required===
* UserManagement.ini
* Setup PasswordFilter x64.msi / Setup PasswordFilter x86.msi
* Vcredist_x64.exe / Vcredist_x86.exe


=== Where can I find the files? ===
*UserManagement.ini
*Setup PasswordFilter x64.msi / Setup PasswordFilter x86.msi
*Vcredist_x64.exe / Vcredist_x86.exe
 
===Where can I find the files?===
(Depending on software architecture, use the 64/32-bit version)
(Depending on software architecture, use the 64/32-bit version)


- [C:\Program Files\UserManagement]
- [C:\Program Files\UserManagement]
* UserManagement.ini
* Setup PasswordFilter x64.msi


== Installation ==
*UserManagement.ini
# Update all DC’s to full .Net framework 4.6.2
*Setup PasswordFilter x64.msi
# Install [https://downloads.inlogic.dk/VC_redist.x86.exe Visual C++ 2017 (x86)] or [https://downloads.inlogic.dk/VC_redist.x64.exe Visual C++ 2017 (x64)] depending on architecture.
# Use Microsoft Update to make sure that all updates are applied to the framework and Visual C++ 
# Copy UserManagement.ini to [C:\Windows]
# Install "Setup PasswordFilter x64.msi" or "Setup PasswordFilter x86.msi" depending on architecture.
# Restart Server


== Update ==
==Installation==
 
#Update all DC’s to full .Net framework 4.6.2
#Install [https://downloads.inlogic.dk/VC_redist.x86.exe Visual C++ 2017 (x86)] or [https://downloads.inlogic.dk/VC_redist.x64.exe Visual C++ 2017 (x64)] depending on architecture.
#Use Microsoft Update to make sure that all updates are applied to the framework and Visual C++
#Copy UserManagement.ini to [C:\Windows]
#Install "Setup PasswordFilter x64.msi" or "Setup PasswordFilter x86.msi" depending on architecture.
#Restart Server
 
==Update==
If you are updating, please start with uninstalling the old password agents and restarting the DC.
If you are updating, please start with uninstalling the old password agents and restarting the DC.


== Verification ==
==Verification==
Run as Administrator: “msinfo32”
'''Run as Administrator: “msinfo32.exe” (from windows start menu -- > "run")'''
* Click on Software Environment
 
* Loaded Modules
*Click on Software Environment
* Look for PasswordFilter where Manufacturer is inLogic A/S
*Loaded Modules
*Look for PasswordFilter where Manufacturer is inLogic A/S
 
[[File:PasswordAgent Loaded modules.jpg|none|thumb|1461x1461px]]
[[File:PasswordAgent Loaded modules.jpg|none|thumb|1461x1461px]]


== FAQ ==
==FAQ==


=== Which Domain Controllers must the agent be installed on. ===
===Which Domain Controllers must the agent be installed on.===
It must be installed on all Domain Controllers that the is used for password change operations.
It must be installed on all Domain Controllers that the is used for password change operations.


=== How does the agent work ===
===How does the agent work===
When you change the password the agent on the domain controller grabs the cleartext password from the password chain on the server and encrypts it.
When you change the password the agent on the domain controller grabs the cleartext password from the password chain on the server and encrypts it.


Then it sends the password to the SQL server. If the SQL server cannot be reached the password change will be denied and the Domain Controller will send a complexity warning.
Then it sends the password to the SQL server. If the SQL server cannot be reached the password change will be denied and the Domain Controller will send a complexity warning.


=== Cannot change password ===
===Cannot change password===
If you cannot change password look in c:\ for a file name PasswordFilter.Log
If you cannot change password look in c:\ for a file name PasswordFilter.Log



Revision as of 08:29, 15 January 2019

The Password module handles the password synchronization between the domain controllers. It must be installed on all domain controllers. 

Prerequisites

Module requirements

UMS

Files that are required

  • UserManagement.ini
  • Setup PasswordFilter x64.msi / Setup PasswordFilter x86.msi
  • Vcredist_x64.exe / Vcredist_x86.exe

Where can I find the files?

(Depending on software architecture, use the 64/32-bit version)

- [C:\Program Files\UserManagement]

  • UserManagement.ini
  • Setup PasswordFilter x64.msi

Installation

  1. Update all DC’s to full .Net framework 4.6.2
  2. Install Visual C++ 2017 (x86) or Visual C++ 2017 (x64) depending on architecture.
  3. Use Microsoft Update to make sure that all updates are applied to the framework and Visual C++
  4. Copy UserManagement.ini to [C:\Windows]
  5. Install "Setup PasswordFilter x64.msi" or "Setup PasswordFilter x86.msi" depending on architecture.
  6. Restart Server

Update

If you are updating, please start with uninstalling the old password agents and restarting the DC.

Verification

Run as Administrator: “msinfo32.exe” (from windows start menu -- > "run")

  • Click on Software Environment
  • Loaded Modules
  • Look for PasswordFilter where Manufacturer is inLogic A/S

FAQ

Which Domain Controllers must the agent be installed on.

It must be installed on all Domain Controllers that the is used for password change operations.

How does the agent work

When you change the password the agent on the domain controller grabs the cleartext password from the password chain on the server and encrypts it.

Then it sends the password to the SQL server. If the SQL server cannot be reached the password change will be denied and the Domain Controller will send a complexity warning.

Cannot change password

If you cannot change password look in c:\ for a file name PasswordFilter.Log

This file contains the error message that UMS created (if it was a UMS error). E.g. (cannot reach SQL server)

UMS cannot throw an error text. It will always be something with about the complexity rules not met.

When you have resolved the error best practice would be to delete the PasswordFilter.Log from the server (maybe take a backup for historical use).