Article Rating

  • 0 Rating(s)
  • 0
  • 0
  • 0
  • 0
  • 0

Installing Password Reset Server through Group Policy for Server 2003

Installing Password Reset Server through Group Policy for Server 2003

Group policy allows you to install Password Reset Server on specific computers and groups of computers in your domain. Installing through group policy does not require changes to your firewall.

I. Prerequisites

  1. The Password Reset Server Installer requires that .NET Framework 2.0 or greater be installed on the client machine. Most machines should already have this installed, but some installations of XP will not.
    1. To install .NET Framework 2.0 through Group Policy, you will first need to create an MSI
    2.  Download .NET from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displaylang=en
    3.  Follow steps 1-8 in this KB article http://msdn.microsoft.com/en-us/library/kz6tzdt1%28VS.90%29.aspx
    4. Once you have your .NET MSI, follow the steps below to create your PRS group policy. Whenever you add a PRS MSI package to a group policy object, first add the .NET MSI to ensure that Password Reset Server gets installed correctly.
  2. If you are installing Password Reset Server on XP 64 bit or Server 2003 64 bit machines, you will first need to apply a hotfix.
    1.  Follow the directions here to download the hotfix:http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=942589&kbln=en-us
    2.  Install the hotfix.

II. Download the zip from Password Reset Server

  1. Log in to Password Reset Server
  2. Go to Administration->Windows Login Integration and click Download Installer to download the zip.

NOTE: The URL the client applications will use to reset their passwords is the url used when setting up the program.  This can be modified by going to the CreateConfigurationFiles.aspx page.

III. Set up a Network Share

  1. Extract the contents of the zip file to a Network Share on your Domain Controller.
  2. Give domain users read access to the share.

IV. Create a Group Policy that allows installation of the MSI

  1. Start->Run->mmc
  2. File->Add/Remove Snap-in
  3. Click add
  4. Select Group Policy Object Editor and click Add
  5. Click Browse
  6. Select your domain from the drop down list
  7. Click the “New Group Policy Object” button next to the domain drop down list
  8. Enter a descriptive name for your GPO (such as Password Reset Server Installation) and click “OK”
  9. Click “Finish”, then “Close”, then “OK”
  10. Expand Computer Configuration->Software Settings-> Software installation
  11. Right click on the “Software installation” node and select “New ->Package”
  12. Browse to the MSI on your network share (i.e.  \\ServerMachineName\Shared is a valid network share, while C:\Shared is not) and click “OK”
  13. Select the “Advanced” radio button and click “OK”

   NOTE:  If you wish to have Password Reset Server uninstalled when it falls out of the scope of management, then click on the “Deployment” tab and check the “Uninstall this application when it falls out of the scope of management”

    14.  In the group policy object editor, expand Computer Settings->Administrative Templates->System and click on the Logon node
    15.  Right click on the “Always wait for the network at computer startup and logon”, select “Properties”, click “Enabled”, and click OK

V. Link your Group Policy Object to an OU or specific computers

  1. Optionally, you can install the group policy management console update from http://www.microsoft.com/downloads/en/details.aspx?FamilyID=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en and follow the steps in the Server 2003 Domain Controller section

 Note:  If you want to install PRS for specific computers and not for an entire OU, then the MSI allows for manual installation directly.

  1. Start->Administrative Tools->Active Directory Users and Computers
  2. Right click on an OU and select “Properties”. Make sure this OU contains that computers on which you plan to install Password Reset Server.
  3. Click “Add” and then select the OU you created in section III. This may involve selecting your domain name in the dropdown list.
  4. Click “OK” and then “OK” again

Note: The OU is now linked to the GPO. To immediately force the group policy change and install the software on a client machine, open a command console on the client machine (start->run->cmd), type "gpupdate /force", and restart the client machine. You can also wait for the group policy to go into effect, which usually takes one to two hours.

VI. Verify Configuration

  1. Start->Administrative Tools->Active Directory Users and Computers
  2. Right-click the Organizational Unit for which PRS is now configured and select All Tasks->Resultant Set of Policy
  3. Check the box next to “Skip to the final page of this wizard without collecting additional information” , then click Next and Next again.
  4. Click Finish
  5. In the new “Resultant Set of Policy” window, expand Software Settings under Computer Configuration and select “Software installation”
  6. “Password Reset Server” should be visible under Installed Applications column.



Article ID: 112, Created On: 10/12/2010, Modified: 10/12/2010