Installing Password Reset Server through Group Policy for Server 2008

Installing Password Reset Server through Group Policy for Server 2008

Group policy allows you to install Password Reset Server on specific computers and groups of computers in your domain. Installing through group policy does not require changes to your firewall.

I. Prerequisites

  1. The Password Reset Server Installer requires that .NET Framework 2.0 or greater be installed on the client machine. Most machines should already have this installed, but some installations of XP will not.
    1. To install .NET Framework 2.0 through Group Policy, you will first need to create an MSI
    2.  Download .NET from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en
    3.  Follow steps 1-8 in this KB article http://msdn.microsoft.com/en-us/library/kz6tzdt1%28VS.90%29.aspx
    4. Once you have your .NET MSI, follow the steps below to create your PRS group policy. Whenever you add a PRS MSI package to a group policy object, first add the .NET MSI to ensure that Password Reset Server gets installed correctly.
  2. If you are installing Password Reset Server on XP 64 bit or Server 2003 64 bit machines, you will first need to apply a hotfix.
    1.  Follow the directions here to download the hotfix:http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=942589&kbln=en-us
    2.  Install the hotfix.

II. Download the zip from Password Reset Server

  1. Log in to Password Reset Server
  2. Go to Administration->Windows Login Integration and click Download Installer to download the zip.

   NOTE: The URL the client applications will use to reset their passwords is the url used when setting up the program.  This can be modified by going to the CreateConfigurationFiles.aspx page.

III. Set up a Network Share

  1. Extract the contents of the zip file to a Network Share on your Domain Controller.
  2. Give domain users read access to the share.

IV. Create a Group Policy that allows installation of the MSI

  1. Open up the group policy management console (Start->Administrative Tools->Group Policy Management)
  2. Expand the Forest and Domain nodes until you locate the domain on which you are installing PRS
  3. Right click on Group Policy Objects and click “New”
  4. Enter a descriptive name for your GPO (such as Password Reset Server Installation) and click “OK”
  5. Right click on the newly created GPO node and click “Edit”
  6. Select Computer Configuration -> Policies -> Software Settings -> Software Installation
  7. Right click on the “Software Installation” node and select “New->Package”
  8. Browse to the MSI on your network share (i.e.  \\ServerMachineName\Shared is a valid network share, while C:\Shared is not) and click “Open”
  9. Select the “Advanced” radio button and click “OK”

NOTE:  If you wish to have Password Reset Server uninstalled when it falls out of the scope of management, then click on the “Deployment” tab and check the “Uninstall this application when it falls out of the scope of management”

  1. Click “OK”
  2. In the group policy object editor, expand Computer Configuration->Administrative Templates->System and click on the Logon node
  3. Right click on the “Always wait for the network at computer startup and logon”, select “Properties”, click “Enabled”, and click OK

V. Link your Group Policy Object to an OU

    Note:  If you want to install PRS for specific computers and not for an entire OU, then the MSI allows for manual installation directly.

  1. Open up the group policy management console (Start->Administrative Tools->Group Policy Management)
  2. Expand the Forest and Domain nodes until you locate the domain on which you are installing PRS
  3. To link the GPO to an entire OU:
    • Right-click the Organizational Unit for which you want PRS to be installed and select “Link an Existing GPO”
    • Select the GPO you created in step IV above.
    • Click “OK”
  1. Note: The OU is now linked to the GPO. To immediately force the group policy change and install the software on a client machine, open a command console on the client machine (start->run->cmd), type "gpupdate /force", and restart the client machine. You can also wait for the group policy to go into effect, which usually takes one to two hours.

VI. Verify Configuration

  1. Start->Administrative Tools->Active Directory Users and Computers
  2. Right-click the Organizational Unit for which PRS is now configured and select All Tasks->Resultant Set of Policy
  3. Check the box next to “Skip to the final page of this wizard without collecting additional information” , then click Next and Next again.
  4. Click Finish
  5. In the new “Resultant Set of Policy” window, expand Software Settings under Computer Configuration and select “Software installation”
  6. “Password Reset Server” should be visible under Installed Applications column.

 

Article ID: 111, Created On: 10/11/2010, Modified: 4/25/2013

Feedback (0)