1

ADSelfService Plus GINA/CP Installation

Contents

Page 1 of this document gives you a brief introduction about GINA/CP and its uses, while pages 2 through 11 provide steps to install GINA/CP through Group Policy Object (GPO).

Document Summary: This document describes briefly about ADSelfService GINA/CP, its uses and also illustrates the method to install it using GPO. The document is written with the assumption that you are a system administrator with a basic knowledge of Windows operating system, Active Directory and enterprise software deployment. However, care has been taken to keep the installation steps as simple as possible.

ADSelfService Plus GINA/CP: With web‐based password self‐service software, end users need not rely on administrators or helpdesk technicians to reset password/ unlock accounts anymore. Though it offers them self‐reliance, there is still a small element of dependency involved: an end‐user needs to borrow someone else’s computer for a brief period to access self‐service portal and reset password or unlock account. Though it might seem too trivial, the ability to reset password using one’s own computer is very much desirable and preferred in some organizations.

ADSelfService Plus GINA/CP eradicates such dependencies and offers complete password self‐service abilities to users. It allows end‐users to reset password / unlock account right at the windows log‐on prompt of their computers.

Customizing Microsoft’s native GINA/CP, this feature adds a button – labeled ‘Reset Password/Unlock’ – to native windows log‐on prompt. Clicking it leads the users to the self‐service website from where password can be reset and/or account can be unlocked. This saves the end users the hassle of seeking other machines to use self‐service portal. [The browser which displays the self‐service website is well‐protected; it cannot be hacked or used to browse through the internet]

ADSelfService GINA: Compatible with Windows XP, 2000, 2003 and 2008 Server.

ADSelfService CP: Compatible with Windows Vista.

2

ADSelfService Plus GINA/CP GPO Installation Process

Important: Before beginning to install GINA/CP, place the Installer.vbs and ADSelfServicePlusClientSoftware.msi files in a network shared folder of the server.

ADSelfServicePlusClientSoftware.msi will be available in “bin” directory of ADSelfService Plus installation folder.

Download “Installer.vbs” script files through this link:

http://www.manageengine.com/products/self‐service‐password/js/InstallAgent.vbs

Best Practice: Create a group and add to it all the computers in which you want to install GINA/CP. Create a GPO and apply it to this group.

Follow the steps given below in the same sequence for successful installation:

Step 1: Create a GPO and name it:

1. Right click on the domain or OU you want to apply the GPO.

Select “Properties”.

2. In the window that emerges, select “Group Policy” Tab

In this tab, click the button “New” to add a Group Policy Object

3

Give a descriptive name to the Group Policy Object, for example “ADSSP_GINA_GPO” or “GPOGINA”

Step 2: Edit the GPO and place Installer.vbs file

3. Now, highlight the GPO and click the “Edit” button to edit it.

4. Clicking “Edit” button pops out GPO editor. (Alternatively, double‐clicking on the GPO will also open up the GPO editor).

In this GPO editor, on the right pane, double click “computer configuration”.

5. Then double‐click “Windows Settings” Double‐click “Scripts (Startup/Shut Down)” double‐click “Startup”

4

6. Once “Startup" is double‐clicked, “Start Properties” dialog box pops out

5

a.) In this “Startup Properties” dialog box, click “Show Files”. A new window pops out.

b.) Paste the Installer.vbs (script) file and close the window. You will be back to the “Startup Properties” dialog box.

c.) To add this script file, click “Add” button in the "Startup properties". This will open up the “Add Script File” dialog box.

d.) To enter the script name, click the “Browse” button, select the script, and click the button “Open”.

e.) Enter the parameter. Click “OK”.

Syntax for the parameter: <path of MSI file>; <server name where ADSelfService Plus is installed>; <port number through which ADSelfService runs>

EXAMPLE:

Let us assume you have:

1. Stored ADSelfServicePlusClientSoftware.msi in a network shared folder ‘John’, which is available in the server called XYZ.

2. Installed ADSelfService Plus on a server called ABC.

3. ADSelfService Plus runs on port number 8888.

Then the parameter will be as follows:

\\XYZ\John\ADSelfServicePlusClientSoftware.msi; ABC; 8888

NOTE: Before setting the parameter, it is better to check the accessibility of ADSelfServicePlusClientSoftware.msi.

6

e.)You will be back to "Startup Properties" window. Click "Apply" button first and then click "OK" to complete the procedure. The window will be closed and you will arrive at GPO Editor once again.

Step 3: Important Settings:

7. Once you have completed the above mentioned steps, set the “Administrative Template Settings” as mentioned below:

Administrative Template Settings

a. On the left pane of GPO Editor Window, double click "Administrator Templates" available under "Computer Configuration". Now, four subfolders will be revealed in the right pane: ‘Windows Components’, ‘System’, ’Network’, and 'Printers'

b. Double click "System" folder. More sub‐folders will be revealed.

c. In these, the folders that concern us are:

Scripts ‐‐‐ 2nd from above

Logon ‐‐‐ 3rd from above

Group Policy ‐‐‐ 6th from above

Click the folders mentioned above one by one and make the following settings:

Scripts:

Once “Scripts” folder is clicked, several options will be listed out.

Out of these, you have to enable two options as shown in the diagrams below:

1. In the right pane of the GPO editor, double click “Run logon scripts synchronously", enable it, click "Apply” and then "OK".

7

2. Then, double click “Maximum wait time for Group Policy scripts”. Enable it and then click “Apply” and then “OK”. Refer the diagram below:

Logon:

Once “Logon” folder is double‐clicked, several options will be listed out.

Double‐click the last property “Always wait for the network at startup and logon” and enable it. Click “Apply” and then “OK”.

Take a look at the diagram below:

8

Group Policy:

Click on “Group Policy” folder. Out of the properties shown, double‐click on “Group Policy slow link detection” property (sixth from the top). Enable it, click “Apply” and “OK” buttons.

Step 4: Applying the GPO

This is the final step, where you apply GINA/CP Installation GPO – that you configured – to computers in the network:

8. On the left pane of the GPO editor, right click on the GPO you are working on (available on the top left corner of the GPO editor), select “Properties”.

9

9. Click “Security Tab” click “Add” button. The “Select Users, Computers or Groups” dialog box pops out.

10. In this click “Object Types” button, make sure “Groups” is checked, and then click “OK”.

11. Now find out the group to which you have added computers that need GINA/CP installation:

Enter the group name

10

Click “Check Names” and “OK” once you find the group Highlight the group click “OK” to add this group. You will be returned to “Select Users...” dialog box. Click “OK”.

12. Now you will be back to “Security Tab” and able to see the group you added.

Highlight that group and check “Read” and “Apply Group Policy” checkboxes under the “Allow” column.

IMPORTANT NOTE: After completing all these steps, remember to remove “Authenticated Users” from Security Tab. [Select “Authenticated Users” and hit “Remove”]

Finally, reboot all the client machines.

11

In case you prefer to add computers one by one, please follow this method.

a. Follow steps 8 and 9.

b. Click “Object Types” button. Make sure “Computers” is checked. Click “OK”.

c. Use “Check Names” to find the necessary computers.

d. Once they appear, highlight them click “OK”. You will be led back to “Select Users…”.Again click “OK”.

e. Now highlight the computer you want, set permissions by checking “Read” and “ApplyGroup Policy” checkboxes under the “Allow” column. Repeat this for all the computersyou desire to install GINA/CP.

IMPORTANT NOTE: After completing all these steps, remember to remove“Authenticated Users” from Security Tab. [Select “Authenticated Users” and click“Remove”]

Finally, reboot all the client machines.

Test:

To test if you have carried out a successful installation, in the DOS prompt of your client machines, type in “Gpresult /v”.

If everything went correctly, you should be able to see:

a. The name of the Group Policy Object you configured under the subheading “Applied GroupPolicy Objects”.

b. “Installagent.vbs” under the subheading “Startup scripts”.

Diagnostics: Please check the “AdsspScriptlog.txt” in the WINDOWS directory (or) Start Run Type in %windir\AdsspScriptlog.txt%

Name :

Email :

Description :

Get a Free Personalized Demo