You can configure Password Manager to force users in the managed domain to register with Password Manager or to update their Questions and Answers profiles. Password Manager provides the following methods to implement registration notification and enforcement:
• Configure a notification schedule to send e-mail notifications to those users who have not yet registered with Password Manager. To configure a notification schedule, see the procedure outlined later in this section. You can configure the scope of users you want to be notified. • Configure a notification that will be displayed as a dialog box on users’ desktop screens at specified time intervals. The dialog box will notify users who must register with Password Manager or update their Q&A profiles. This notification is customized through Group Policy by properly configuring Secure Password Extension. For more information see “Managing Secure Password Extension Using Administrative Templates” on page 33.
To enable registration enforcement, you must configure notification schedule. The step-by-step instruction on how to configure notification schedule is outlined later in this section.
By default, when you enable registration enforcement, no users in a managed domain will receive registration notifications through notification dialog boxes or e-mail messages. To define a list of users you want to be prompted to register with Password Manager, you must add a corresponding group of users to the Groups Allowed to Receive Registration Notifications list. To configure the list, see the procedure outlined later in this section.
Password Manager provides two registration enforcement options: Apply immediately and Schedule enforcement.
If you select the Apply immediately option, all users in the managed domain who are not registered with Password Manager will be immediately notified through a dialog box displayed on their desktop screens. Use this option with caution when the number of users managed by Password Manager is large. Immediate enforcement of a large number of users may drastically decrease the performance of your production environment. Note, that you must select the Notify users using notification dialog box
check box to have users notified through a dialog box displayed on their desktop screens. You can cancel immediate user notification at any time. To cancel the immediate notification, clear the Enforce creation and update of users’ Questions and Answers profiles check box or select the Schedule enforcement option.
If you select the Schedule enforcement option, users will be required to register with Password Manager within the number of days that you specify. You can choose whether to notify users by e-mail or dialog box, or both. You can also specify the number of users you want to be scheduled to be notified a day. Use this option to reduce server load and enhance performance. Note, that scheduled notification starts only after the Quest Password Manager task has run. For more information on the scheduled tasks
You can also specify whether users who have not registered with Password Manager, or have invalid Questions and Answers profiles, must create or update their Q&A profiles before they can log on to the network. If you enable this policy, users will be denied logging on to their computers after the deadline until they create or update their Q&A profiles as required. This type of registration enforcement can be configured only for pre-Windows Vista operating systems, and is enabled through Group Policy by properly configuring Secure Password Extension.
in Password Manager, see “The Scheduled Tasks in Password Manager” on page 77. Once the task has set deadline for creating users’ Questions and Answers profiles, you cannot remove the deadline, but you can change it by configuring the Once forced to create Questions and Answers profiles, users must create their profiles within<%> daysoption.
To enforce users to update their Questions and Answers profiles, configure the notification schedule using the options described in the Force users to update their Questions and Answers profiles
section of the table below.
To configure notification schedule
Specify an outgoing mail server (SMTP). For more information, see “Configuring Outgoing Mail Servers Settings” on page 22.
1. On the home page of the Administration site, click the Managed Domains box. 2. On the Configure Managed Domains page, click the domain you want to manage. 3. On the User Enforcement tab, specify the following options, and then click Save.
OPTION DESCRIPTION
Enforce creation and update of users’ Questions and Answers profiles
Select this check box to configure user enforcement options.
Notify users using notification dialog box If you select this check box, users who must create or update their Questions and Answers profiles will be notified through a dialog box displayed on their desktop screens.
Force users to create their Questions and Answers profiles
Apply immediately Forces all users to immediately create their Questions and Answers profiles.
Schedule enforcement Requires users to create their Questions and Answers profiles within specific number of days after they are scheduled to register.
Once forced to create Questions and Answers profiles, users must create their profiles within <%> days
Specify the deadline within which users must create their Questions and Answers profiles with Password Manager after the first registration notification.
Start notifying users by notification dialog box
and e-mail <%> days before registration term Select this check box to remind those users who already received the first registration notification but have not created their Questions and Answers profiles of the necessity to complete the
registration procedure. Such users will receive a notification every day during the specified number of days before the registration term.
Notify users by e-mail Select this option, if you want to have users notified using e-mail.
By clicking the Specify notification language(s) linkyou can specify the language to be used for sending notifications.
Schedule to force to create their Questions and
Answers profiles the following number of users: Set the daily number of new users who will be notified to create their Questions and Answers profiles.
To specify an explicit list of groups to receive registration notifications
1. On the home page of the Administration site, click the Managed Domains box. 2. On the Configure Managed Domains page, click the domain you want to manage. 3. On the Groups tab, click Groups Allowed to Receive Registration Notifications. 4. Click Add.
5. In the object selection window, select the groups whose members you want to receive registration notifications and click Save.
Only members of the groups in this list will be prompted to register.
To exclude a group from registration notification recipients
1. On the home page of the Administration site, click the Managed Domains box. 2. On the Configure Managed Domains page, click the domain you want to manage. 3. On the Groups tab, click Groups Denied Receiving Registration Notifications. 4. Click Add.
5. In the object selection window, select the groups whose members you want to never receive registration notifications and click Save.
Members of the groups in this list will never be prompted to register with Password Manager. If you add a group in both the Groups Allowed to Receive Registration Notifications and
Groups Denied Receiving Registration Notifications lists, the members of this group will never be prompted to register with Password Manager.
You can configure which groups will receive password expiration notifications and which will not.
To specify an explicit list of groups to receive password expiration notifications
1. On the home page of the Administration site, click the Managed Domains box.
Force users to update their Questions and Answers profiles Once forced to update Questions and Answers
profiles, users must update their profiles within <%> days
Specify the deadline within which users must update their Questions and Answers profiles with Password Manager after the first notification. Start notifying users by notification dialog box
and e-mail <%> days before update term Select this check box to remind those users who already received the first notification but have not updated their Questions and Answers profiles of the necessity update profiles. Such users will receive a notification every day during the specified number of days before the update term. Notify users by e-mail Select this option, if you want to have users
notified using e-mail.
By clicking the Specify notification language(s) linkyou can specify the language to be used for sending notifications.
Schedule to force to update their Questions and
Answers profiles the following number of users: Set the daily number of new users who will be notified to update their Questions and Answers profiles.
To specify criteria that define when users must update their Questions and Answers profiles, you can configure profile update policies. For more information, see the "Configuring Profile Update Policy" section.
2. On the Configure Managed Domains page, click the domain you want to manage. 3. On the Groups tab, click Groups Allowed to Receive Password Expiration
Notifications. 4. Click Add.
5. In the object selection window, select the groups whose members you want to receive password expiration notifications and click Save.
Only members of the groups in this list will receive password expiration notifications.
To exclude a group from password expiration notification recipients
1. On the home page of the Administration site, click the Managed Domains box. 2. On the Configure Managed Domains page, click the domain you want to manage. 3. On the Groups tab, click Groups Denied Receiving Password Expiration Notification. 4. Click Add.
5. In the object selection window, select the groups whose members you want to never receive password expiration registration notifications and click Save.
Members of the groups in this list will never receive password expiration notifications. If you add a group in both the Groups Allowed to Receive Password Expiration Notifications and the Groups Denied Receiving Password Expiration Notification
groups, the members of this group will never receive password expiration notifications.