Enabling uReset for Off-Network Clients
In this article we will review the steps required for enabling domain-joined Windows clients with the Specops Authentication Client to use uReset from the Windows login screen. These steps are not always needed, but are recommended for clients that do not frequently connect to the corporate LAN or VPN. If this is not done, you may also encounter the following error “The specified domain either does not exist or could not be contacted”
Identify Enroll and Reset URLs
Launch Specops Authentication Gatekeeper Administration from the start menu on your Gatekeeper server. Identify the Enrollment URL under Useful Links, and right-click on it to copy it to a temporary location
Next, choose the uReset tab on the left. Under the URLs in this section, identify and right-click the Reset Password URL again storing it to a temporary location:
Configure Specops Authentication Clients using Group Policy
For clients who do regularly connect to the corporate LAN or VPN, we recommend using the Specops Authentication Client ADMX template to configure these settings. Please see the uReset Admin guides on our support page for details on how to install the ADMX template if you have not already done so.
Under Computer Configuration/Policies/Administrative Templates/Specops Authentication Client/Url Overrides (uReset):
Set Enrollment web page URL to Enabled and set the URL option to the Enrollment URL identified earlier.
Set both Reset Password web page URL and Reset Password web page URL from Internet to Enabled and set the URL option to the Reset Password link identified earlier.
Configure Off-Network Specops Authentication Client using the Registry
For clients that do not frequently connect to the corporate LAN or VPN, create the following registry values on your clients or deploy them using a .reg file, replacing the sample URLs here with your own as detailed in the previous section:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\SpecopsSoft] [HKEY_LOCAL_MACHINE\SOFTWARE\SpecopsSoft\uReset] [HKEY_LOCAL_MACHINE\SOFTWARE\SpecopsSoft\uReset\Client] [HKEY_LOCAL_MACHINE\SOFTWARE\SpecopsSoft\uReset\Client\Urls] "Enroll"="https://login.specopssoft.com/Authentication/Enroll?domainName=specopsdemo.com" "Reset"="https://login.specopssoft.com/Authentication/Password/Reset?domainName=specopsdemo.com" "ResetExternal"="https://login.specopssoft.com/Authentication/Password/Reset?domainName=specopsdemo.com"
Testing
During testing if a machine that is being tested with gets disconnected from the domain, it may be necessary to wait a short period of time before the Windows realizes it is no longer connected to the domain. You can verify it is no longer connected with the following command:
nltest /sc_query:yourcompanydomainnameIf you wish to force this to disconnect or reconnect to the domain, you may use the following command:
nltest /sc_reset:yourcompanydomainname