Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Enabling uReset for Entra-ID (Azure AD) only joined clients

Please note these instructions apply only to AAD-only machines and are not applicable to hybrid-joined machines.

Below we will review the steps required for enabling Azure Active Directory joined Windows clients with the Specops Authentication Client to use uReset from the Windows login screen.

Where do I go to download the Microsoft ADMX templates?

This is for version for Windows 11 2023 Update (23H2), So you may need to search for your particular version.

https://www.microsoft.com/en-us/download/details.aspx?id=10566

Configuring for Microsoft Entra ID-joined computers

Within the Microsoft Intune admin center, go to Devices>Configuration>Import ADMX and click on Import ADMX then import:

Do this for the Windows.admx and repeat for the Specops.Client.AzureAdJoinedComputer.AdmxTemplates as well. You will need to wait until the ADMX settings show up before continuing.

Identify the uReset URLs

Launch Specops Authentication Gatekeeper Administration from the start menu on your Gatekeeper server. Next, choose the uReset tab on the left. Under the URLs in this section, identify the URLs, and right click them to copy to a temporary location.

Creating a configuration profile for the Specops Authentication client

Create the profile by selecting create under policies>create>new policy and selecting your platform, selecting your template type, and naming your profile:

You will start by naming your profile and then be brought over to this screen where you edit your configuration settings:

Edit each of the options with the respective links from the gatekeeper, you copied earlier and click OK. Finish defining your scope(s) and assignment(s) if required, and then on the review + create, select create.

Under Configuration settings, click edit:

Once you edit the profile, search for “ctrl” and then select remove change password and set this to Enabled:

If you would like to enable shortcuts for cloud joined computers, you can do so with this option:

For best results

Follow this documentation to have passwords sync immediately rather than waiting the default interval:

https://specopssoft.com/support/en/ureset-8/gatekeeper-admin-tool.htm#azure-ad-settings

Verify changes were successful

Press Ctrl+alt+del to verify Change Password is no longer visible:

Check the registry to ensure to ensure the URLs from the gatekeeper have populated:

Publication date: August 25, 2022
Modification date: May 1, 2024

Was this article helpful?

Related Articles