The Specops Secured Browser is used to reset passwords for a user from the Windows logon screen. It comes in two flavors, based on CefSharp and Internet Explorer browser engines, respectively. It is recommended to use the CefSharp-based Secured Browser for better security and user experience.
To use the CefSharp-based Secured Browser, the Specops Authentication Client CefSharp runtime must be deployed. The runtime has been tested by Specops to be compatible with the Secured Browser, and is a separate MSI from the Specops Authentication Client.
If the CefSharp runtime isn't installed, an error message will be displayed if attempting to reset a password from the Windows logon screen by pressing the 'Reset Password...' link. It is possible to enforce using the Internet Explorer based browser, but strongly not recommended.
The CefSharp-based browser supports Specops uReset 8 and Specops Password Reset. Organizations that have not yet migrated to Specops uReset 8 must use the Internet Explorer-based Secured Browser, and should therefore not deploy the MSI for Specops the CefSharp runtime.
Organizations using Specops uReset 8 or Specops Password Reset
It is recommended to deploy the Specops Authentication Client CefSharp runtime on x64 Windows 10 or newer client computers.
Organizations using Specops uReset 7
It is recommended to migrate to Specops uReset 8. If that currently isn't viable, the IE-based browser must be enforced in ADMX settings ("Enforce IE based secured browser"). There is no need to deploy the Specops Authentication Client CefSharp runtime (not supported).
Organizations using Specops Password Policy only
If no reset solution is used, there is no need deploy the Specops Authentication Client CefSharp runtime (not applicable).