Installing Specops Password Policy
During installation, Specops Password Policy will launch the Setup Assistant. The Setup Assistant will help you install the following components for Specops Password Policy:
- Administration Tools
- Specops Arbiter
- Sentinel
- Client
- Download the Setup Assistant.
- Save and Run the Setup Assistant on your server.
NOTE
By default, the file is extracted to
C:\temp\SpecopsPasswordPolicy_Setup_[VersionNumber]
- Double click SpecopsPasswordPolicy.Setup.exe to launch the Setup Assistant.
- To begin, click Start Installation in the Specops Setup Assistant dialog box, and Accept the End User License Agreement.
Installing the Administration Tools
Installing the Administration Tools will install the Domain Administration tool and the GPMC snap-in, as well as the powershell module. You can use the Domain Administration tool to manage configurations that apply to your entire domain including your license information, templates, and Password Policy Sentinel installations. You can use the GPMC snap-in to configure password policies in a Group Policy Object (GPO). The GPO can then be applied to your entire domain or a part of your domain.
The Administration Tools should be installed on the computer that you want to administer the product from.
NOTE
This machine requires Internet access to download the online dictionaries.
- In the main menu, select Administration tools.
NOTE
The installer will indicate whether installation prerequisites are met with a green checkmark in front of the prerequisites. If any display a red cross, please install or update that component in your system.
- If you want Specops Password Policy to register the Specops Active Directory Users and Computers (ADUC) Menu Extension, click Extend menu.
NOTE
This will allow Specops to add the Specops Display Specifiers in the configuration partition of your Active Directory forest allowing you to administer the product directly from the right-click menu of Active Directory objects. In order to add the menu extension to Active Directory the user running the Setup Assistant must be an Enterprise Administrator.
- Click Install.
- In the Installation succeeded dialog box, click OK.
For information on how to set up policies, please refer to the Adminsitration documentation
Installing the
Specops Arbiter
NOTE
The Specops Arbiter is installed for use with the Specops Breached Password Protection add-on, as well as to enable sending emails through the Arbiter.
- In the main menu, select Specops Arbiter.
- If any of the prerequisites are not met, please update or install the required elements.
- Click Install.
- In the Installation succeeded dialog box, click OK.
Installing the Sentinel
The Sentinel is a password filter at the domain controllers which verifies whether the new password matches the Specops Password Policy settings assigned to the user. You should install the Sentinel on all writable domain controllers in your domain. All Domain Controllers should have the same version of the Sentinel.
- In the main menu, select Domain Controller Sentinel.
- To install the Sentinel on all writable domain controllers in your domain you can:
Option
Create a network share on the local computer and copy the sentinel msi-package to the new network share
- Click Create Share.
- Select a local path to create the share for, and click OK.
- Click Select share.
- Verify that the network path to the network share you created is correct, and click OK.
Option
Select an existing network share and manually copy the msi-package to the existing network share
- Click Select Share.
- Browse to the location of the msi-package, and click OK.
NOTE
The default installer extraction path is: C:\temp\SpecopsPassword_Setup_[VersionNumber]\
- Select the domain controllers you want to install the Sentinel on, and click Install.
NOTE
You must reach the remote domain controllers through Remote Protocol Connection (RPC).
- Verify that the Sentinel state for the selected domain controllers has changed to “Installed.”
NOTE
If the Sentinel state for the selected domain controllers has changed to install, but the icon next to the component hasn’t changed, you can continue to the next step.
Post-installation: You must reboot your domain controllers once you have installed the Sentinel.
Installing the Client
The Specops Client is installed with an MSI-based installer. Note that upgrading the Specops Client will overwrite the installed Client.
If installed, the Specops Client can be found in “Add/Remove Programs” or “Programs and Features” from within the Windows Control Panel. Versions and releases may vary.
NOTE
Older versions of the Specops Client can be identified as “Specops uReset Client” or “Specops Password Client.”
The Specops Client can be used across the following Specops Software products:
- Specops Password Reset
- Specops Password Policy
- Specops uReset
Upgrading the Specops Client
Organizations using Specops Password Policy only, need to deploy the Specops Client MSI. The CefSharp Runtime MSI is not required for this scenario.
Organizations using Specops uReset or Specops Password Reset, need to deploy the CefSharp Runtime MSI in addition to the Specops Client MSI. The CefSharp Runtime MSI is required by the Secured Browser used for resetting passwords.
Since the Specops Client uses a specific version of the CefSharp Runtime MSI, it is important to deploy the latest CefSharp Runtime MSI at the same time or before deploying the Specops Client MSI.
While the Specops Client MSI only can be installed with exactly 1 version, multiple versions of the CefSharp Runtime MSI can be installed at the same time. The purpose with this is to simplify deployment in a larger organization.
The recommended flow for upgrading the Specops Client is:
- Deploy the latest CefSharp Runtime MSI, if it's not already deployed
- Deploy the latest Specops Client MSI
- Undeploy any previous versions of the CefSharp Runtime MSI, if necessary
NOTE
When using Specops Client in conjunction with a password reset tool:
The latest CefSharp browser runtime version is required if Specops uReset/Specops Password Reset is used (Specops Password Policy only customers don't need the CefSharp browser runtime). It is recommended to deploy the CefSharp browser runtime before the Specops Client itself.
Installation/upgrade behavior for CefSharp browser runtime has been changed. Installing a newer CefSharp runtime will no longer replace the older installed runtime. Instead, multiple CefSharp browser versions can co-exist. The intention is to be able to do a rollout in an organization, where the new CefSharp browser first is deployed. Once deployed, the Specops Client can be upgraded. This will make it easier to make sure that the Specops Client works on all computers during an upgrade, regardless of whether the latest CefSharp browser runtime has been deployed yet or not.
The Specops Client needs to be installed on the organization’s client computers, either by installing manually or by deploying using a deployment tool.
Downloading the Specops Client
Download the MSI from the download page directly. Users installing Specops Password Policy can also access the download page via the Password Policy installer's Download Client Installation Files section.
Deploying the Specops Client
To deploy the Specops Client to all users, use GPSI, Specops Deploy/App, or any other deployment tool. Specops Client supports silent install when deploying using a deployment tool. The client MSI can be deployed silently using standard MSI switches (e.g. /qn). There are no Specops command line parameters for the MSI installation.
Manually Installing or upgrading the Specops Client
- Open the Specops Client Setup wizard you just downloaded (.msi file)
- In the wizard, click Next.
- Accept the License Agreement by checking the checkbox, and click Next.
- Select the location where the Client should be installed (default path is
C:\Program Files\Specopssoft\Specops Client\
), then click Next.
- Click Install.
- Once the installation has completed, click Finish.
Configuring the Specops Client
The Specops Client can be configured using the administrative template in the Group Policy Management Console. For more information on its configuration, please refer to the Specops Client page.