C ONFIGURING A CCESS TO S ELF SERVICE S ITE

By default, no Managed Domain user can access the Self-Service site. To allow users access the Self-Service site, you must explicitly specify the groups which can use the Self-Service site. You can also explicitly deny specific groups the access to the Self-Service site.

To specify a list of groups which are explicitly allowed to access the Self-Service site

1. On the home page of the Administration site, click the Managed

Domains box.

2. On the Configure Managed Domains page, click the domain you want

to manage.

3. On the Groups tab, click Groups Denied Access to the Password

Manager Self-Service Site.

4. Click Add.

5. In the object selection window, select the groups whose members you

want to never be able to access Self-Service site and click OK.

Members of the groups in this list will be denied access the Self-Service site.

If you add a group in both the Groups Allowed to Access the

Password Manager Self-Service Site and the Groups Denied Access to the Password Manager Self-Service Site lists, the members of the group will be denied access to the self-Service site.

Glossary

A

account

A record that consists of all the information that defines a user to Microsoft® Active Directory. This includes the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the computer and network and accessing their resources.

application log

The log that lists all actions performed by Desktop Authority Password Self- Service.

attribute

A piece of data that stores information that is specific to an object. A set of attributes stores the data that defines an object.

C

credentials

Data used by a principal to establish the identity of the principal, such as a password or user name.

D

display name

The name of an object as it appears in the address book.

domain

A logical collection of resources that consists of computers, printers, computer accounts, user accounts, and other related objects.

domain controller

For a Windows Server domain, the server that authenticates domain logons and maintains the security policy and the security accounts master database for a domain. Domain controllers manage user access to a network, which includes logging on, authentication, and access to the directory and shared resources.

I

invalid Questions and Answers Profile

A Questions and Answers Profile can become invalid as a result of the

following: The domain's Questions and Answers Profile Template changes, the domain's question policies change, or an administrator makes a Questions and Answers profile invalid manually.

Once a Questions and Answers Profile becomes invalid, its owner can use it only once to reset a password or unlock an account. Then they must re-create their Questions and Answers Profile.

L

locked Questions and Answers Profile

A Questions and Answers Profile that temporarily cannot be used. A Questions and Answers Profile can become locked after a number of unsuccessful attempts to answer the questions.

M

mailbox

The delivery location for all incoming mail messages addressed to a designated owner. Information in a user's mailbox is stored in the private information store on a Microsoft® Exchange server computer. A mailbox can contain received messages, message attachments, folders, folder hierarchy, and more. Server applications for Microsoft® Exchange server are often designed with a mailbox for communication.

mandatory question

A question, the same for all users in a domain, that a person must answer in order to authenticate themselves using Desktop Authority Password Self- Service.

managed domain

A domain registered with Desktop Authority Password Self-Service. You can manage multiple domains by using Desktop Authority Password Self-Service.

mixed mode

The default mode setting for domains on Windows 2000/2003/2008 domain controllers. Mixed mode allows Windows 2000/2003/2008 domain controllers and Windows NT backup domain controllers to co-exist in a domain. Mixed mode does not support the universal and nested group enhancements of Windows 2000/2003/2008.

N

native mode

A Windows® 2000/2003/2008 Domain is in native mode when: All domain controllers in the domain have been upgraded to Windows® 2000/2003/2008.

An administrator has enabled the native mode operation using the domain property page in the Active Directory™ Users and Computers snap-in.

O

optional question

A question from the pre-defined list that a person must answer in order to authenticate themselves using Desktop Authority Password Self-Service.

organizational unit

An Active Directory container object used within domains. An organizational unit is a logical container into which users, groups, computers, and other organizational units are placed. It can contain objects only from its parent domain.

Password Self-Service Farm

A set of Password Self-Service instances sharing common configuration to ensure enhanced availability and load balancing. A single domain may be managed by several different Password Self-Service farms.

Password Self-Service Farm Affinity

An association between Secure Password Extension and Password Self-Service. If you enforce an affinity to specific Password Self-Service farm using Group Policy, all the clients running Secure Password Extension and affected by this policy will use only the Password Self-Service instances that belong to the specified farm.

Q

Questions and Answers Profile (Q&A Profile)

A set of questions selected by a user from the Questions and Answers Profile template, and that user's answers to them. A Questions and Answers Profile is used to authenticate a person using Desktop Authority Password Self-Service.

Question list

A set of questions used in creating users' Questions and Answers profiles. The list is defined by the administrator and contains a series of questions in a certain language that users from a specific domain must answer in order to create or update their personal Questions and Answers profiles. A question list defines the number of questions of each type and the wording of mandatory and selectable questions.

S

site

One or more Microsoft® Exchange servers that provide services to a set of users. Sites can be centrally managed and can span physical locations.

special character

A character that is neither alphabetic nor numeric.

U

user-defined question

A question that a person must provide along with the answer in order to authenticate themselves using Desktop Authority Password Self-Service.