The information below will help you upgrade to the latest version of Specops Password Reset. For information on upgrading to the latest version of the Client, click here.

Supported Upgrade Environments

You can upgrade to the most recent version of Specops Password Reset from Specops Password Reset 4.1 or later. It is strongly recommended that you upgrade all components of Specops Password Reset. It is best practice to upgrade the components in the following order:

  1. Specops Password Reset Server (Internal)
  2. Specops Password Web (Internal)
  3. DMZ server (if applicable)
  4. The Administration Tools
  5. Specops Client

Planning an upgrade

Before upgrading, you should:

  1. Read the Specops Password ResetRelease Notes. The Release Notes provides a summary of new features and changes since the last release. The Release Notes can help you evaluate whether an upgrade is necessary.
  2. Locate and read the Specops Password Reset Product Documentation.
  3. If you are upgrading from version 5.0 or lower, you will need a new license key. Contact your account representative for more information.


To upgrade to the latest version, your organization’s environment must meet the following system requirements:

Component Requirement
  • Windows Server 2003 R2 or later
  • Windows Identity Foundation installed
Administration Tools
  • Windows Vista or later
  • Active Directory and Computers snap-in Group Policy Management Console (GPMC)
  • .Net Framework 3.5 or later
  • Windows Server 2003 R2 or later
  • IIS installed
  • Trusted SSL certificate for all names the web application will be presented as
Specops Client
  • Windows Vista or later
  • .Net Framework 3.5 SP1 or later

The Specops Setup Assistant will help you meet the system requirements.

Upgrading Specops Password Reset

The Setup Assistant will allow you to upgrade the required components.

  1. Download the Setup Assistant.
  2. Save and Run the Setup Assistant on the server that runs Password Reset.
    By default the file is extracted to C:\temp\SpecopsPasswordReset_Setup_[VersionNumber]
  3. Double click SpecopsPasswordReset.Setup.exe to launch the Setup Assistant.
  4. To begin, click Start Installation in the Specops Setup Assistant dialog box.

Upgrade the Specops Password Reset Server

The Specops Password Reset Server performs operations against Active Directory and responds to requests from the Specops Password Web application.

  1. From the Setup Assistant, select Server .
  2. Click Select user .
  3. Enter the Username and Password of the user account the service will run as, and click OK .
    • To view the currently used service account, open Services.msc and locate Specops Password Reset Server services. The user service account can be found in the Log On As column.
    • All operations performed by the Specops Password Reset Server component will be performed in the context of the service account selected here.
  4. Click Select to identify the management level where the Active Directory permissions are created. This is also used to track license usage.
  5. Select the self-signed certificate that was created during installation. You can easily identify the correct certificate if a Friendly name was configured during installation. Verify that the certificate you select for the upgrade is the same as the one you are currently using, and click Install .
You can verify this by comparing the certificate thumbprint. The existing thumbprint can be found in the following location C:\Program Files\Specopssoft\Specops Password Reset\Server\Specopssoft.SpecopsPasswordReset.Server.exe.config
Alt text for this image

Upgrade the Specops Password Reset Web

The Specops Password Reset web component presents the end user interface of the product and communicates with the Specops Password Reset server to verify user input.

  1. From the Setup Assistant, select Web .
  2. Click Configure in the prerequisites section to configure the IIS.
  3. Click Select and enter the name of your Reset Server.
  4. Click Select to identify the website where the Specops Password Reset Web will be installed.
    • If there is more than one website running on your IIS you may select which one you wish to use for the Specops Password Reset Web Component.
    • If the Web component is installed on a server in the internal network, and you want to direct your internal password clients to use the web server you are installing, the Update the Service Connect Point information during installation should remain checked.
  5. Click Select to select the certificate you wish to use for the SSL encryption.
  6. Click Install .
The Specops Password Reset Web Setup Wizard will appear. The Wizard will allow you to install the mobile component. Follow the instructions on-screen to complete the installation.

Upgrade the web component in DMZ (if applicable)

  1. Verify you have .Net 3.5 SP1 installed on the DMZ server.
  2. Do not select Update the Service Connection Point information during installation.
    This option will not be visible if the DMZ server is not joined in the domain.
  3. If the certificate is installed on the server you will be able to select/view the certificate in the setup assistance.
If you are unable to select/view the certificate, continue with the setup assistance and select the SSL certificate in IIS manager/Default website/Bindings/https/Edit/.

Upgrade the Administration Tools

The Administration Tools are used to configure the central aspects of the solution and enable the creation of Specops Password Reset Settings in Group Policy Objects.

  1. From the Setup Assistant, select Administration Tools .
  2. Click Install .

Upgrade the Specops Client

The Specops Client presents a link to the Specops Password Reset Web application on the Windows logon screen, and presents end user notifications about enrollment requirements.

You can automatically upgrade an existing Group Policy Object with Software Installation settings to deploy the Client in your domain.

  1. From the Setup Assistant, select Deploy Specops Password Client using GPSI .
  2. Select the Group Policy Object that will be used to deploy the Client, and click Select GPO .
  3. Select an existing GPO from the list.
  4. Click Download… to download the installation files for the Client.
    • In the dialog box, click Download Files .
    • When the dialog box is complete, click OK .
  5. You can create a new share or select an existing share. To select an existing share you must copy the Client Side Extension msi-package into the appropriate share.
    The files can be copied from C:\temp\SpecopsPassword_Setup[VersionNumber]\products\specopspasswordreset
  6. Click Select Share .
  7. Browse to the location of the network share, or enter the location of the share name.
    It is recommended that you use a Distributed File Share (DFS). If DFS is used with load balancing, verify that the setup files are copied to all servers before proceeding.
  8. To upgrade the packages for x86 and x64 deployments in the selected GPO, click Add Settings .

The Client Side Extension MSI will be deployed through a computer software installation and may not take effect until the computers have been restarted.


If you are not deploying using GPSI, you can update the Client Side Extension using other deployment tools.

If you are upgrading to the latest version of the Client from version 6.3 or lower, and have previously made configuration changes using the ADMX/ADML template, such as configured the user object to use a custom mobile attribute, you will need to manually migrate your settings. For more information, see Configuring the Client from the Administrative Template.


Congratulations! You have successfully upgraded all of the components. Please complete the following tasks once you have upgraded to the latest version of Specops Password Reset:

  1. If you are upgrading from version 5.0 or lower, you will need to import your new license key in the Password Reset Configuration tool.
  2. Test the following processes from internal networks:
    • Password enrollment
    • Password reset
    • Password change
    • Using the mobile client (if enabled).
      Testing from external Network can be done if an upgrade configuration has been done on the DMZ server.
  3. Verify that the appropriate elevated accounts can still reach the Reporting and Helpdesk pages (internal only).
  4. Verify that your corporate branding (web customization, company logo) is still in place.
  5. If you are using Specops Password Reset and Specops Password Policy 6.3 with passphrases, users using the mobile application will need to install the latest updates in order to use the passphrase feature.