1 ADSelfService Plus GINA/CP Installation Contents Page 1 of this document gives you a brief introduction about GINA/CP and its uses, while pages 2 through 11 provide steps to install GINA/CP through Group Policy Object (GPO). Document Summary: This document describes briefly about ADSelfService GINA/CP, its uses and also illustrates the method to install it using GPO. The document is written with the assumption that you are a system administrator with a basic knowledge of Windows operating system, Active Directory and enterprise software deployment. However, care has been taken to keep the installation steps as simple as possible. ADSelfService Plus GINA/CP: With web‐based password self‐service software, end users need not rely on administrators or helpdesk technicians to reset password/ unlock accounts anymore. Though it offers them self‐ reliance, there is still a small element of dependency involved: an end‐user needs to borrow someone else’s computer for a brief period to access self‐service portal and reset password or unlock account. Though it might seem too trivial, the ability to reset password using one’s own computer is very much desirable and preferred in some organizations. ADSelfService Plus GINA/CP eradicates such dependencies and offers complete password self‐ service abilities to users. It allows end‐users to reset password / unlock account right at the windows log‐on prompt of their computers. Customizing Microsoft’s native GINA/CP, this feature adds a button – labeled ‘Reset Password/Unlock’ – to native windows log‐on prompt. Clicking it leads the users to the self‐service website from where password can be reset and/or account can be unlocked. This saves the end users the hassle of seeking other machines to use self‐service portal. [The browser which displays the self‐service website is well‐protected; it cannot be hacked or used to browse through the internet] ADSelfService GINA: Compatible with Windows XP, 2000, 2003 and 2008 Server. ADSelfService CP: Compatible with Windows Vista.
12
Embed
ADSelfService Plus GINA/CP Installation - … · ADSelfService Plus GINA/CP Installation ... ADSelfService GINA: Compatible with Windows XP, ... Compatible with Windows Vista. 2
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
ADSelfService Plus GINA/CP Installation
Contents
Page 1 of this document gives you a brief introduction about GINA/CP and its uses, while pages 2 through 11 provide steps to install GINA/CP through Group Policy Object (GPO).
Document Summary: This document describes briefly about ADSelfService GINA/CP, its uses and also illustrates the method to install it using GPO. The document is written with the assumption that you are a system administrator with a basic knowledge of Windows operating system, Active Directory and enterprise software deployment. However, care has been taken to keep the installation steps as simple as possible.
ADSelfService Plus GINA/CP: With web‐based password self‐service software, end users need not rely on administrators or helpdesk technicians to reset password/ unlock accounts anymore. Though it offers them self‐reliance, there is still a small element of dependency involved: an end‐user needs to borrow someone else’s computer for a brief period to access self‐service portal and reset password or unlock account. Though it might seem too trivial, the ability to reset password using one’s own computer is very much desirable and preferred in some organizations.
ADSelfService Plus GINA/CP eradicates such dependencies and offers complete password self‐service abilities to users. It allows end‐users to reset password / unlock account right at the windows log‐on prompt of their computers.
Customizing Microsoft’s native GINA/CP, this feature adds a button – labeled ‘Reset Password/Unlock’ – to native windows log‐on prompt. Clicking it leads the users to the self‐service website from where password can be reset and/or account can be unlocked. This saves the end users the hassle of seeking other machines to use self‐service portal. [The browser which displays the self‐service website is well‐protected; it cannot be hacked or used to browse through the internet]
ADSelfService GINA: Compatible with Windows XP, 2000, 2003 and 2008 Server.
ADSelfService CP: Compatible with Windows Vista.
2
ADSelfService Plus GINA/CP GPO Installation Process
Important: Before beginning to install GINA/CP, place the Installer.vbs and ADSelfServicePlusClientSoftware.msi files in a network shared folder of the server.
ADSelfServicePlusClientSoftware.msi will be available in “bin” directory of ADSelfService Plus installation folder.
Download “Installer.vbs” script files through this link:
NOTE: Before setting the parameter, it is better to check the accessibility of ADSelfServicePlusClientSoftware.msi.
6
e.)You will be back to "Startup Properties" window. Click "Apply" button first and then click "OK" to complete the procedure. The window will be closed and you will arrive at GPO Editor once again.
Step 3: Important Settings:
7. Once you have completed the above mentioned steps, set the “Administrative Template Settings” as mentioned below:
Administrative Template Settings
a. On the left pane of GPO Editor Window, double click "Administrator Templates" available under "Computer Configuration". Now, four subfolders will be revealed in the right pane: ‘Windows Components’, ‘System’, ’Network’, and 'Printers'
b. Double click "System" folder. More sub‐folders will be revealed.
c. In these, the folders that concern us are:
Scripts ‐‐‐ 2nd from above
Logon ‐‐‐ 3rd from above
Group Policy ‐‐‐ 6th from above
Click the folders mentioned above one by one and make the following settings:
Scripts:
Once “Scripts” folder is clicked, several options will be listed out.
Out of these, you have to enable two options as shown in the diagrams below:
1. In the right pane of the GPO editor, double click “Run logon scripts synchronously", enable it, click "Apply” and then "OK".
7
2. Then, double click “Maximum wait time for Group Policy scripts”. Enable it and then click “Apply” and then “OK”. Refer the diagram below:
Logon:
Once “Logon” folder is double‐clicked, several options will be listed out.
Double‐click the last property “Always wait for the network at startup and logon” and enable it. Click “Apply” and then “OK”.
Take a look at the diagram below:
8
Group Policy:
Click on “Group Policy” folder. Out of the properties shown, double‐click on “Group Policy slow link detection” property (sixth from the top). Enable it, click “Apply” and “OK” buttons.
Step 4: Applying the GPO
This is the final step, where you apply GINA/CP Installation GPO – that you configured – to computers in the network:
8. On the left pane of the GPO editor, right click on the GPO you are working on (available on the top left corner of the GPO editor), select “Properties”.
9
9. Click “Security Tab” click “Add” button. The “Select Users, Computers or Groups” dialog box pops out.
10. In this click “Object Types” button, make sure “Groups” is checked, and then click “OK”.
11. Now find out the group to which you have added computers that need GINA/CP installation:
Enter the group name
10
Click “Check Names” and “OK” once you find the group Highlight the group click “OK” to add this group. You will be returned to “Select Users...” dialog box. Click “OK”.
12. Now you will be back to “Security Tab” and able to see the group you added.
Highlight that group and check “Read” and “Apply Group Policy” checkboxes under the “Allow” column.
IMPORTANT NOTE: After completing all these steps, remember to remove “Authenticated Users” from Security Tab. [Select “Authenticated Users” and hit “Remove”]
Finally, reboot all the client machines.
11
In case you prefer to add computers one by one, please follow this method.
a. Follow steps 8 and 9.
b. Click “Object Types” button. Make sure “Computers” is checked. Click “OK”.
c. Use “Check Names” to find the necessary computers.
d. Once they appear, highlight them click “OK”. You will be led back to “Select Users…”.Again click “OK”.
e. Now highlight the computer you want, set permissions by checking “Read” and “ApplyGroup Policy” checkboxes under the “Allow” column. Repeat this for all the computersyou desire to install GINA/CP.
IMPORTANT NOTE: After completing all these steps, remember to remove“Authenticated Users” from Security Tab. [Select “Authenticated Users” and click“Remove”]
Finally, reboot all the client machines.
Test:
To test if you have carried out a successful installation, in the DOS prompt of your client machines, type in “Gpresult /v”.
If everything went correctly, you should be able to see:
a. The name of the Group Policy Object you configured under the subheading “Applied GroupPolicy Objects”.
b. “Installagent.vbs” under the subheading “Startup scripts”.
Diagnostics: Please check the “AdsspScriptlog.txt” in the WINDOWS directory (or) Start Run Type in %windir\AdsspScriptlog.txt%