Frequently Asked Questions
FAQs
UMRA
Is UMRA a 'Federation-Aware' application?
At the time of writing UMRA, 10.5. 1630, is not a 'Federation-Aware' application.
How does UMRA send passwords to Google?
The SHA-1 hashing algorithm is used to send password updates for new, and current, users. A client login authentication method, provided by Google, is used to generate an authentication token for utilization with API calls.
How do I install my license codes?
Where can I find the UMRA documentation?
How much does UMRA cost?
Pricing is determined by the number of user objects in the domain or OU(s) you wish to manage. Please contact your local Tools4ever office for a quote.
What versions of Exchange are supported?
Exchange 2000 and newer.
Are there any example projects to get me started?
Yes, UMRA comes with some basic example projects that can be used to learn the basics of UMRA. If more complex IDM or Workflow solutions are needed, it's recommended that you contact your local Tools4ever support representative for a more detailed UMRA discussion.
Is training available?
Yes, please contact your local Tools4ever sales/support representative to discuss our UMRA basic and advanced training options.
Do you have any documentation for upgrading to the new version?
Yes, please refer to the “installing UMRA Console” section in the UMRA PDF document.
View Documentation
View Documentation
Can I run UMRA on a virtual machine?
Yes, UMRA is fully supported in a virtual machine environment.
What are the requirements when integrating Exchange 2010 with new or existing UMRA implementations?
1. The UMRA PowerShell service must be installed on a machine running the Windows
Management Core. Most Exchange servers have this in place, but some functionality
might be disabled. To avoid having to install UMRA on a 64 bit server with the
Exchange management tools, it is recommended that the Tools4ever PowerShell
service (Not the entire UMRA installation) be installed on an Exchange 2010 server.
2. Exchange installs a PowerShell web site in IIS 7. An authentication method must be installed and enabled in order for UMRA to connect remotely to Exchange 2010. Basic authentication is recommended.
3. The Tools4ever PowerShell service and the UMRA service can share the same service account. The service account used by the Tools4ever Service needs the rights to allow for the creation and management of exchange objects. The Organization Management and Server Management role groups are recommended, this can vary depending on the organization, e.g. custom roles and role groups.
4. The default port used for communication between UMRA and the PowerShell service is 5386. Any firewalls present must be set to allow traffic between the UMRA server and its PowerShell service location.
5. Scripting must be enabled in the PowerShell environment on the computer that runs the PS Agent service. To do so, open a PowerShell command prompt (Run as Administrator)and issue the command 'Set-Executionpolicy Remotesigned'
Additional Comments It is good practice to create the account that UMRA can use for it's Powershell Service, and give it the rights necessary to interact with Exchange 2010 before the implementation. Once this account is created, log in as the account and attempt to remotely work within Exchange 2010 creating, modifying, and deleting mailboxes. If no issues arise, the environment is prepared for 3rd party interation with Exchange 2010.
Read more...
2. Exchange installs a PowerShell web site in IIS 7. An authentication method must be installed and enabled in order for UMRA to connect remotely to Exchange 2010. Basic authentication is recommended.
3. The Tools4ever PowerShell service and the UMRA service can share the same service account. The service account used by the Tools4ever Service needs the rights to allow for the creation and management of exchange objects. The Organization Management and Server Management role groups are recommended, this can vary depending on the organization, e.g. custom roles and role groups.
4. The default port used for communication between UMRA and the PowerShell service is 5386. Any firewalls present must be set to allow traffic between the UMRA server and its PowerShell service location.
5. Scripting must be enabled in the PowerShell environment on the computer that runs the PS Agent service. To do so, open a PowerShell command prompt (Run as Administrator)and issue the command 'Set-Executionpolicy Remotesigned'
Additional Comments It is good practice to create the account that UMRA can use for it's Powershell Service, and give it the rights necessary to interact with Exchange 2010 before the implementation. Once this account is created, log in as the account and attempt to remotely work within Exchange 2010 creating, modifying, and deleting mailboxes. If no issues arise, the environment is prepared for 3rd party interation with Exchange 2010.
Read less...
What are the steps for migrating UMRA from one server to another?
SOURCE SERVER
We begin by exporting the current projects (Automation, Forms, Mass) to a location on the local server. Automation/Forms Project Export Procedure
1. In the UMRA Console, go to the UMRA Service menu
2. Select Manage Service Projects
3. Click Backup. This will display a dialog stating that upon clicking yes, all service projects will be stored in an automatically created directory. Alternatively, you can specify another directory by clicking No. Once your selection is made, all service projects will be backed up to the specified target. Mass Project Backup Procedure All UMRA Mass projects are stored in the following default location: C:\Program Files\Tools4ever\User Management Resource Administrator\Projects Copying the contents of this folder to the corresponding folder on the new server is sufficent.
TARGET SERVER
Next, we install UMRA and it's associated service on the new server.
1. Double click the setupusermanagement.exe file
2. Follow the steps in the wizard
3. Upon completion, open the UMRA console ( Start> Programs> Tools4ever> User Management Resource Administrator)
4. Go the the UMRA Service menu
5. Select Install or Upgrade Service
6. Select the radio button for Install or Upgrade Service, click Next
7. Enter the server name on which the UMRA Service should reside (or click Use Local Computer), click Next
8. The TCP/IP port is used for communication by the service. If the default must be changed, do so here. Click Next Article: KBA-01048-7WPYMX Page 1 of 2 http://mscrm/Tools4ever/CS/articles/print.aspx?objectType=127&id=%7b19DE49D5-BD8... 6/12/2012
9. Modify the target installation directory if necessary, click Next
10. Enter the existing service account information (reset the password in AD if necessary), click Next
11. The UMRA Service must have rights to manage AD objects. By default, the service account is a Domain Admin. If your current service account has this group membership you can proceed, or modify the membership as needed.
12. Click Finish
We then import the projects (Automation, Forms, Mass) from the source server. The projects should be accessible over the network, perhaps stored in some share. Automation/Forms Project Import Procedure
1. In the UMRA Console, go to the UMRA Service menu
2. Select Manage Service Projects
3. Click Import. A dialog will pop-up which allows you to browse to the location of the UMRA Service projects backed-up from the source server.
4. Upon locating the service project files, select all, and click Open Mass Project Import Procedure Copy the directory below to the corresponding directory on the target server: C:\Program Files\Tools4ever\User Management Resource Administrator\Projects
We begin by exporting the current projects (Automation, Forms, Mass) to a location on the local server. Automation/Forms Project Export Procedure
1. In the UMRA Console, go to the UMRA Service menu
Read more...
2. Select Manage Service Projects
3. Click Backup. This will display a dialog stating that upon clicking yes, all service projects will be stored in an automatically created directory. Alternatively, you can specify another directory by clicking No. Once your selection is made, all service projects will be backed up to the specified target. Mass Project Backup Procedure All UMRA Mass projects are stored in the following default location: C:\Program Files\Tools4ever\User Management Resource Administrator\Projects Copying the contents of this folder to the corresponding folder on the new server is sufficent.
TARGET SERVER
Next, we install UMRA and it's associated service on the new server.
1. Double click the setupusermanagement.exe file
2. Follow the steps in the wizard
3. Upon completion, open the UMRA console ( Start> Programs> Tools4ever> User Management Resource Administrator)
4. Go the the UMRA Service menu
5. Select Install or Upgrade Service
6. Select the radio button for Install or Upgrade Service, click Next
7. Enter the server name on which the UMRA Service should reside (or click Use Local Computer), click Next
8. The TCP/IP port is used for communication by the service. If the default must be changed, do so here. Click Next Article: KBA-01048-7WPYMX Page 1 of 2 http://mscrm/Tools4ever/CS/articles/print.aspx?objectType=127&id=%7b19DE49D5-BD8... 6/12/2012
9. Modify the target installation directory if necessary, click Next
10. Enter the existing service account information (reset the password in AD if necessary), click Next
11. The UMRA Service must have rights to manage AD objects. By default, the service account is a Domain Admin. If your current service account has this group membership you can proceed, or modify the membership as needed.
12. Click Finish
We then import the projects (Automation, Forms, Mass) from the source server. The projects should be accessible over the network, perhaps stored in some share. Automation/Forms Project Import Procedure
1. In the UMRA Console, go to the UMRA Service menu
2. Select Manage Service Projects
3. Click Import. A dialog will pop-up which allows you to browse to the location of the UMRA Service projects backed-up from the source server.
4. Upon locating the service project files, select all, and click Open Mass Project Import Procedure Copy the directory below to the corresponding directory on the target server: C:\Program Files\Tools4ever\User Management Resource Administrator\Projects
Read less...
How does UMRA count users for licensing purposes?
The process of the UMRA user count is separate from the project processes. The UMRA user
count is handled by an separate thread, so when you have a license of 1000 users and run a
project project to add 750 user in the AD then the project will run successfully. If you then
delete the 750 users in the AD by hand, and not via UMRA, then you will only be able to add
250 users before receiving the Out of license message in the log. To avoid the scenario take
the following action(s:) when adding user account with UMRA, and then deleting these
accounts outside of UMRA, restart the UMRA services before executing the creation process
again. The UMRA service will then start recounting th AD user objects. A better solution is to
use UMRA to delete of the accounts in the AD, then the license count is updated without the
need to restart the service.
E-SSOM
When should I install the Appinit version of the E-SSOM Client?
The appinit version should only be installed in very specific circumstances:
Citrix published applications. When an application is published through Citrix without a desktop, the appinit version must be installed to be able to support this application.
Virtualized applications. If an application is virtualized, the appinit version is necessary, because the client cannot see virtualized applications even if they are running on the same desktop.
Read more...
Citrix published applications. When an application is published through Citrix without a desktop, the appinit version must be installed to be able to support this application.
Virtualized applications. If an application is virtualized, the appinit version is necessary, because the client cannot see virtualized applications even if they are running on the same desktop.
Read less...
When I try to connect to a Citrix server using the E-SSOM client, I get an error code '13' and/or nothing happens. Why?
A Citrix client is not installed on the machine running the E-SSOM Client. The 'Get the ICA file from the Citrix Web Interface on port' setting has been enabled, but the 'authentication methods' in the 'Citrix Web Interface Management console' do not have 'Pass-through' authentication enabled. You are running the E-SSOM Client as administrator and/or with elevated permissions.
I am using E-SSOM to monitor a specific application, but the applications' CPU load is extremely high when E-SSOM is enabled. What should I do?
There are several things that can cause high CPU load if E-SSOM is running. The most common cause is the use of 'accessible window layout'. Please do not use the accessible window layout detection method if other methods can be made to work.
When should I install the Appinit version of the E-SSOM Client?
This is often caused by a tooltip window in the application. The script will most probably trigger when you move the mouse over the application.
Read more...
Moving the mouse over the application causes an additional window to be created. At the time that the application was configured, the window was already created. Because of this, the tooltip window is part of the E-SSOM configuration and the script will only trigger when the window is available. This problem can be solved by removing the tooltip window from the application definition in the advanced window layout configuration. Usually the name of the window contains 'tooltip'.
Read less...
Which detection method should I use?
Always use the Window Layout detection method if possible. If the edit boxes and buttons cannot be selected with the Window Layout method, try to use the Web layout detection. If both methods fail, the accessible layout may be used. This method however can cause high CPU load in some cases, so this method should be tested thoroughly if used.
What are the prerequisites for setting up SSO Enterprise Manager?
A Windows Web server - 2003 or 2008 - and client machines running VP, Vista or Windows 7. Active Directory is also required.
Read more...
- Administration Console/Service - Windows Server 2003 or newer
- Client - Windows XP or newer
Read less...
How does Enterprise Manager SSO work?
Using application definitions defined within the admin console, application login interfaces are detected. Once detection is configured and the application definition is deployed, end users will be prompted by E-SSOM for their credentials. These credentials are stored within the E-SSOM database and enrollment is complete.
Upon launch of the configured application the login interface is detected, the user's credentials are retrieved from the E-SSOM database and are passed to the applications login interface.
Read more...
Upon launch of the configured application the login interface is detected, the user's credentials are retrieved from the E-SSOM database and are passed to the applications login interface.
Read less...
How long does it take to set up SSO?
Virtually every type of application - Win32, Java, mainframe, web - is supported.
Set-up is a multi-part process.
Read more...
Set-up is a multi-part process.
- Win32
- Java
- Mainframe
- Web
- Command-line based applications (telnet, etc) .
Read less...
What types of applications are supported by the system Enterprise SSO Manager?
Approximately 30 minutes for the administrative side and about 45 minutes (with testing) per applications. Time will be based on the type of application.
Set-up is a multi-part process.
Read more...
Set-up is a multi-part process.
- The administration console (where application definitions and scripts are built) and central service (administers the application definitions for end users) takes only moments to install and configure.
- Individual applications can take from 30-60 minutes on average, with testing. Some applications, depending on their layout and requirements, can take longer.
Read less...
Is single sign on it's own secure enough?
Yes - SSO stores credentials in a secure, encrypted database. Further, 2 factor authentication via a proximity card or PIN can enhance security even further.
How should we configure the SSO for a Web application?
Please contact Tools4ever to arrange a proof of concept for the application in question.
How do you configure SSO for a Client / Server?
Please contact Tools4ever to arrange a proof of concept for the application in question.
How do you configure SSO for an application Telnet / Command Line?
Please contact Tools4ever to arrange a proof of concept for the application in question.
How do I know if an application is compatible with the SSO?
The easiest way is to contact Tools4ever to arrange a proof of concept with an application you have a concern about.
How much does SSO cost?
Pricing is determined by the number of users and applications you wish to enable SSO for. Please contact your local Tools4ever office for a quote.
Is SAML supported?
The current release of E-SSOM does not support SAML. We are planning support in a future release.
How is SSO configured for scenarios where users have multiple logons for the same system/application?
SSO has the capability of handling multiple logon for one application or system. We can allow a user to select which logon they wish to use for the E-SSOM client or require different PIN codes to facilitate this scenario.
Does SSO integrate with smartcards, ID badges, or biometric devices for fast authentication?
Yes - E-SSOM can support virtually any type of badge reader or biometric device on the market today. Please contact Tools4ever to arrange for a proof of concept with your particular device.
What happens if the SSO service becomes unavailable, can my end users still access their applications?
In optional Offline-Mode, locally cached credentials can be used by E-SSOM to allow users to access their applications. Additionally, it’s recommended that E-SSO-M be deployed in a high availability (HA) fashion, if a service becomes unavailable the clients will automatically failover to a redundant instance. Speak to your Tools4ever Account Manager regarding this option.
Are virtual machines supported?
Virtual machine environments are fully supported for E-SSOM deployment.
Does SSO support helpdesk users that work on end user computers, but need access to helpdesk applications?
Yes, SSO has two options for this. One is to have the helpdesk personal log into each computer. This would start the SSO client using the helpdesk credentials. The second option is to turn on Fast User Switch feature in SSO. This allows the end user to stay logged into their computer and at the same time the helpdesk personal can log into the SSO client to access their applications.
Does SSO support end user credential delegation?
Yes, SSO has a very complex but simple to use delegation feature that allows end users to delegate their login credentials to other users.
Can I run reports on application and user information?
Yes, SSO has a build in audit/reporting feature that tracks application and user login times. These reports can be accessed via the administrative console, emailed on a scheduler, or accessed using a 3rd parting reporting tool.
Does SSO support offsite SSO web access?
At this time no, but in 2012 a new feature for offsite SSO web access will be available. Please contact your local Tools4ever representative for more information on feature releases.
Does SSO support ORACLE databases?
No, SSO only support Access, MYSQL, and SQL 2005/2008 database types.
Does SSO support GPO client installation?
Yes, SSO comes with a configured ADM file to work with Active Directory GPO configurations.
SSO is not working for my IE on Windows 2008
By default IE in Windows 2008 has "Enable Third Party Browser Extensions" turned off. This feature needs to be turned on to have SSO work properly with IE.
Does SSO support Google Chrome?
No, at this time SSO only support Internet Explorer 6.0 and later IE7 and newer.
Does SSO support different password policies for different applications?
Yes, A different password complexity policy can be designed for multiple applications. This can be used to help enforce the password policy for an application or to enforce a policy on an application that natively doesn’t have one.
Can I setup different SSO rules for different types of users, such as End Users vs. Admins or Teachers vs. Students?
Yes, SSO supports the ability to customize different usage policies based on an end users role.
Can users be pre-enrolled into SSO?
Yes, SSO supports a COM Object interface that allows users to be pre-enrolled using existing information from an HR/SIS system. This feature is great if you have an automated user provision solution, such as our UMRA product.
SSRPM
What are the requirements to implement the management of password self-service with SSRPM?
1. Server 2003 or higher
2. Pentium 4 or better processor
3. 1gb ram
4. 40gb drive space
5. Server must be member of the domain
2. Pentium 4 or better processor
3. 1gb ram
4. 40gb drive space
5. Server must be member of the domain
Where can I find the SSRPM documentation?
Can SSRPM be configured to force a reset against a specific DC determined by the location of the user executing the request?
Multiple methodologies to accomplish this currently exist:
1. Push reset to every DC in the environment
2. Push reset to a specific DC based on user’s last logon information
3. Push reset to a specific DC based on IP of workstation
1. Push reset to every DC in the environment
2. Push reset to a specific DC based on user’s last logon information
3. Push reset to a specific DC based on IP of workstation
What are the requirements for implementing the SSRPM web interface?
The above server requirements and IIS 6 or higher.
How do I install my license codes?
Can I run SSRPM on a virtual machine?
Yes, virtual machines are supported by SSRPM.
How does an individual use SSRPM to reset their password when their laptop is not connected to the domain?
A web-facing server with the SSRPM web interface can be configured to allow remote resets when not logged into the domain.
Is there a way to automate the SSRPM enrollment process?
This can be accomplished with an automated process configured in User Management Resource Administrator (UMRA). Contact your local Tools4ever office for more details.
Can resets processed by SSRPM be sent to other systems/applications as well?
This can be accomplished with an automated process configured in User Management Resource Administrator (UMRA). Contact your local Tools4ever office for more details.
Can SSRPM be configured for fault tolerance/failover?
Yes, using multiple SSRPM services and databases.
Do I need to upgrade all of my SSRPM clients every time a new version of the service/console becomes available?
Yes, the client must match the service version.
How do I install SSRPM with the newest version of Citrix?
Please refer to the SSRPM Citrix and Microsoft Terminal Services installation PDF.
What are the proper upgrade procedures? Can I upgrade from version x.xx?
Please refer to the SSRPM administrative guide for installation and upgrade instructions.
Are end user passwords stored anywhere within SSRPM?
No, SSRPM only stores the end users questions and answers (encrypted) to their challenge and response questions.
What happens if they can't remember their username?
End users need to know their username in order to be able to us SSRPM. If they have forgotten this information, they will need to contact the help desk.
Does my helpdesk have access to the administrative console?
By default no, but the administrative console can be installed in multiple locations giving the helpdesk access.
Does my helpdesk have access to end user questions?
By default no, but an option is available to turn on reversible encryption. This can then be used by the helpdesk to identify a user during a helpdesk call.
Can SSRPM send reminders when a user's password is about to expire?
SSRPM itself doesn't send users password reminders, but our User Management Resource Administrator (UMRA) product does.
Can an end user use SSRPM if their password has already expired?
Yes, SSRPM can reset a password that is expired.
Can my end users use SSRPM if they are disabled or locked out?
Yes and No. It's possible to enable and unlock accounts using the SSRPM web interface in combination with our UMRA product. The SSRPM Win UI is limited to only unlocking accounts not enabling accounts.
How do I configure the SSRPM Web interface in a DMZ?
IIS configuration:
1. Create an account in the domain. This account may be a member of 'Domain User'. A. In the case the server hosting the SSRPM service is not a domain controller, create a local account with the same name as the
domain account created in Step 1 and add it to the local administrators group.
1. Create an account in the domain. This account may be a member of 'Domain User'. A. In the case the server hosting the SSRPM service is not a domain controller, create a local account with the same name as the
domain account created in Step 1 and add it to the local administrators group.
Read more...
2. Create a local account with the same name and password on the machine in the DMZ running the IIS server. (which may also be a guest
account)
3. Install the SSRPM Web Interface on the machine in the DMZ.
4. Open the IIS Manager on the machine in the DMZ.
5. Create new application pool
6. Within the properties of the application pool, specify 'Local Service' within the 'Predefined' drop down box.
7. Richt click on the SSRPM website and select 'Properties'.
8. Specify the application pool created above within the Web Site properties
8. Go to the 'Directory Security' tab.
9. Click on the 'Edit...' button in the 'Authentication and access control' box.
10. Check the 'enable anonymous access' checkbox.
11. Enter the username and password of the account that was created in Step 1/2
12. Click on 'ok'.
13. Click on 'ok'.
3. Install the SSRPM Web Interface on the machine in the DMZ.
4. Open the IIS Manager on the machine in the DMZ.
5. Create new application pool
6. Within the properties of the application pool, specify 'Local Service' within the 'Predefined' drop down box.
7. Richt click on the SSRPM website and select 'Properties'.
8. Specify the application pool created above within the Web Site properties
8. Go to the 'Directory Security' tab.
9. Click on the 'Edit...' button in the 'Authentication and access control' box.
10. Check the 'enable anonymous access' checkbox.
11. Enter the username and password of the account that was created in Step 1/2
12. Click on 'ok'.
13. Click on 'ok'.
Read less...
How can I customize the text in the SSRPM GINA?
Before you begin...
The GINA, Enrollment Wizard, and Reset Wizard use text in their interfaces that is stored within various locale files. To modify the text within the interfaces, these files must be modified. Here are the files and their default installation locations:
_ LocaleGINA.txt - C:\Windows\System32\LocaleGINA.txt
_ LocaleEnrollWizard.txt - C:\Program Files\Tools4ever\SSRPM\Enrollment Wizard\LocaleEnrollmentWizard.txt
_ LocaleResetWizard.txt - C:\Program Files\Tools4ever\SSRPM\Reset Wizard\LocaleResetWizard.txt
Before modifying any text from the variouse GUI's of the product, create a share in a location that will be accessible via the GPO used to deploy the product. Instructions for specifying the location of the share within the GPO will follow later in this document.
The GINA, Enrollment Wizard, and Reset Wizard use text in their interfaces that is stored within various locale files. To modify the text within the interfaces, these files must be modified. Here are the files and their default installation locations:
_ LocaleGINA.txt - C:\Windows\System32\LocaleGINA.txt
_ LocaleEnrollWizard.txt - C:\Program Files\Tools4ever\SSRPM\Enrollment Wizard\LocaleEnrollmentWizard.txt
_ LocaleResetWizard.txt - C:\Program Files\Tools4ever\SSRPM\Reset Wizard\LocaleResetWizard.txt
Before modifying any text from the variouse GUI's of the product, create a share in a location that will be accessible via the GPO used to deploy the product. Instructions for specifying the location of the share within the GPO will follow later in this document.
Read more...
Modify GINA Text
The LocaleGINA.txt file contains all text within the GINA modification, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
The following properties are available for modifications.
An example customization in this case would be to modify the LogonDialogText property, as
follows:
Welcome to ABC Company's Self Service Password Reset Program. If you've forgotten your password, please click the button below to reset your current password.
Modify Enrollment Wizard Text
The LocaleEnrollWizard.txt file contains all text within the Enrollment Wizard GUI, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
Though all properties can be modified, it is recommended that only the following poperties be modified:
Example Modification for Welcome Header: Welcome to ABC Company's Self Service
Password Reset Enrollment Wizard
Modify Reset Wizard Text
The LocaleResetWizard.txt file contains all text within the Reset Wizard GUI, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
Though all properties can be modified, it is recommended that only the following poperties be modified:
Example Modification for Welcome Header: Welcome to ABC Company's Self Service
Password Reset Wizard
Locale File Storage
In order for the locale modifications to be perpetuated to the end users, the locale files must reside in a share that is accessible by the Group Policy Object. The SSRPM Service Account, as well as the end uder accounts, should have rights to the share that contains the modified locale files.
Deploying Modified Locale Files Via GPO
SSRPM ships with an administrative template to allow for GPO deployment customization. This template contains the settings needed for specifying the location of the customized locale files.
_ Reset Wizard Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleResetWizard.txt
_ Enrollment Wizard Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleEnrollmentWizard.txt
_ GINA Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleGINA.txt
The GPO will deploy the product using the modified locale files, thus customizing the interfaces of the GINA, Enrollment Wizard, and Reset Wizard.
The LocaleGINA.txt file contains all text within the GINA modification, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
The following properties are available for modifications.
| Property | Default Value |
| LogonDialogText | If you've forgotten your password, click on the button below to reset your current password with the SSRPM Reset Wizard. |
| ForgotMyPasswordButton | Forgot my password... |
| ErrorDialogTitleRegistry | SSRPM - Registry error |
| ErrorDialogTitleStartResetWizard | SSRPM - Error starting the Reset Wizard |
| ErrorDialogText | An error has occurred while performing this operation. Please contact your system administrator for further assistance. |
Welcome to ABC Company's Self Service Password Reset Program. If you've forgotten your password, please click the button below to reset your current password.
Modify Enrollment Wizard Text
The LocaleEnrollWizard.txt file contains all text within the Enrollment Wizard GUI, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
Though all properties can be modified, it is recommended that only the following poperties be modified:
| Property | Default Value |
| WelcomeTitle | SSRPM Enrollment Wizard - Welcome |
| WelcomeHeader | Welcome to the Self Service Reset Password Management Enrollment Wizard |
| WelcomeText | Welcome to the Self Service Reset Password Management Program. This program will help you reset your password if you have lost your password. To be able to use this program, you must first enroll yourself into the Self Service Reset Password Management Program. |
| WelcomeTextExtended | This wizard will guide you through the process of enrolling into SSRPM. |
| WelcomeTextNext | Please click on the 'Next' button to start the wizard. |
| DefaultTitle | SSRPM Enrollment Wizard |
Modify Reset Wizard Text
The LocaleResetWizard.txt file contains all text within the Reset Wizard GUI, in the following languages:
_ English
_ Dutch
_ German
_ Spanish
_ French
_ Polish
_ Italian
_ Portuguese
_ Czek
Though all properties can be modified, it is recommended that only the following poperties be modified:
| Property | Default Value |
| WelcomeTitle | SSRPM Reset Wizard - Welcome |
| WelcomeHeader | Welcome to the SSRPM Reset Wizard |
| WelcomeText | Welcome to the Self Service Reset Password Management Program. This program will help you reset your lost password yourself. |
| SpecifyUserTitle | SSRPM Reset Wizard - Specify User |
Locale File Storage
In order for the locale modifications to be perpetuated to the end users, the locale files must reside in a share that is accessible by the Group Policy Object. The SSRPM Service Account, as well as the end uder accounts, should have rights to the share that contains the modified locale files.
Deploying Modified Locale Files Via GPO
SSRPM ships with an administrative template to allow for GPO deployment customization. This template contains the settings needed for specifying the location of the customized locale files.
_ Reset Wizard Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleResetWizard.txt
_ Enrollment Wizard Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleEnrollmentWizard.txt
_ GINA Locale: Set to Enabled, and enter the UNC Path to the share containing the file. E.g. \\Server1\Locale Files\LocaleGINA.txt
The GPO will deploy the product using the modified locale files, thus customizing the interfaces of the GINA, Enrollment Wizard, and Reset Wizard.
Read less...
I am running an older version of SSRPM, how do I upgrade to the latest?
Console, Service and Database Upgrade
Console and service upgrades can occur in place. To get from any version 6.04 and below to the most recent following upgrades must occur:
1. V6.11 Build 1044
2. V6.17 Build 1049
3. V6.29 Build 1061
4. V6.36 Build 1068 (Current version as of May 2011)
As each version installs, the service must be upgraded before moving to the next version. To do this, start the Console and use the SSRPM Service Installation Wizard to upgrade the current SSRPM Service.
Once the console and service are at the latest version, you will want to update the SSRPM database, via the admin functions are found in the Service configuration dialog found in the Service Management menu. Follow these steps database:
1. Go to the database tab and select Database Maintenance
2. In the Upgrade Database section, click Upgrade Database
3. Click Close, then OK
1. V6.11 Build 1044
2. V6.17 Build 1049
3. V6.29 Build 1061
4. V6.36 Build 1068 (Current version as of May 2011)
As each version installs, the service must be upgraded before moving to the next version. To do this, start the Console and use the SSRPM Service Installation Wizard to upgrade the current SSRPM Service.
Once the console and service are at the latest version, you will want to update the SSRPM database, via the admin functions are found in the Service configuration dialog found in the Service Management menu. Follow these steps database:
1. Go to the database tab and select Database Maintenance
2. In the Upgrade Database section, click Upgrade Database
3. Click Close, then OK
Read more...
Client Upgrade
This section describes how to upgrade the SSRPM User Client Software by using the existing GPO, which is quite the installation of the SSRPM User Client Software via a GPO. For more information about upgrading the SSRPM Console and SSRPM Service, see the 'Administrator's Guide', of which the latest version is available on the Tools4ever
Website (www.tools4ever.com).
Note: The client upgrade does not need to step through each version and build from 6.04 and early to the latest. upgrade can go directly to the latest version, regardless of the current version in place.
Perform the steps below to upgrade the currently installed SSRPM User Client Software on each client workstation:
1. Copy the newest version of the 'SsrpmUserClientSoftware.msi' file (default location: 'C:\Program Files\Tools4ever\SSRPM\Admin Console'), to the installation share which is used by the GPO (for instance:
'C:\EndUserSoftware\SSRPM'). The old version of this file may be replaced. Note: When you're running a Windows x64 Edition-based operating system, you must copy the installer 'SsrpmUserClientSoftwarex64.msi' instead of: 'SsrpmUserClientSoftware.msi'.
2. Open Active Directory Users and Computers' MMC snap-in.
3. Right click on the domain or OU which contains the GPO, which distributes the SSRPM User Client Software, on the 'Properties' button.
4. Select the 'Group Policy' tab. You will see the following dialog, which shows all currently installed.
5. Select the 'SSRPM Distribution Policy' or the GPO that you used to install the SSRPM User Client Software 'Edit'. The 'Group Policy Object Editor' MMC snap-in will be displayed, in which all computer and user policy the current GPO can be configured.
6. Expand the 'Software Settings' item in the 'Computer Configuration' branch and select the 'Software Settings' from the tree on the left pane. The right pane will display the software packages that are installed with
7. Right click on the 'Computer Configuration -> Software Settings -> Software Installation' item and click Package…' to create a new upgrade package.
8. Browse to the share that you've created to install the SSRPM User Client Software via a GPO and select 'SsrpmUserClientSoftware(x64).msi' package.
Warning: Do not browse to the local directory (for instance: 'C:\EndUserSoftware\SSRPM'), but to the instance: '\\SERVER_A\SSRPM'). If you select the local directory, the package will not be available to network.
9. Click on 'OK'. You will be presented with the 'Deploy Software' window:
10. Select the 'Assigned' radio button and click on 'OK'.
11. In the right page, right click on the new (upgrade) package (that is, not the package to be upgraded) 'Properties' from the menu.
12. Edit the name for the package so that it can be identified (for instance: 'SSRPM Version 3.21
13. Click the 'Upgrades' tab.
14. Click on 'Add...' to create or add to the list of packages that you want to upgrade with the new upgrade will display the 'Add Upgrade Package' Window:
15. Select the package that must be upgraded (for instance: 'SSRPM Version 3.20 1006').
16. Make sure that the 'Current Group Policy Object (GPO)' radio button in the 'Choose a package from' area and that the 'Uninstall the existing package, then install the upgrade package' in the 'Package to upgrade' selected.
17. Click on 'OK' (twice).
18. Right click on the 'Administrative Templates' in the 'Computer Configuration' branch.
19. Select 'Add/Remove templates...' from the menu.
20. Click on 'Add...'.
21. Browse to the location of the SSRPM Administrative Template file ('SSRPM.adm'), which is used by the configure several SSRPM settings (the default location of this file is: 'C:\Program Files\Tools4ever\SSRPM\Console\ADM'). Click on 'Open'.
22. You will be asked if you would like to replace the existing file. Click on 'Yes'. This will replace the old SSRPM the Administrative Template with the new one.
23. Click on 'Close'.
24. Close the Group Policy Object Editor by clicking on the 'X' button.
25. Click on 'OK'.
When the GPO has been modified successfully, the SSRPM User Client Software will be upgraded on each client for which this GPO is applicable. This upgrade will be performed automatically, according to the following procedure:
1. Client workstation starts
A user starts his or her client workstation.
2. GPO applies
The GPO will be applied on the client workstation if the workstation is located in the OU or a member which the GPO is applicable. This will upgrade the installed version of the SSRPM User Client Software version.
3. Client workstation restarts
When the GPO has been applied, the client workstation will restart automatically. After this restart, the Client software has been upgraded and is ready for use.
This section describes how to upgrade the SSRPM User Client Software by using the existing GPO, which is quite the installation of the SSRPM User Client Software via a GPO. For more information about upgrading the SSRPM Console and SSRPM Service, see the 'Administrator's Guide', of which the latest version is available on the Tools4ever
Website (www.tools4ever.com).
Note: The client upgrade does not need to step through each version and build from 6.04 and early to the latest. upgrade can go directly to the latest version, regardless of the current version in place.
Perform the steps below to upgrade the currently installed SSRPM User Client Software on each client workstation:
1. Copy the newest version of the 'SsrpmUserClientSoftware.msi' file (default location: 'C:\Program Files\Tools4ever\SSRPM\Admin Console'), to the installation share which is used by the GPO (for instance:
'C:\EndUserSoftware\SSRPM'). The old version of this file may be replaced. Note: When you're running a Windows x64 Edition-based operating system, you must copy the installer 'SsrpmUserClientSoftwarex64.msi' instead of: 'SsrpmUserClientSoftware.msi'.
2. Open Active Directory Users and Computers' MMC snap-in.
3. Right click on the domain or OU which contains the GPO, which distributes the SSRPM User Client Software, on the 'Properties' button.
4. Select the 'Group Policy' tab. You will see the following dialog, which shows all currently installed.
5. Select the 'SSRPM Distribution Policy' or the GPO that you used to install the SSRPM User Client Software 'Edit'. The 'Group Policy Object Editor' MMC snap-in will be displayed, in which all computer and user policy the current GPO can be configured.
6. Expand the 'Software Settings' item in the 'Computer Configuration' branch and select the 'Software Settings' from the tree on the left pane. The right pane will display the software packages that are installed with
7. Right click on the 'Computer Configuration -> Software Settings -> Software Installation' item and click Package…' to create a new upgrade package.
8. Browse to the share that you've created to install the SSRPM User Client Software via a GPO and select 'SsrpmUserClientSoftware(x64).msi' package.
Warning: Do not browse to the local directory (for instance: 'C:\EndUserSoftware\SSRPM'), but to the instance: '\\SERVER_A\SSRPM'). If you select the local directory, the package will not be available to network.
9. Click on 'OK'. You will be presented with the 'Deploy Software' window:
10. Select the 'Assigned' radio button and click on 'OK'.
11. In the right page, right click on the new (upgrade) package (that is, not the package to be upgraded) 'Properties' from the menu.
12. Edit the name for the package so that it can be identified (for instance: 'SSRPM Version 3.21
13. Click the 'Upgrades' tab.
14. Click on 'Add...' to create or add to the list of packages that you want to upgrade with the new upgrade will display the 'Add Upgrade Package' Window:
15. Select the package that must be upgraded (for instance: 'SSRPM Version 3.20 1006').
16. Make sure that the 'Current Group Policy Object (GPO)' radio button in the 'Choose a package from' area and that the 'Uninstall the existing package, then install the upgrade package' in the 'Package to upgrade' selected.
17. Click on 'OK' (twice).
18. Right click on the 'Administrative Templates' in the 'Computer Configuration' branch.
19. Select 'Add/Remove templates...' from the menu.
20. Click on 'Add...'.
21. Browse to the location of the SSRPM Administrative Template file ('SSRPM.adm'), which is used by the configure several SSRPM settings (the default location of this file is: 'C:\Program Files\Tools4ever\SSRPM\Console\ADM'). Click on 'Open'.
22. You will be asked if you would like to replace the existing file. Click on 'Yes'. This will replace the old SSRPM the Administrative Template with the new one.
23. Click on 'Close'.
24. Close the Group Policy Object Editor by clicking on the 'X' button.
25. Click on 'OK'.
When the GPO has been modified successfully, the SSRPM User Client Software will be upgraded on each client for which this GPO is applicable. This upgrade will be performed automatically, according to the following procedure:
1. Client workstation starts
A user starts his or her client workstation.
2. GPO applies
The GPO will be applied on the client workstation if the workstation is located in the OU or a member which the GPO is applicable. This will upgrade the installed version of the SSRPM User Client Software version.
3. Client workstation restarts
When the GPO has been applied, the client workstation will restart automatically. After this restart, the Client software has been upgraded and is ready for use.
Read less...
How can I migrate my Access database to SQL?
With SSRPM version 6.34 1066 and later, the MS Access database can be migrated to SQL
Server 2005 or later. Below are the steps to complete the migration.
1. Open SSRPM Admin Console.
1. Open SSRPM Admin Console.
Read more...
2. Go to Service Management
a. Configure
b. Database tab
c. Database Maintenance button
i. Select Create Database and follow instructions
ii. Once database has been successfully created, choose Add Configuration
d. Stop the SSRPM Service
3. Open SQL Management Studio
4. Browse to the SSRPM database that has been created in 2.c.i
a. Right Click on Database name
b. Task
i. Import data
1. Select the MS Access as the data source
2. Browse to the location of the SSRPM MS Access database
a. Next
3. Confirm the selection of the SSRPM SQL database
a. Next
4. Select the Copy data from one or more tables or views radio button
a. Next
5. Choose the Select All button
a. For each table selected
i. Choose the Edit Mapping button
1. Select the Delete rows in the destination table radio button
2. Check off the Enable identity insert box
3. OK
b. Next
c. Finish
5. Go back to SSRPM Admin Console
6. Go To Service Management
a. Start the SSRPM Service
b. Confirm the SQL database connection string is specified within the database connection string.
a. Configure
b. Database tab
c. Database Maintenance button
i. Select Create Database and follow instructions
ii. Once database has been successfully created, choose Add Configuration
d. Stop the SSRPM Service
3. Open SQL Management Studio
4. Browse to the SSRPM database that has been created in 2.c.i
a. Right Click on Database name
b. Task
i. Import data
1. Select the MS Access as the data source
2. Browse to the location of the SSRPM MS Access database
a. Next
3. Confirm the selection of the SSRPM SQL database
a. Next
4. Select the Copy data from one or more tables or views radio button
a. Next
5. Choose the Select All button
a. For each table selected
i. Choose the Edit Mapping button
1. Select the Delete rows in the destination table radio button
2. Check off the Enable identity insert box
3. OK
b. Next
c. Finish
5. Go back to SSRPM Admin Console
6. Go To Service Management
a. Start the SSRPM Service
b. Confirm the SQL database connection string is specified within the database connection string.
Read less...
Does the SSRPM service version need to match the client software version?
SSRPM service is backwards compatible, we support this by development. Backwards
compatibility support means that newer versions of the SSRPM service support older SSRPM
(GINA) clients.
PSM
Can PSM be configured for failover so that if the main instance becomes unavailable a redundant instance will be utilized automatically?
Absolutely, this functionality is available in 10.9 build 1664 and higher. Any number of
service instances may be installed. A connection order is then configured within the PSM
console. If PSM is unable to connect to the first service in the connection list then it attempts
to connect to the next instance. This process repeats until a successful connection is made or
all service instances have been contacted.
Can end users be notified, automatically, via email whenever a password push succeeds or fails? If so, how is it configured?
Yes, this functionality is available out-of-the-box. The following actions are required:
- 1.Get user (AD)
- 2.Get attribute (mail)
- 3.Push password action (configure error handling)
- 4.Send mail message (SUCCESS)
- 5.Go to label
- 6.Send mail message (FAIL)
- 7.No operation
I installed PSM on all domain controller but it's not communicating with the UMRA Service. What's wrong?
Once the PSM DLL has been installed on a domain controller it's required that the domain controller be rebooted before the DLL will actively send password resets to the UMRA Service.
What systems can I push password resets to via PSM?
PSM may be configured to push Active Directory (AD) password resets to virtually any
system. Support for the following systems is available out-of-the-box:
Directory, Open LDAP (includes Apple),SunOne Directory,Lotus Notes, SAP, Google, MS Live, Office 365, TOPdesk, ODBC compliant data sources. Contact your Account Manager for details regarding support for other systems.
Directory, Open LDAP (includes Apple),SunOne Directory,Lotus Notes, SAP, Google, MS Live, Office 365, TOPdesk, ODBC compliant data sources. Contact your Account Manager for details regarding support for other systems.
SpaceGuard
What clusters services are compatible with SpaceGuard SRM?
SpaceGuard SRM has been developed for Microsoft-compliant cluster solutions and will only
support MSCS compatible clusters.
How do I display the name of a directory in popup alerts?
When specifying quota targets for popup, email, or revoke access
actions the %RELATIVE_QUOTA_DIRECTORY% keyword should be used. This
keyword contains the last part of the full directory, e.g.
D:\UserData\Sales\JSmith = JSmith.
What is the best way to backup your SG SRM configuration, not just quotas?
Include the following in the nightly backup routine:
c:\Program Files\SpaceGuard Service (found on the machine hosting the SG SRM service)
c:\Program Files\Tools4ever\SpaceGuard SRM (found on any machine where the SG SRM management console has been installed.)
What do I do if SpaceGuard SRM popup alerts do not work in Windows 2008?
The popup alert in SpaceGuard SRM is not supported in Windows 2008 environments.
MonitorMagic
What versions of SNMP are supported by MonitorMagic?
MonitorMagic supports SNMP version 1.
What type of connectivity is required for MonitorMagic to successfully monitor a target, .e.g server and/or workstation?
In order to successfully monitor a target machine the target should have port 48155 open and NETBIOS over TCP/IP enabled.
Does MonitorMagic provide the capability to monitor network traffic?
MonitorMagic does not provide this functionality.
What do you do when perflib errors are present in the Event Log when using MonitorMagic to monitor a machine?
When monitoring performance counter data the performance library (perflib) tries to read a key from the registry. When this key doesn't exist, or cannot be read, perflib errors are written to the event log. This is a form of registry corruption that is very common with some services. The existence of these keys may be verified by looking at:
HKLM\SYSTEM\CurrentControlSet\Service\
Does MonitorMagic support monitoring within workgroups? If so, how is the product licensed in a workgroup environment?
Yes, MonitorMagic supports monitoring machines that are members of a workgroup. The
domain name that must be specified for the license should be the name of the workgroup.
Password Management and Synchronization
How do you introduce complex passwords?
SSRPM can be configured to adhere to the password complexity rules as defined within your domain.
What strategy should you use to choose a password?
This differs from environment to environment, but passwords should be secure, with a random mix of character types and cases.
How to manage the complexity of passwords with Password Manager Complexity?
If Password Complexity Manager is configured to handle domain password complexity requirements, SSRPM can be configured to adhere to these requirements as well.
How can we synchronize passwords with Password Sync Manager?
This product allows for password resets to propagate to other products in the environment, using UMRA’s scripting platform.
What happens if password synchronization fails, how is the end user notified, is there a retry interval?
The end user may be notified via email. Yes, there is a configurable retry interval.
What is the advantage of acquiring both PSM and the SSRPM-UMRA connector?
User can be auto-enrolled into SSRPM, and then any resets that occur can be passed to other applications.
How are end users made aware of the required password complexity?
When resetting, SSRPM will display the requirements to the end user. If the new password does not meet requirements, they are prompted to retry.