diff --git a/CLAUDE.md b/CLAUDE.md index 9909d7b12f..a1aae4b37d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -58,7 +58,7 @@ The build requires 16GB heap (`NODE_OPTIONS=--max-old-space-size=16384`, set aut ### Static assets -Images go in `static/img/product_docs//` as `.webp` files. Reference with absolute paths: `/img/product_docs//image.webp`. +Images go in `static/images//` as `.webp` files, organized by version and section (e.g., `static/images/passwordreset/3.3/administration/`). Reference with absolute paths: `/images///.webp`. Some products share images across product boundaries (e.g., passwordreset images under `passwordpolicyenforcer/`). ## Branch Workflow diff --git a/docs/CLAUDE.md b/docs/CLAUDE.md index 5a0ac49a4d..c05c79e2c7 100644 --- a/docs/CLAUDE.md +++ b/docs/CLAUDE.md @@ -20,11 +20,13 @@ Write for the person who knows their job but may be new to this specific product - `docs///` — Versioned product documentation (e.g., `docs/accessanalyzer/12.0/`) - `docs//` — Single-version (SaaS) products using `version: "current"` - `docs/kb/` — Knowledge base articles (canonical source; never manually copy into versioned folders) -- `static/img/product_docs//` — Images (`.webp` format, absolute paths: `/img/product_docs/...`) +- `static/images//` — Images (`.webp` format, organized by version/section, absolute paths: `/images/...`) - `sidebars//.js` — Sidebar configs (auto-generated; rarely need manual editing) Edits to one version do not propagate to others. Update each version that needs the change explicitly. +KB articles store images as PNG files in `0-images/` subdirectories alongside the article markdown. These are copied by the KB script — don't move or rename them. + ## Writing Standards The full style guide is in `netwrix_style_guide.md` at the project root. Read it when: diff --git a/docs/passwordreset/3.23/administration/administration_overview.md b/docs/passwordreset/3.23/administration/administration_overview.md index 269967d454..8335822018 100644 --- a/docs/passwordreset/3.23/administration/administration_overview.md +++ b/docs/passwordreset/3.23/administration/administration_overview.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Administration Netwrix Password Reset is a self-service password management system that helps you to reduce the -number of password related help desk calls. Password Reset allows users to securely change their +number of password related help desk calls. With Password Reset, users can securely change their password and unlock their account, even if they have forgotten their password. This section details the different benefits of using Password Reset. diff --git a/docs/passwordreset/3.23/administration/configuring_password_reset.md b/docs/passwordreset/3.23/administration/configuring_password_reset.md index c9712e9187..f4c7fd1f50 100644 --- a/docs/passwordreset/3.23/administration/configuring_password_reset.md +++ b/docs/passwordreset/3.23/administration/configuring_password_reset.md @@ -34,7 +34,7 @@ Follow the steps below to add a domain to the list. **Step 3 –** Click **OK**, and then click **Apply**. :::note -The most frequently used domain should be first in the list as it will be the default. You +The most frequently used domain should be first in the list, as it is the default. You can rearrange the domains by dragging them to another position. You can also click Sort to sort them alphabetically. ::: @@ -82,7 +82,7 @@ topic for additional information. You can also move the database from SQL Server Compact to SQL Server. See the [Moving to SQL Server](/docs/passwordreset/3.23/administration/working_with_the_database.md#moving-to-sql-server) -topic for more information. +topic for steps and configuration requirements. ### Netwrix Password Policy Enforcer @@ -93,8 +93,8 @@ compliant password. ![configuring_apr_1](/images/passwordreset/3.23/administration/change.webp) Password Reset displays the Password Policy Enforcer policy message when users are prompted for -their new password, and the Password Policy Enforcer rejection message if the new password does not -comply with the password policy. Select the **Password Policy Enforcer integration** check box if +their new password, and the Password Policy Enforcer rejection message if the new password doesn't +comply with the password policy. Select the **Password Policy Enforcer integration** checkbox if you have installed and configured Password Policy Enforcer on your domain controllers. Password Reset locates and queries a domain controller in the user's domain when Password Policy @@ -105,15 +105,15 @@ address of a Password Policy Server. The `PPEIPAddress` value is in Users are more likely to see the Password Policy Enforcer Generic Rejection message rather than the more detailed Rejection message when this registry value is set. Users may also have the wrong -policy, or no policy enforced if the queried server is not a domain controller in the user's +policy, or no policy enforced if the queried server isn't a domain controller in the user's domain. -Queries to the Password Policy Server are sent to UDP port 1333 by default. You may need to create -firewall rules to open this port. +Queries to the Password Policy Server are sent to UDP port 1333 by default. Create +firewall rules to open this port if required. :::note -Password Policy Enforcer is not included with Password Reset. Go to -[www.netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html) to -learn more about Password Policy Enforcer. +Password Policy Enforcer isn't included with Password Reset. Go to +[www.netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html) for +product details and licensing information. ::: @@ -132,7 +132,7 @@ Add a question Follow the steps below to add a question to the list. -**Step 1 –** Select a language from the drop-down list above the Question List. +**Step 1 –** Select a language from the dropdown list above the Question List. **Step 2 –** Click **Add...** @@ -144,7 +144,7 @@ Remove a question Follow the steps below to remove a question from the list. -**Step 1 –** Select a language from the drop-down list above the Question List. +**Step 1 –** Select a language from the dropdown list above the Question List. **Step 2 –** Select the question in the Question List. @@ -156,7 +156,7 @@ Follow the steps below to remove a question from the list. You can rearrange questions by dragging them. You can also replace question lists with text boxes so users can enter their own questions. See the [Editing the HTML Templates](/docs/passwordreset/3.23/administration/editing_the_html_templates.md) -document for more information +document for template customization steps. ::: @@ -164,15 +164,15 @@ document for more information Password Reset can send e-mail alerts to users when a request is submitted for their account. These alerts can be sent to the user's Active Directory e-mail address and/or to an e-mail address in -Password Reset's database. Select the **Users must enter an e-mail address to enroll** check box if +Password Reset's database. Select the **Users must enter an e-mail address to enroll** checkbox if users should enter an e-mail address during enrollment. The number of questions that users must answer to enroll is configurable, and is set to three by -default. Select the desired number of questions from the **Users must answer...** drop-down list. +default. Select the desired number of questions from the **Users must answer...** dropdown list. You can also set a minimum length for each answer. Only alphanumeric characters are counted because Password Reset only checks alphanumeric characters. Select the minimum number of alphanumeric -characters in each answer from the **Answers must contain at least...** drop-down list. +characters in each answer from the **Answers must contain at least...** dropdown list. ## E-mail Tab @@ -187,7 +187,7 @@ Password Reset can send e-mail alerts directly to an SMTP server, or save them t Select the **Send e-mail to an SMTP server** option if Password Reset should send e-mails directly to an SMTP server. Type the name or IP address of an SMTP server in the **Server** text box, and the SMTP port number in the **Port** text box. -Select the **Save e-mail to a pickup folder** option if APR should save e-mails to a folder for +Select the **Save e-mail to a pickup folder** option if Password Reset should save e-mails to a folder for delivery by a mail server. Click **Browse...** to select a folder. The mail server must monitor this folder for new e-mail. @@ -206,7 +206,7 @@ Click the name of an enabled trigger to edit the trigger's e-mail template. ![configuring_apr_4](/images/passwordreset/3.23/administration/configuring_apr_4.webp) -Type the name and e-mail address you wish to appear in the e-mail's From field in the **From** text +Type the name and e-mail address you want to appear in the e-mail's From field in the **From** text box. The correct format is `"Display Name" ` Type the recipient's e-mail address in the **To** text box. The correct format is `"Display Name" `. Separate multiple recipients with a semicolon. You can also @@ -220,7 +220,7 @@ use these macros. | [APR_OR_AD_EMAIL] | The e-mail address in APR, or the e-mail address in AD if the Password Reset address is blank | :::note -Use [APR_OR_AD_EMAIL] with caution as Password Reset does not check the validity of e-mail +Use [APR_OR_AD_EMAIL] with caution as Password Reset doesn't check the validity of e-mail addresses. If the e-mail address in Password Reset's database is no longer valid, then the alert is only sent to the invalid address. ::: @@ -242,14 +242,14 @@ also use these macros. Password Reset stores the user's preferred language every time they successfully complete an Enroll, Reset, Unlock, or Change. E-mail alerts are sent in the user's preferred language, or in the current -Web Interface language if the user's preferred language is not known. If an e-mail template is not +Web Interface language if the user's preferred language isn't known. If an e-mail template isn't defined for the user's preferred language, then the alert is sent in English. -Use the drop-down list at the bottom of the E-mail template editor to switch between template +Use the dropdown list at the bottom of the E-mail template editor to switch between template languages. Changes are preserved as you switch between languages. The **From**, **To**, and **Bcc** are the same for all languages. -A warning icon is shown beside the language drop-down list if an e-mail template is not defined for -every language. You should define an e-mail template for every language to ensure that users can +A warning icon is shown beside the language dropdown list if an e-mail template isn't defined for +every language. Define an e-mail template for every language to ensure that users can understand their e-mail alerts. ![configuring_apr_5](/images/passwordpolicyenforcer/10.2/password_reset/administration/configuring_npr_5.webp) @@ -276,45 +276,45 @@ verification code to continue. #### Verification Codes -Select the **Send verification codes for resets and unlocks** check box to enable verification +Select the **Send verification codes for resets and unlocks** checkbox to enable verification codes. Select the **Users can reset and unlock with only a verification code if they have not enrolled** -check box to enable automatic enrollment. Automatic enrollment allows users to reset their password +checkbox to enable automatic enrollment. Automatic enrollment lets users reset their password and unlock their account even if they have not previously enrolled. Password Reset enrolls the users when they request a reset or unlock, and sends them a verification code for authentication. Users that are automatically enrolled can also manually enroll with questions later. Users that are only -automatically enrolled cannot continue to reset their password and unlock their account if this +automatically enrolled can't continue to reset their password and unlock their account if this option is subsequently disabled. Automatic enrollment should only be used with secure devices connected to a secure network, otherwise a stolen or lost device could be used to reset a user's password. Automatically enrolled users: -- Do not have an Password Reset e-mail address, so verification codes are only sent to the user's +- Don't have a Password Reset e-mail address, so verification codes are only sent to the user's Active Directory e-mail address and/or phone number. -- Must be authenticated with a verification code, so their reset or unlock request will be denied - even if the Users can reset and unlock without a verification code if a code cannot be sent check - box is selected. +- Must be authenticated with a verification code, so their reset or unlock request is denied + even if the Users can reset and unlock without a verification code if a code can't be sent checkbox + is selected. - Need to manually enroll if the sending of verification codes, or automatic enrollments are disabled after they are automatically enrolled. - Can manually enroll at any time. Authenticating users with questions and verification codes is more secure than using only verification codes. -- Are not sent the After Enroll e-mail alert. +- Aren't sent the After Enroll e-mail alert. -Select the **Users can reset and unlock without a verification code if a code cannot be sent** check -box if users should be allowed to continue when a verification code cannot be sent. Verification +Select the **Users can reset and unlock without a verification code if a code can't be sent** checkbox +if users should be allowed to continue when a verification code can't be sent. Verification codes can only be sent to users that have a mobile phone number or e-mail address in Active Directory, or an e-mail address in Password Reset's database. Even if this information is present, -an error could stop the verification code from being sent. If this check box is not selected, then -users will need to contact the help desk if a verification code cannot be sent. +an error could stop the verification code from being sent. If this checkbox isn't selected, +users must contact the help desk if a verification code can't be sent. -Select the **Lockout users if they enter too many incorrect verification codes** check box if the +Select the **Lockout users if they enter too many incorrect verification codes** checkbox if the incorrect answer count should be incremented when users submit an incorrect verification code. A user's Password Reset record can be locked out if they enter too many incorrect answers or verification codes. The lockout threshold is set on the **Security** tab. -Select the **Show incomplete e-mail addresses and phone numbers to users** check box if APR should +Select the **Show incomplete e-mail addresses and phone numbers to users** checkbox if Password Reset should hide parts of the e-mail address and phone number when requesting a verification code. This is especially important if automatic enrollment is enabled, as it stops an attacker from discovering information about the user. @@ -322,24 +322,24 @@ information about the user. ![configuring_apr](/images/passwordreset/3.23/administration/configuring_apr.webp) Verification codes are of a specified length, and may contain both alpha and numeric characters. -Select the desired options from the **Create verification codes with...** drop-down lists. Longer, +Select the desired options from the **Create verification codes with...** dropdown lists. Longer, more complex (alphanumeric) verification codes are harder to guess, but also harder to enter. -Verification codes do not need to be very long or complex if the verification code lockout and +Verification codes don't need to be very long or complex if the verification code lockout and expiry features are enabled. -Select a value from the **Expire verification codes after...** drop-down list to limit how long -users have to enter their verification code. Set it to 0 minutes if the verification code should not +Select a value from the **Expire verification codes after...** dropdown list to limit how long +users have to enter their verification code. Set it to 0 minutes if the verification code shouldn't expire. A new verification code is sent for every reset and unlock. This setting limits how long a -user has to enter their verification code, it does not allow old verification codes to be reused. +user has to enter their verification code, it doesn't allow old verification codes to be reused. ### E-mail -Select the **Send verification codes by e-mail** check box to send verification codes to users via +Select the **Send verification codes by e-mail** checkbox to send verification codes to users via e-mail. You must configure the E-mail delivery options in the **E-mail** tab to send verification codes by e-mail. See the [E-mail Tab](#e-mail-tab) topic for additional information. Verification codes can be sent to the Active Directory e-mail address and/or the Password Reset -e-mail address. Select the desired option from the **Send to** drop-down list. +e-mail address. Select the desired option from the **Send to** dropdown list. Click **Edit...** to edit the e-mail template for verification codes. The [CODE] macro is replaced with the verification code, so include the [CODE] macro in the e-mail subject or body. @@ -350,7 +350,7 @@ the attribute, and then click **OK**. #### SMS -Select the **Send verification codes by SMS** check box to send verification codes to users via SMS. +Select the **Send verification codes by SMS** checkbox to send verification codes to users via SMS. Any SMS provider with a Windows command-line interface (CLI) can be used. Click **Browse...** to select the executable that sends the SMS. The executable is supplied by your @@ -394,13 +394,13 @@ lockout threshold. Users should remain at their computer while resetting their password or unlocking their account. Their account could be compromised if they leave their computer after answering the first question. APR protects user accounts by expiring sessions if users take too long to respond. Select the -inactivity timeout from the **Expire idle sessions after...** drop-down list. Set it to 0 seconds to +inactivity timeout from the **Expire idle sessions after...** dropdown list. Set it to 0 seconds to disable the inactivity timeout. ### Reset Policies -Select the **Enforce the AD password history and minimum age policies for resets** check box to -enforce these Active Directory password policies during a reset. Older Windows versions cannot +Select the **Enforce the AD password history and minimum age policies for resets** checkbox to +enforce these Active Directory password policies during a reset. Older Windows versions can't enforce these policies for password resets. This capability was added as a hotfix for Windows 2008 and 2008 R2. See the [KB2386717](http://support.microsoft.com/kb/2386717) Microsoft knowledge base article for additional information. The hotfix is included with SP1 for Windows 2008 R2, and is a @@ -408,20 +408,20 @@ standard feature on later Windows versions. Users are more likely to forget a password shortly after changing it. Enforcing a minimum age for password resets may increase the number of help desk calls because users won't be able to reset -recently changed passwords. One solution is to clear the check box above, and select the **Require -users to change their password after a reset** check box instead. The Active Directory password -history policy won't be enforced for the password reset, but it will be enforced for the password -change when the user logs on. This stops users from reusing a recent password, but it won't stop +recently changed passwords. One solution is to clear the checkbox above, and select the **Require +users to change their password after a reset** checkbox instead. The Active Directory password +history policy won't be enforced for the password reset, but it is enforced for the password +change when the user logs on. This stops users from reusing a recent password, but it doesn't stop them from resetting a recently changed password. -Users whose passwords are set to never expire in Active Directory will not be forced to change their -password during logon, even if this check box is selected. +Users whose passwords are set to never expire in Active Directory aren't forced to change their +password during logon, even if this checkbox is selected. :::note Password Policy Enforcer's History rule is enforced for password resets if the **Enforce -policy when password is reset** check box is selected in the PPS properties page, and if the -**Enforce this rule when a password is reset** check box is selected in the History rule's -properties page. Netwrix Password Policy Enforcer does not enforce the Minimum Age rule for password +policy when password is reset** checkbox is selected in the PPS properties page, and if the +**Enforce this rule when a password is reset** checkbox is selected in the History rule's +properties page. Netwrix Password Policy Enforcer doesn't enforce the Minimum Age rule for password resets. See the [Netwrix Password Policy Enforcer](#netwrix-password-policy-enforcer) topic for additional information. ::: @@ -429,23 +429,23 @@ additional information. Users may try to evade the password history policy by resetting their password several times in quick succession to push a password off the password history list. Select a value from the -**Passwords can only be reset if they are at least...** drop-down list to stop users from doing +**Passwords can only be reset if they are at least...** dropdown list to stop users from doing this. Set it to 0 days to disable this feature. If the Active Directory minimum password age policy is also enforced for password resets, then the effective minimum age is the greater of the AD and APR minimum ages. ### Lockout -Password Reset's lockout should not be confused with the Windows lockout policy. A Windows lockout -stops users from logging on, whereas an Password Reset lockout stops users from resetting their +Password Reset's lockout shouldn't be confused with the Windows lockout policy. A Windows lockout +stops users from logging on, whereas a Password Reset lockout stops users from resetting their password and unlocking their account. Windows locks out users when they enter too many incorrect passwords. Password Reset locks out users when they enter too many incorrect answers or verification codes. -Select a value from the **Lockout user after...** drop-down list to specify how many incorrect +Select a value from the **Lockout user after...** dropdown list to specify how many incorrect answers Password Reset accepts before locking out a user. Set it to 0 incorrect answers to disable the lockout feature. Incorrect verification codes are counted as incorrect answers if the **Lockout -users if they enter too many incorrect verification codes** check box is selected on the +users if they enter too many incorrect verification codes** checkbox is selected on the **Verification** tab. :::note @@ -463,16 +463,14 @@ Use the **Permissions** tab to control which users can use Password Reset. ### Enroll -Select the **Allow all users to enroll** option if all users are permitted to enroll. Only enrolled +Select the **Allow all users to enroll** option to allow all users to enroll. Only enrolled users can reset passwords and unlock accounts. -Select the **Allow only members of these groups to enroll** option if users are permitted to enroll -only if they belong to a specified group. Click **Add...** to choose which groups are permitted to +Select the **Allow only members of these groups to enroll** option to allow only users who belong to a specified group to enroll. Click **Add...** to choose which groups can enroll. -Select the **Allow all users except members of these groups to enroll** option if users are -permitted to enroll unless they belong to a specified group. Click **Add...** to choose which groups -are not permitted to enroll. +Select the **Allow all users except members of these groups to enroll** option to allow all users to enroll except those who belong to a specified group. Click **Add...** to choose which groups +can't enroll. To remove a group from the list, select it and then click **Remove**. Enrolled users can continue to reset their passwords and unlock their accounts even if they are no longer allowed to enroll. @@ -492,7 +490,7 @@ To install a new license key, copy the entire license e-mail to the clipboard, a license from clipboard. :::note -Password Reset includes a 30-day evaluation license for up to 50 users. Please contact +Password Reset includes a 30-day evaluation license for up to 50 users. Contact Netwrix support[ ](mailto:support@anixis.com)if you would like to evaluate Password Reset with more than 50 users. diff --git a/docs/passwordreset/3.23/administration/editing_the_html_templates.md b/docs/passwordreset/3.23/administration/editing_the_html_templates.md index e1b3ca3bab..02d513a699 100644 --- a/docs/passwordreset/3.23/administration/editing_the_html_templates.md +++ b/docs/passwordreset/3.23/administration/editing_the_html_templates.md @@ -6,16 +6,16 @@ sidebar_position: 80 # Editing the HTML Templates -Password Reset's user interface is built with customizable templates. You can easily modify the user +Password Reset's user interface is built with customizable templates. You can modify the user interface by editing the templates. The templates are written in HTML5 and formatted with CSS3, so they work with all modern web browsers. Older browsers such as Internet Explorer 8 may work, but the -pages may be badly formatted. Please contact Netwrix support if you need to use Password Reset with +pages may be badly formatted. Contact Netwrix support if you need to use Password Reset with older web browsers. ## User Interface Files Password Reset installs seven `.htm` files for every language. Each filename starts with a language -code. The files for the US English language are: +code. The files for the English (United States) language are: | Filename | Content | | ----------------- | ------------------------------------ | @@ -33,7 +33,7 @@ files are installed into the `\Inetpub\wwwroot\pwreset\` folder by default. :::note Always backup the user interface files before and after editing them. Your changes may be overwritten when Password Reset is upgraded, and some changes could stop Password Reset from working -correctly. Having a backup allows you to quickly revert to a working setup. +correctly. With a backup, you can quickly revert to a working setup. Web browsers display pages differently, so test your changes with several versions of the most popular browsers to ensure compatibility. ::: @@ -46,7 +46,7 @@ are used to prepare the pages. Some of these comments define ranges. A range loo Some text or HTML -The Web Interface deletes ranges (and the text inside them) when they are not needed. Some ranges +The Web Interface deletes ranges (and the text inside them) when they aren't needed. Some ranges span only one word, while others span several lines. The other type of comment tag is called a field. @@ -67,7 +67,7 @@ your domain name in the Domain box. --> Resource strings are mostly validation error messages, but they can contain any text Password Reset -may need to build the page. Do not modify the identifiers on the left, only edit the text on the +may need to build the page. Don't modify the identifiers on the left, only edit the text on the right. Resource strings are always inside a range called RESOURCE_STRINGS. Password Reset deletes this range before sending the page to the user's web browser. See the [Error Messages](/docs/passwordreset/3.23/administration/using_password_reset.md#error-messages) topic @@ -83,7 +83,7 @@ on larger screens. :::warning You may rebrand the Password Reset user interface, but it is a violation of the License -Agreement to modify, remove or obscure any copyright notice. +Agreement to modify, remove, or obscure any copyright notice. ::: @@ -94,7 +94,7 @@ understanding of Password Reset's templates. You don't need to be an expert in H examples, but a basic understanding of HTML will help. Work through them carefully, and backup files before you edit them. The examples in this section are -from the US English files, but the format is the same for all languages. +from the English (United States) files, but the format is the same for all languages. ### Replace the Netwrix Logo @@ -102,7 +102,7 @@ The Netwrix logo is shown at the top of the page. The logo is installed into the `\Inetpub\wwwroot\pwreset\images\` folder by default, and it is called logo.svg. You can replace this file with one containing your organization's logo. -You will also need to edit the HTML files if your logo is not in SVG format, or if it has a +You also need to edit the HTML files if your logo isn't in SVG format, or if it has a different aspect ratio to the Netwrix logo. Open every HTML file in a text editor such as Notepad, and search for the line shown below. Change the filename (logo.svg), height (70 pixels) and width (116 pixels) to suit your logo. @@ -121,10 +121,10 @@ and search for the line shown below. Change the filename (logo.svg), height (70 ### Edit Page Instructions Instructions appear at the top of each page. You can edit the instructions by opening the relevant -.htm file and searching for the text you wish to modify. +.htm file and searching for the text you want to modify. Instructions are often inside a range called SECTION_A, SECTION_B, SECTION_C, or SECTION_D. Each -section contains instructions for the different pages in the template. Make sure you edit the +section contains instructions for the different pages in the template. Ensure you edit the instructions in the correct section, or they may be displayed on the wrong page. The text_long and text_short classes are used in page instructions to tailor content to the screen size. @@ -154,7 +154,7 @@ files to change all instances of a message. See the [Resource Strings](#resource more information. You may see placeholders like %1 and %2 in some error messages. These are replaced with more -information about the error. You should keep these, but you can delete them if you do not want them. +information about the error. You should keep these, but you can delete them if you don't want them. | String | Message | | --------------------------- | ----------------------------------------------- | @@ -171,7 +171,7 @@ more information. ![using_apr_11](/images/passwordreset/3.23/administration/using_apr_11.webp) You may see placeholders like %1 and %2 in some error messages. These are replaced with more -information about the error. You should keep these, but you can delete them if you do not want them. +information about the error. You should keep these, but you can delete them if you don't want them. | String | Message | | --------------------- | ----------------------------------------------------- | @@ -191,14 +191,14 @@ If you want to display some text for all error messages, then insert your text a Finished messages are shown after users successfully complete an enroll, reset, unlock, or change. These messages are defined in the Resource Strings section near the end of `en_finished.htm`. See -the [Resource Strings](#resource-strings) topic for more information. +the [Resource Strings](#resource-strings) topic for the format and editing instructions. ![using_apr_7](/images/passwordreset/3.23/administration/using_apr_7.webp) `en_finished.htm` has two resource strings for password changes (RES_FINISHED_CHANGE and RES_FINISHED_CHANGE_INVITE). The first is shown when a user who has enrolled into APR changes their password. The second is shown when a user who has not enrolled changes their password. The second -message invites the user to enroll so they can also use the reset and unlock features in future. +message invites the user to enroll so they can also use the reset and unlock features in the future. ### Replace Enroll Question Lists with Text Boxes @@ -217,7 +217,7 @@ The lines you need to edit in en_enroll.htm look like this: ``` There are ten of these lines in en_enroll.htm, each with their own question number (the number after -the q). You do not have to edit all ten lines. If users will be allowed to enter two questions, then +the q). You don't have to edit all ten lines. If users will be allowed to enter two questions, then only edit the q1 and q2 lines. Replace these lines with a line like this: ```html @@ -225,7 +225,7 @@ only edit the q1 and q2 lines. Replace these lines with a line like this: ``` Change the three question numbers on each line so they match the original numbers, otherwise -Password Reset will not work correctly. You should also edit the validation error messages in +Password Reset doesn't work correctly. Also edit the validation error messages in `en_enroll.htm` as some of them make reference to selecting questions from a list. :::note @@ -256,7 +256,7 @@ browser's cache to see the changes. ### Change Icon Colors The Web Interface icons are in Scalable Vector Graphics (SVG) format. Vector graphics maintain their -sharpness when resized. You can easily change the colors of the icons with a text editor. Open the +sharpness when resized. You can change the colors of the icons with a text editor. Open the SVG file with a text editor like Notepad, and edit this section of the file: fill="#FF7F00" @@ -266,8 +266,8 @@ this one to generate the color code: [https://www.w3schools.com/colors/colors_picker.asp](https://www.w3schools.com/colors/colors_picker.asp) :::note -Some old web browsers with basic HTML5 support cannot display SVG images. Password Reset -works with these browsers, but the SVG images are not shown. You can convert the icons to GIF or PNG +Some old web browsers with basic HTML5 support can't display SVG images. Password Reset +works with these browsers, but the SVG images aren't shown. You can convert the icons to GIF or PNG format if you want them shown on these older browsers. ::: diff --git a/docs/passwordreset/3.23/administration/installation.md b/docs/passwordreset/3.23/administration/installation.md index 41a8c8e6a2..16f3a73fd7 100644 --- a/docs/passwordreset/3.23/administration/installation.md +++ b/docs/passwordreset/3.23/administration/installation.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Installation Netwrix Password Reset V3.23 is designed to run on Windows 2008 to 2019. Users access Password Reset -from a web browser, or from the Password Reset console. +from a web browser or from the Password Reset console. ## System Requirements @@ -41,7 +41,7 @@ the credentials are valid. :::note Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server Compact is free to use, and should only be removed if you move the database to SQL Server. SQL -Server Compact is an embedded database. Unlike SQL Server, you do not need to configure or manage +Server Compact is an embedded database. Unlike SQL Server, you don't need to configure or manage it. See the [Working with the Database](/docs/passwordreset/3.23/administration/working_with_the_database.md) topic for additional information. @@ -50,13 +50,12 @@ topic for additional information. ## Installation Types -A single server installation is recommended where users will only access Password Reset from a +Netwrix recommends a single server installation where users access Password Reset only from a trusted network, including a VPN. In this installation type, the Web Interface and Password Reset Server are both installed on the same server. The server must have access to a domain controller in each managed domain. -If Password Reset will be accessible from the Internet without a VPN, then it is likely that you -will want to run the Web Interface in a DMZ. A multiple server installation is recommended for this +If Password Reset is accessible from the Internet without a VPN, run the Web Interface in a DMZ. Netwrix recommends a multiple server installation for this scenario. In this installation type, the Web Interface is installed on an server in the DMZ and the Password Reset Server is installed on another server in the internal network. A firewall rule allows the two servers to communicate. @@ -70,8 +69,7 @@ option if you already have redundant web servers. Most organizations only need o ::: -Password Reset can share server resources with other applications. It is normally not necessary to -dedicate a server exclusively to Password Reset. The Web Interface can be installed on an existing +Password Reset can share server resources with other applications. You don't need to dedicate a server exclusively to Password Reset. The Web Interface can be installed on an existing web server as long as it is well secured and not overloaded. The Password Reset Server can run on an existing member server or domain controller. @@ -86,19 +84,19 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Select the acceptance option and click **Next** to +continue. **Step 5 –** Select the **All Components** option, and then click **Next**. **Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. **Step 7 –** Enter a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. +account. The account will be created and added to the Domain Admins group if it doesn't exist. :::note You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the +account, ensure it has the required permissions. See the [Securing Password Reset](/docs/passwordreset/3.23/administration/securing_password_reset.md) topic for additional information. ::: @@ -106,7 +104,7 @@ topic for additional information. **Step 8 –** Click **Next**. -**Step 9 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Step 9 –** Select an **IIS Web Site** from the dropdown list, and optionally change the default **Virtual Directory** for the Web Interface. :::note @@ -161,24 +159,24 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Select the acceptance option and click **Next** to +continue. **Step 5 –** Select the Server **Only option**, and then click **Next**. **Step 6 –** Type a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. +account. The account will be created and added to the Domain Admins group if it doesn't exist. :::note You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the +account, ensure it has the required permissions. See the [Securing Password Reset](/docs/passwordreset/3.23/administration/securing_password_reset.md) topic for additional information. ::: -**Step 7 –** Make sure the **Create Windows Firewall Exception for the APR Server service** check -box is selected, and then click **Next** twice. +**Step 7 –** Ensure the **Create Windows Firewall Exception for the APR Server service** checkbox +is selected, and then click **Next** twice. **Step 8 –** Wait for the Password Reset Server to install, and then click **Finish**. @@ -204,14 +202,14 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Select the acceptance option and click **Next** to +continue. **Step 5 –** Select the **Web Interface Only** option, and then click **Next**. **Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. -**Step 7 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Step 7 –** Select an **IIS Web Site** from the dropdown list, and optionally change the default **Virtual Directory** for the Web Interface. The Web Interface should be installed in its own virtual directory. @@ -230,7 +228,7 @@ installed the Password Reset Server onto. ![RegistryEditor](/images/passwordreset/3.23/administration/registryeditor.webp) The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the -files to another directory and publish several Web Interfaces from one server. This allows you to +files to another directory and publish several Web Interfaces from one server. This lets you present different user interfaces from each directory. The Web Interfaces all communicate with the same APR Server because there is only one ServerIP value. @@ -254,12 +252,11 @@ ServerIP_Finance. ## Upgrading From APR V3.x -Some planning is needed to ensure a smooth upgrade from APR V3.x. A trial run on a lab network is -recommended if you have not installed APR before. +Some planning is needed to ensure a smooth upgrade from APR V3.x. Netwrix recommends a trial run on a lab network if you have not installed APR before. ### Before You Begin -The database files are not overwritten during an upgrade, but you should still create a backup +The database files aren't overwritten during an upgrade, but you should still create a backup before upgrading. See the [Backing up the Database](/docs/passwordreset/3.23/administration/working_with_the_database.md#backing-up-the-database) topic for additional information. @@ -269,15 +266,15 @@ Interface files before upgrading**. The Web Interface files are installed in the `\Inetpub\wwwroot\pwreset\` folder by default. :::note -A full backup of the APR server(s) is recommended. This allows you to roll back to the -previous version if the upgrade cannot be completed. +A full backup of the APR servers is recommended. This lets you roll back to the +previous version if the upgrade can't be completed. You may need to restart Windows after upgrading. ::: -If Password Reset was originally installed by someone else and you do not have their installation -notes, then read this Installation topic before you begin. Also make sure you know the password for -the Password Reset Server service account as you will need it during the upgrade. +If Password Reset was originally installed by someone else and you don't have their installation +notes, then read this Installation topic before you begin. Also ensure you know the password for +the Password Reset Server service account, as the upgrade requires it. ### Upgrading to V3.23 @@ -288,12 +285,12 @@ If the Password Reset Server and Web Interface are installed on different server servers before using the new version. The Password Reset Server and Web Interface are only tested with matching versions. -Restore any customized Web Interface files after upgrading. Do not restore APR.dll from the backup +Restore any customized Web Interface files after upgrading. Don't restore APR.dll from the backup as it belongs to the previous version. You should keep a copy of the original Web Interface files and compare them with the files from the previous version using a file comparison tool. Any changes between versions should be merged into your customized files. -The Password Reset V3.23 data console does not read the VerificationCode or EnrollRecord columns +The Password Reset V3.23 data console doesn't read the VerificationCode or EnrollRecord columns from the User table on SQL Server. Access to these columns can be denied for Data Console users after upgrading all instances of the Data Console. See the [Using the Data Console](/docs/passwordreset/3.23/administration/using_the_data_console.md) @@ -301,8 +298,7 @@ topic for additional information. ## Upgrading From APR V2.x -As this is a major upgrade with many changes, some planning is needed to ensure a smooth upgrade. A -trial run on a lab network is recommended, especially if you are customizing the user interface. See +As this is a major upgrade with many changes, some planning is needed to ensure a smooth upgrade. Netwrix recommends a trial run on a lab network, especially if you are customizing the user interface. See the [Editing the HTML Templates](/docs/passwordreset/3.23/administration/editing_the_html_templates.md) topic for additional information. @@ -312,22 +308,22 @@ APR V3.23 is only compatible with Password Policy Enforcer V7.0 and later. Upgra to a compatible version if you have enabled Password Policy Enforcer integration. See the [Configuring Password Reset](/docs/passwordreset/3.23/administration/configuring_password_reset.md) topic for additional information. -APR V3.23 does not include a 32-bit APR Server or Web Interface. The computer(s) running the APR -server components must be running Windows 64-bit. This does not apply to the client computers. -APR V3.23 uses HTML5 and CSS3 features that are not supported by Internet Explorer 8 and earlier. +APR V3.23 doesn't include a 32-bit APR Server or Web Interface. The computers running the APR +server components must be running Windows 64-bit. This doesn't apply to the client computers. +APR V3.23 uses HTML5 and CSS3 features that aren't supported by Internet Explorer 8 and earlier. The [Password Reset Client](/docs/passwordreset/3.23/evaluation/password_reset_client.md) -uses Internet Explorer for page rendering, so the default HTML templates do not display correctly in +uses Internet Explorer for page rendering, so the default HTML templates don't display correctly in the Password Reset Client on Windows XP and Server 2003. Send an e-mail to [support@netwrix.com ](mailto:support@anixis.com)before upgrading if you still have computers running Internet Explorer 8. -APR V3.23 server components have not been tested on, and are not supported on Windows 2003. +APR V3.23 server components have not been tested on, and aren't supported on Windows 2003. ::: ### Before You Begin -**Step 1 –** Backup the APR V2.x server(s). +**Step 1 –** Backup the APR V2.x servers. **Step 2 –** Close the Data Console if it is open. @@ -341,7 +337,7 @@ topic for additional information. or [Multiple Server Installation](#multiple-server-installation). If the Web Interface is on a different server, then upgrade it as well. -**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to make sure the data was +**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to ensure the data was imported. **Step 3 –** Open APR in a web browser and test the Enroll, Reset, and Change features. @@ -356,7 +352,7 @@ Move Database files The database files are created in the installation folder when APR is first installed. The default installation folder for APR V2.x was below the Program Files (x86) folder, but in APR V3.23 it is -below the Program Files folder. The database files are not moved automatically during an upgrade, so +below the Program Files folder. The database files aren't moved automatically during an upgrade, so you should move them to the new installation folder (or a different folder) after upgrading. Follow the steps below to move the database files to the `\Program Files\ANIXIS Password Reset\` @@ -389,7 +385,7 @@ topic for additional information. Configure Password Reset Client to use IE7 emulation mode Older versions of the Password Reset Client display pages in Internet Explorer 7 emulation mode. -This mode cannot display the new HTML templates correctly. You can upgrade the Password Reset Client +This mode can't display the new HTML templates correctly. You can upgrade the Password Reset Client to the latest version, or configure existing installations to use IE 11 mode. This only works on Windows Vista and later with IE 9 or later. diff --git a/docs/passwordreset/3.23/administration/password_reset_client.md b/docs/passwordreset/3.23/administration/password_reset_client.md index d39c67c889..7976409133 100644 --- a/docs/passwordreset/3.23/administration/password_reset_client.md +++ b/docs/passwordreset/3.23/administration/password_reset_client.md @@ -6,14 +6,14 @@ sidebar_position: 90 # Password Reset Client -The Password Reset Client allows users to securely reset their password or unlock their account from +With the Password Reset Client, users can securely reset their password or unlock their account from the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password Reset system. ![the_password_reset_client](/images/passwordreset/3.23/administration/the_password_reset_client.webp) :::note -The Password Reset Client does not modify any Windows system files. +The Password Reset Client doesn't modify any Windows system files. ::: @@ -177,7 +177,7 @@ Set the Width and Height to 0 to have the PRC calculate an appropriate size. the Password Reset menu or reset page. :::note -See the **Help** box for more information. +The **Help** box describes the expected URL format and provides examples. ::: @@ -188,13 +188,13 @@ from the Password Reset Client browser. **Step 10 –** Close the Group Policy Management Editor. -The new PRC configuration is applied to all computers in the domain. This does not happen +Windows applies the new PRC configuration to all computers in the domain. This doesn't happen immediately, as Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of Group Policy on the local computer with the following command: gpupdate /target:computer The Password Reset Client only opens URLs with .dll, .htm, and .html extensions. URLs without a -filename are not opened. The PRC also blocks some page content, including audio and video files, +filename aren't opened. The PRC also blocks some page content, including audio and video files, ActiveX controls and Java applets. Send an e-mail to [support@netwrix.com ](mailto:support@anixis.com)if you need to change the default filename and content restrictions. @@ -254,6 +254,6 @@ Editor. **Step 12 –** Close the Group Policy Management Editor. -The license key is applied to all computers in the domain. This does not happen immediately, as +Windows applies the license key to all computers in the domain. This doesn't happen immediately, as Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of Group Policy on the local computer with the following command: `gpupdate /target:computer` diff --git a/docs/passwordreset/3.23/administration/persuading_users_to_enroll.md b/docs/passwordreset/3.23/administration/persuading_users_to_enroll.md index 7d9cfeff66..09f32f2c15 100644 --- a/docs/passwordreset/3.23/administration/persuading_users_to_enroll.md +++ b/docs/passwordreset/3.23/administration/persuading_users_to_enroll.md @@ -10,14 +10,13 @@ the user enrolls. The API is disabled by default. If an attacker sends many queries to the API, they could try to guess the domain and user names of enrolled users. They could get the same information by sending many requests to the Web Interface.API is the more attractive target because API responds faster and -API queries are not logged to the Audit Log. +API queries aren't logged to the Audit Log. -If you do not want to enable the API because your Web Interface is accessible from the Internet, -then you could leave the API disabled on your Internet-facing Web Interface and set up an internal +To avoid exposing the API on an Internet-facing Web Interface, leave the API disabled on that Web Interface and set up an internal Web Interface for API queries. Use the ServerIP registry value to point both Web Interfaces to the same APR Server, and enable the API only on the internal server. See the [Multiple Server Installation](/docs/passwordreset/3.23/administration/installation.md#multiple-server-installation) -topic for more information. +topic for firewall and installation steps. Follow the steps below to enable the API. @@ -47,7 +46,7 @@ There are three possible responses: | Response | Meaning | | ----------------------- | -------------------------------------- | | `{"isEnrolled": true}` | User is enrolled | -| `{"isEnrolled": false}` | User is not enrolled or does not exist | +| `{"isEnrolled": false}` | User isn't enrolled or doesn't exist | | `{}` | System maintenance is running | The API may also return one of these HTTP errors: @@ -55,13 +54,13 @@ The API may also return one of these HTTP errors: | Error | Reason | | ------------------------- | ------------------------------------------ | | 400 Bad Request | Invalid request path | -| 403 Forbidden | API disabled, or cannot read configuration | +| 403 Forbidden | API disabled, or can't read configuration | | 500 Internal Server Error | Other error | ## Performance and Caching -API performance is dependent on many factors. Synchronous queries will suffice in most cases, but -asynchronous queries are recommended to avoid delays. +API performance depends on many factors. Synchronous queries suffice in most cases, but +use asynchronous queries to avoid delays. Avoid unnecessary calls to the API as they can overload the server. Try to call the API only once after users logon. diff --git a/docs/passwordreset/3.23/administration/securing_password_reset.md b/docs/passwordreset/3.23/administration/securing_password_reset.md index 464aa30527..f9948d5873 100644 --- a/docs/passwordreset/3.23/administration/securing_password_reset.md +++ b/docs/passwordreset/3.23/administration/securing_password_reset.md @@ -13,15 +13,15 @@ Server. ## Installing and Using an SSL Certificate -The Web Interface and Password Reset Server always communicate over a secure channel. You do not +The Web Interface and Password Reset Server always communicate over a secure channel. You don't have to configure the encryption for this connection, but you do need to set up SSL (Secure Sockets Layer) encryption for the connection between the web browser (or Password Reset Client) and the web server. See the [Password Reset Client](/docs/passwordreset/3.23/administration/password_reset_client.md) -topic for more information. +topic for installation and configuration steps. :::warning -Do not use Password Reset on a production network without SSL encryption. +Don't use Password Reset on a production network without SSL encryption. ::: @@ -30,7 +30,7 @@ certificates from a certificate authority. You can install the Web Interface on already has an SSL certificate if you would rather not purchase another one. Your certificate authority will have instructions to guide you through the certificate request and -installation process. You can also learn more about using SSL certificates with IIS on the pages +installation process. For details on configuring SSL certificates with IIS, see the pages below. - [http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis](http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis) @@ -41,7 +41,7 @@ Ensure that users only access Password Reset over an encrypted connection after certificate is installed. The Start address and Restricted path in the Password Reset Client configuration should start with https://. Web browsers can be redirected to the secure URL. See the [Configuring the PRC](/docs/passwordreset/3.23/administration/password_reset_client.md#configuring-the-prc) -topic for more information. +topic for Group Policy configuration steps. ::: @@ -57,11 +57,17 @@ You can grant Active Directory permissions from the command-line with dsacls.exe graphical user interface. The examples below use the command-line, but you can use either method. The commands you need to execute are: +``` dsacls "[object]" /I:S /G "[account]:CA;Reset Password;user" +``` +``` dsacls "[object]" /I:S /G "[account]:RPWP;lockoutTime;user" +``` +``` dsacls "[object]" /I:S /G "[account]:RPWP;pwdLastSet;user" +``` Where [object] is the distinguished name of the domain or OU containing the user accounts, and [account] is the name of the service account in user@domain or domain\user format. @@ -75,28 +81,30 @@ after a reset** option is enabled in the Configuration Console's **Security** ta For example, the following command grants the axs\apr account permission to reset passwords for users in the axs.net domain: +``` dsacls "dc=axs,dc=net" /I:S /G "axs\apr:CA;Reset Password;user" +``` If Password Reset is configured to use an SQL Server Compact database, then give the service account read and write permissions to the database files. See the [Database](/docs/passwordreset/3.23/administration/configuring_password_reset.md#database) -topic for more information. +topic for database path and configuration options. Remove the service account from the Domain Admins group and restart the Password Reset service after -executing these commands. Check the Windows Application event log if the service does not start. +executing these commands. Check the Windows Application event log if the service doesn't start. ### Using Delegated Permissions with Protected Groups When you delegate permissions for the Password Reset service account, the delegated permissions are initially applied to all users in the domain or OU. After some time, Windows restores the original -permissions for some important user accounts. The restored permissions do not allow Password Reset +permissions for some important user accounts. The restored permissions don't allow Password Reset to reset passwords or unlock accounts for these users. The accounts protected by this feature vary by Windows version, and include members of the Domain Admins, Enterprise Admins, and Schema Admins groups. The list of protected groups is configurable, so it may differ from the defaults in the Windows documentation. -If you are using an Password Reset service account with delegated permissions and do not want these +If you are using a Password Reset service account with delegated permissions and don't want these privileged accounts to reset their password or unlock their account with Password Reset, then there is no need to make any configuration changes. Windows automatically restores the original permissions for these accounts. This is done every hour by default. @@ -117,7 +125,7 @@ The DN of the AdminSDHolder container for the anixis.net domain is CN=AdminSDHolder,CN=System,DC=anixis,DC=net :::note -Changes to the AdminSDHolder container are not applied to accounts immediately. You may +Changes to the AdminSDHolder container aren't applied to accounts immediately. You may need to wait up to an hour for Windows to update the DACL for these accounts. You can also start the process manually. Search for runProtectAdminGroupsTask or FixUpInheritance in Microsoft's documentation or more information. diff --git a/docs/passwordreset/3.23/administration/using_password_reset.md b/docs/passwordreset/3.23/administration/using_password_reset.md index 3f58a45605..61c9ff2fbc 100644 --- a/docs/passwordreset/3.23/administration/using_password_reset.md +++ b/docs/passwordreset/3.23/administration/using_password_reset.md @@ -11,7 +11,7 @@ from the Password Reset Client. The default URL for the Web Interface is:` http://[server]/pwreset/` See the [Password Reset Client](/docs/passwordreset/3.23/administration/password_reset_client.md) -topic for more information. +topic for installation and configuration steps. You can use URL parameters to open a specific page, and to set the user and domain names. For example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=maryjones&domain=ANIXIS` @@ -28,7 +28,7 @@ The connection between the Web Interface and Password Reset Server is always enc Install an SSL certificate on the web server and use HTTPS to encrypt connections from the browser to the web server. See the [Installing and Using an SSL Certificate](/docs/passwordreset/3.23/administration/securing_password_reset.md#installing-and-using-an-ssl-certificate) -topic for more information. +topic for certificate setup steps. ::: @@ -41,7 +41,7 @@ out of Password Reset, or if they want to change their questions or answers. See [Verification Codes](/docs/passwordreset/3.23/administration/configuring_password_reset.md#verification-codes) and [Lockout](/docs/passwordreset/3.23/administration/configuring_password_reset.md#lockout) -topics for more information. +topics for configuration options. Follow the steps below to manually enroll into Password Reset. @@ -53,9 +53,9 @@ Follow the steps below to manually enroll into Password Reset. **Step 3 –** Type an e-mail address if the **E-mail** text box is visible. See the [Options](/docs/passwordreset/3.23/administration/configuring_password_reset.md#options) -topic for more information. +topic for the e-mail enrollment setting. -**Step 4 –** Select a question from each of the **Question** drop-down lists, and type an answer to +**Step 4 –** Select a question from each of the **Question** dropdown lists, and type an answer to each question in the **Answer** text boxes. **Step 5 –** Click **Next**, and then click **OK** to return to the menu. @@ -129,7 +129,7 @@ phone by e-mail or SMS. Type the **Code**, and then click **Next**. The Unlock feature unlocks accounts in Active Directory. Users who are locked out of Password Reset should re-enroll to gain access to Password Reset. See the [Lockout](/docs/passwordreset/3.23/administration/configuring_password_reset.md#lockout) -and [Enroll](#enroll) topics for more information. +and [Enroll](#enroll) topics for lockout threshold settings and enrollment steps. ::: @@ -168,7 +168,7 @@ fields and resubmitting the form. ![using_apr_10](/images/passwordreset/3.23/administration/using_apr_10.webp) Critical errors are shown on their own page. These errors are mostly a result of configuration or -system errors. An event may be written to the Windows Application event log on the Password Reset +system errors. Password Reset may write an event to the Windows Application event log on the Password Reset Server computer when a critical error occurs. Users can sometimes overcome a critical error by following the instructions in the error message, but most critical errors are beyond the user's control. @@ -178,4 +178,4 @@ control. Validation and critical error messages are stored in the HTML templates. You can modify the default messages by editing the templates. See the [Resource Strings](/docs/passwordreset/3.23/administration/editing_the_html_templates.md#resource-strings) -topic for more information. +topic for the template format and editing steps. diff --git a/docs/passwordreset/3.23/administration/using_the_data_console.md b/docs/passwordreset/3.23/administration/using_the_data_console.md index 071ab9c8d4..b9f046e555 100644 --- a/docs/passwordreset/3.23/administration/using_the_data_console.md +++ b/docs/passwordreset/3.23/administration/using_the_data_console.md @@ -6,11 +6,11 @@ sidebar_position: 50 # Using the Data Console -The Data Console allows you to view and export data collected by Password Reset. Click **Start** > +Use the Data Console to view and export data collected by Password Reset. Click **Start** > **ANIXIS Password Reset** > **APR Data Console** to open the console. The Data Console has three tabs. The **Recent Activity** tab shows a chart of recent requests. The -chart is empty when Password Reset is first installed, but it will populate itself as the system is +chart is empty when Password Reset is first installed, but it populates as the system is used. ![using_the_data_console](/images/passwordpolicyenforcer/10.2/password_reset/administration/using_the_data_console.webp) @@ -54,7 +54,7 @@ The **Users** tab has seven columns: - Last Change — Date and time of last successful password change :::note -The Data Console does not automatically display new information as it is added to the +The Data Console doesn't automatically display new information as it is added to the database. Press F5 to refresh the view. ::: @@ -76,7 +76,7 @@ values directly into this row. ![using_the_data_console_3](/images/passwordreset/3.23/administration/using_the_data_console_3.webp) The Filter Row is empty when you first open the Data Console. To create a filter, click the **Filter -Row** in the column you wish to filter. A cursor will appear. Type a value, and then press **ENTER** +Row** in the column you want to filter. A cursor appears. Type a value, and then press **ENTER** or **TAB**. You may see a button to the right of the cursor. Click the button to shown an editor or selector @@ -108,7 +108,7 @@ header. Click the button to show a list of values in the column. -Select one or more values from the list. Rows that do not match one of the selected values are +Select one or more values from the list. Rows that don't match one of the selected values are hidden. ![using_the_data_console_7](/images/passwordreset/3.23/administration/using_the_data_console_7.webp) @@ -127,7 +127,7 @@ filters. Click **(Custom...)** in a column header's value list to create a custo ![using_the_data_console_8](/images/passwordreset/3.23/administration/using_the_data_console_8.webp) Custom filters can contain one or two conditions for each column. Select an operator for the first -condition from the drop-down list below the column name. Only relevant operators are shown for each +condition from the dropdown list below the column name. Only relevant operators are shown for each column. Type a value for the condition in the text box beside the operator. The text box may have a button @@ -168,7 +168,7 @@ The filter in the image above contains the root node, one group, and four condit all reset requests in the last fourteen days originating from IP addresses starting with 192.168.115 or 192.168.119. -Click the **Click here to add a new condition** button to add a new condition to the filter. Click +Use the **add condition** link at the bottom of the filter to add a new condition. Click the ellipsis button on the left of each line to add or remove conditions and groups. Click column names, operators, and values to edit them. Most can be selected from a list. Values can also contain the ? and \* wildcard characters. @@ -190,12 +190,12 @@ active filter. The button on the right side of the Filter Bar opens the Filter E ![using_the_data_console_11](/images/passwordreset/3.23/administration/using_the_data_console_11.webp) -A button and a check box appear on the left side of the Filter Bar when a filter is active. Click -the button to clear the filter. Toggle the check box to disable or enable the filter. +A button and a checkbox appear on the left side of the Filter Bar when a filter is active. Click +the button to clear the filter. Toggle the checkbox to disable or enable the filter. ![using_the_data_console_12](/images/passwordreset/3.23/administration/using_the_data_console_12.webp) -A drop-down button appears to the right of the filter. Click it to select a recently used filter. +A dropdown button appears to the right of the filter. Click it to select a recently used filter. ![using_the_data_console_13](/images/passwordreset/3.23/administration/using_the_data_console_13.webp) @@ -226,7 +226,7 @@ Follow the steps below to delete a user. **Step 1 –** Click the **Users** tab. -**Step 2 –** Select the user(s) you wish to delete. +**Step 2 –** Select the users you want to delete. **Step 3 –** Press the **DELETE** key, and then click **OK**. diff --git a/docs/passwordreset/3.23/administration/working_with_the_database.md b/docs/passwordreset/3.23/administration/working_with_the_database.md index c4701345be..c21b2fadec 100644 --- a/docs/passwordreset/3.23/administration/working_with_the_database.md +++ b/docs/passwordreset/3.23/administration/working_with_the_database.md @@ -59,7 +59,7 @@ net start "ANIXIS Password Reset" :::note Change the paths above if the database files are in a different folder. See the [Database](/docs/passwordreset/3.23/administration/configuring_password_reset.md#database) -topic for more information. +topic for database path configuration steps. ::: @@ -86,14 +86,13 @@ stored securely. ## Moving to SQL Server -Some planning is needed before moving the database to SQL Server. A trial run on a lab network is -recommended. You can run the Data Copy wizard more than once if you cannot complete the move on the +Plan the database migration before moving to SQL Server. Netwrix recommends a trial run on a lab network. You can run the Data Copy wizard more than once if you can't complete the move on the first attempt. A move back to SQL Server Compact is also possible. ### Create the Database Your database administrator needs to set up the SQL Server database. The instructions below are an -overview of the procedure, they are not step-by-step instructions. APR V3.23 has been tested with +overview of the procedure, they aren't step-by-step instructions. APR V3.23 has been tested with SQL Server 2012 to 2019. Follow the instructions below for an overview of the procedure. @@ -119,7 +118,7 @@ wizard also needs to be added to the db_datawriter and db_ddladmin server roles. Additional permissions can be set for users of the Data Console after the tables are created. Grant the DELETE privilege on the Usr table to users who are allowed to delete user records. Deny all -privileges on the VerificationCode and EnrollRecord columns in the User table as they are not used +privileges on the VerificationCode and EnrollRecord columns in the User table as they aren't used by the Data Console. ### Create the Tables and Copy the Data @@ -148,7 +147,7 @@ connection settings for the service account later. The **Username** and **Passwo if **SQL Server Authentication** is selected. The user must be in the db_datareader, db_datawriter, and db_ddladmin SQL Server roles. **Encrypt connection** should be selected to protect user information, and **Trust server certificate** must be selected if SQL Server is using a self-signed -certificate. SQL Server uses a self-signed certificate if a trusted certificate is not installed. +certificate. SQL Server uses a self-signed certificate if a trusted certificate isn't installed. The SQL Server Native Client must be installed if **Trust server certificate** is selected. ![working_with_the_database_1](/images/passwordreset/3.23/administration/working_with_the_database_1.webp) @@ -182,20 +181,20 @@ to a named instance. option should be selected to protect user information. **Step 8 –** Select the **Trust server certificate** option if SQL Server is using a self-signed -certificate. SQL Server uses a self-signed certificate if a trusted certificate is not installed. -Password Reset cannot connect to SQL Server with a self-signed certificate if this option is not +certificate. SQL Server uses a self-signed certificate if a trusted certificate isn't installed. +Password Reset can't connect to SQL Server with a self-signed certificate if this option isn't selected. The SQL Server Native Client must be installed if **Trust server certificate** is selected. **Step 9 –** Click **OK**, and then click **Apply**. -**Step 10 –** Restart the Password Reset service. If the service does not start, then check the +**Step 10 –** Restart the Password Reset service. If the service doesn't start, then check the database connection options and the SQL Server login, user, and server roles configured earlier. You can change the database back to SQL Server Compact while you troubleshoot the issue. ### Other Tasks -Open the Data Console and set your SQL Server connection options. You will need to enter a password +Open the Data Console and set your SQL Server connection options. You must enter a password every time you open the Data Console if **SQL Server Authentication** is selected. The Data Console executable and help file (APRDC.exe and APR.chm) can be copied to the computers of other users who will use the Data Console. diff --git a/docs/passwordreset/3.23/evaluation/conclusion.md b/docs/passwordreset/3.23/evaluation/conclusion.md index c3435fb127..f87078bf99 100644 --- a/docs/passwordreset/3.23/evaluation/conclusion.md +++ b/docs/passwordreset/3.23/evaluation/conclusion.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Conclusion -Congratulations! You have successfully installed, configured, and used Netwrix Password Reset. This +You have successfully installed, configured, and used Netwrix Password Reset. This brief guide has introduced you to Password Reset, but you can do much more with it. The Administrator's Guide covers many more topics, including: @@ -19,7 +19,6 @@ Administrator's Guide covers many more topics, including: - Creating complex filters in the Data Console. - Modifying the user interface and error messages. -You can learn more about Password Reset and Password Policy Enforcer at -[www.netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html). +Visit the [Netwrix Password Policy Enforcer product page](https://www.netwrix.com/password_policy_enforcer.html) for product details and additional resources. -Please contact Netwrix support[ ](mailto:support@anixis.com)if you have any questions. +Contact Netwrix support[ ](mailto:support@anixis.com)if you have any questions. diff --git a/docs/passwordreset/3.23/evaluation/configuring_password_reset.md b/docs/passwordreset/3.23/evaluation/configuring_password_reset.md index f370465db8..61ad0fb2bd 100644 --- a/docs/passwordreset/3.23/evaluation/configuring_password_reset.md +++ b/docs/passwordreset/3.23/evaluation/configuring_password_reset.md @@ -20,7 +20,7 @@ Configuration changes are applied when you click **Apply** or **OK**. Clicking * the Configuration Console. :::note -Password Reset includes a 30-day evaluation license for up to 50 users. Please contact +Password Reset includes a 30-day evaluation license for up to 50 users. Contact Netwrix support if you would like to evaluate Netwrix Password Reset with more than 50 users. ::: diff --git a/docs/passwordreset/3.23/evaluation/data_console.md b/docs/passwordreset/3.23/evaluation/data_console.md index 573db27f35..a27f71204f 100644 --- a/docs/passwordreset/3.23/evaluation/data_console.md +++ b/docs/passwordreset/3.23/evaluation/data_console.md @@ -6,11 +6,11 @@ sidebar_position: 40 # Data Console -The Data Console allows you to view and export data collected by APR. Click **Start** > **ANIXIS +Use the Data Console to view and export data collected by APR. Click **Start** > **ANIXIS Password Reset** > **APR Data Console** to open the console. The Data Console has three tabs. The Recent Activity tab shows a chart of recent requests. The chart -is empty when Password Reset is first installed, but it will populate itself as the system is used. +is empty when Password Reset is first installed, but it populates as the system is used. ![the_data_console](/images/passwordreset/3.23/evaluation/the_data_console.webp) @@ -18,7 +18,7 @@ The bars in the chart show how many successful enrollments, resets, unlocks, and every day. You can click the bars to see a filtered view of the events for that day. The Audit Log tab contains all the events recorded by Password Reset. You can create filters to show -only some of the events. Filters are very flexible and easy to create. +only some of the events. Filters are flexible. ![the_data_console_1](/images/passwordreset/3.23/evaluation/the_data_console_1.webp) diff --git a/docs/passwordreset/3.23/evaluation/evaluation_overview.md b/docs/passwordreset/3.23/evaluation/evaluation_overview.md index 30fb1cc5f0..e7bb78942a 100644 --- a/docs/passwordreset/3.23/evaluation/evaluation_overview.md +++ b/docs/passwordreset/3.23/evaluation/evaluation_overview.md @@ -7,14 +7,14 @@ sidebar_position: 30 # Evaluation Password Reset is a self-service password management system that helps organizations to reduce the -number of password related help desk calls. Password Reset allows users to securely change their +number of password related help desk calls. With Password Reset, users can securely change their password and unlock their account, even if they have forgotten their password. This Evaluator's Guide shows you how to quickly install, configure, and test Password Reset. You should read this guide if you are evaluating Password Reset, or if you are using Password Reset for the first time. -Please contact Netwrix support[ ](mailto:support@anixis.com)if you have any questions, or if you +Contact Netwrix support[ ](mailto:support@anixis.com)if you have any questions, or if you encounter any problems during your evaluation. ![introduction_1_1](/images/passwordreset/3.23/evaluation/introduction_1_1.webp) diff --git a/docs/passwordreset/3.23/evaluation/installation.md b/docs/passwordreset/3.23/evaluation/installation.md index 7be8d93c8a..b209e61fb6 100644 --- a/docs/passwordreset/3.23/evaluation/installation.md +++ b/docs/passwordreset/3.23/evaluation/installation.md @@ -8,9 +8,9 @@ sidebar_position: 10 Password Reset has two server components, and an optional client. See the [Password Reset Client](/docs/passwordreset/3.23/evaluation/password_reset_client.md) -topic for additional information. Both server components can be installed on one server, or they may -be installed on separate servers if your web server is in a DMZ. As the evaluation server is not in -a DMZ, we will install both components on one server. +topic for additional information. Both server components can be installed on one server, or you can +install them on separate servers if your web server is in a DMZ. As the evaluation server isn't in +a DMZ, both components can be installed on one server. The Web Interface is the component that users interact with. It accepts user requests, encrypts them, and sends them to the Password Reset Server. The Password Reset Server is the component that @@ -22,14 +22,13 @@ credentials, and performs the requested task if the credentials are valid. You only need one Windows 2008 to 2019 server for the evaluation. The server can be a domain controller or a member server. -Follow the steps below to install Password Reset on the server. +To install Password Reset on the server: **Step 1 –** Start the Password Reset Setup wizard (APR323.exe). **Step 2 –** Click **Next**. -**Step 3 –** Read the license agreement. Click **I accept the terms of the license agreement**. -Click **Next** if you accept all terms. +**Step 3 –** Read the license agreement, accept the terms, then click **Next**. **Step 4 –** Click **Next**, then click **OK** to install IIS, if asked. diff --git a/docs/passwordreset/3.23/evaluation/password_reset_client.md b/docs/passwordreset/3.23/evaluation/password_reset_client.md index 2d145a3817..5b65bf44d6 100644 --- a/docs/passwordreset/3.23/evaluation/password_reset_client.md +++ b/docs/passwordreset/3.23/evaluation/password_reset_client.md @@ -6,21 +6,21 @@ sidebar_position: 50 # Password Reset Client -The Password Reset Client allows users to securely reset their password or unlock their account from +With the Password Reset Client, users can securely reset their password or unlock their account from the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password Reset system. ![the_password_reset_client_1](/images/passwordreset/3.23/evaluation/the_password_reset_client_1.webp) -The Password Reset Client does not modify any Windows system files. +The Password Reset Client doesn't modify any Windows system files. The Password Reset Client is normally deployed with Group Policy, Microsoft System Center Configuration Manager, or some other software deployment tool. It takes about 15 minutes to set up -an automated deployment, so we will install the PRC manually for the evaluation. +an automated deployment, so this guide covers manual PRC installation for the evaluation. ## Installing the PRC -Follow the steps below to install the PRC. +To install the PRC: **Step 1 –** Click **Start** > **ANIXIS Password Reset** > **Client Software**. @@ -28,12 +28,11 @@ Follow the steps below to install the PRC. **Step 3 –** Click **Next**. -**Step 4 –** Read the license agreement. Click **I accept the license agreement**. Click **Next** if -you accept all the terms. +**Step 4 –** Read the license agreement, accept the terms, then click **Next**. **Step 5 –** Click **Next**. -**Step 6 –** Once the Password Reset Client is installed, click **Finish**. +**Step 6 –** After the Password Reset Client is installed, click **Finish**. **Step 7 –** Click **Yes** is asked to restart the computer. @@ -43,8 +42,8 @@ evaluation. ## Configuring the PRC The Password Reset Client is normally configured with an Active Directory administrative template. -This allows you to centrally configure all computers in the domain. It takes about 15 minutes to set -up the Administrative Template, so we will configure the PRC by importing the settings into the +This lets you centrally configure all computers in the domain. It takes about 15 minutes to set +up the Administrative Template, so this guide covers PRC configuration by importing the settings into the registry for the evaluation. **Step 1 –** Download the sample configuration from the following link: @@ -72,7 +71,7 @@ when asked to confirm. Repeat this step on any client computers being used for t :::note You must import the configuration settings into the registry whenever you edit -PRC_Config.reg, otherwise the old settings will remain. +PRC_Config.reg, otherwise the old settings remain. ::: @@ -81,7 +80,7 @@ PRC_Config.reg, otherwise the old settings will remain. You can access the Password Reset Client from the Windows Logon and Unlock Computer screens. Click the **Reset password...** command link to display the Password Reset menu. -The client works on Windows XP and Server 2003, but the pages do not display correctly on these +The client works on Windows XP and Server 2003, but the pages don't display correctly on these operating systems because Internet Explorer 8 has very limited support for HTML5. Send an e-mail to [support@netwrix.com ](mailto:support@anixis.com)if you need to use the Password Reset Client with these older operating systems. diff --git a/docs/passwordreset/3.23/evaluation/using.md b/docs/passwordreset/3.23/evaluation/using.md index 83bd3884cb..a8958e55c2 100644 --- a/docs/passwordreset/3.23/evaluation/using.md +++ b/docs/passwordreset/3.23/evaluation/using.md @@ -15,13 +15,13 @@ users choose strong passwords. Password Reset can integrate with Password Policy Enforcer to help users choose a compliant password. Password Reset displays the Password Policy Enforcer password policy message when a user is prompted for their new password, and the Password Policy Enforcer rejection message if the new -password does not comply with the password policy. +password doesn't comply with the password policy. ![using_apr_with_password_policy_1](/images/passwordreset/3.23/evaluation/using_apr_with_password_policy_1.webp) -Select the **Password Policy Enforcer integration** check box in the General tab of the Password +Select the **Password Policy Enforcer integration** checkbox in the General tab of the Password Reset Configuration Console if you have installed and configured Password Policy Enforcer. The Password Policy Enforcer Evaluator's Guide will help you to install and configure Password Policy -Enforcer if you are not currently using it. +Enforcer if you aren't using it. -An Password Reset license does not include a Password Policy Enforcer license. +A Password Reset license doesn't include a Password Policy Enforcer license. diff --git a/docs/passwordreset/3.23/evaluation/using_password_reset.md b/docs/passwordreset/3.23/evaluation/using_password_reset.md index 570f637524..3285398a89 100644 --- a/docs/passwordreset/3.23/evaluation/using_password_reset.md +++ b/docs/passwordreset/3.23/evaluation/using_password_reset.md @@ -23,7 +23,7 @@ You must enroll into Password Reset before you can use it to reset your password account. You can enroll manually by providing some information about yourself, or Password Reset can enroll you automatically and send a verification code to confirm your identity. -Follow the steps below to manually enroll into Password Reset. +To manually enroll into Password Reset: **Step 1 –** Click the **Enroll** item in the menu. @@ -44,7 +44,7 @@ incorrect password. This may trigger a lockout if the Windows account lockout po Use the Reset feature when you have forgotten your password. Resetting a password also unlocks the account if it is locked. -Follow the steps below to reset a password. +To reset a password: **Step 1 –** Click the **Reset** item in the menu. @@ -60,7 +60,7 @@ Follow the steps below to reset a password. Use the Unlock feature when you know the password, but have entered it incorrectly too many times and Windows has locked out your account. -Follow the steps below to unlock an account. +To unlock an account: **Step 1 –** Click the **Unlock** item in the menu. @@ -73,7 +73,7 @@ Follow the steps below to unlock an account. Use the Change feature when you know the password and would like to change it. -Follow the steps below to change a password. +To change a password: **Step 1 –** Click the **Change** item in the menu. @@ -82,7 +82,7 @@ Follow the steps below to change a password. **Step 3 –** Enter the **Old Password**, **New Password**, and **Confirm Password** in the respective field. Click **Next**. -Password Reset's user interface is built with customizable templates. You can easily modify the user +Password Reset's user interface is built with customizable templates. You can modify the user interface by editing the templates. Even the error messages are defined in the templates, so you can edit those too. See the [Editing the HTML Templates](/docs/passwordreset/3.23/administration/editing_the_html_templates.md) diff --git a/docs/passwordreset/3.3/administration/administration_overview.md b/docs/passwordreset/3.3/administration/administration_overview.md index e9a4d9c312..189ae8bc97 100644 --- a/docs/passwordreset/3.3/administration/administration_overview.md +++ b/docs/passwordreset/3.3/administration/administration_overview.md @@ -7,7 +7,7 @@ sidebar_position: 20 # Administration Netwrix Password Reset is a self-service password management system that helps you to reduce the -number of password related help desk calls. Password Reset allows users to securely change their +number of password related help desk calls. With Password Reset, users can securely change their password and unlock their account, even if they have forgotten their password. This section details the different benefits of using Password Reset. diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/about_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/about_tab.md index cfd0f19d52..a1518e5cf8 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/about_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/about_tab.md @@ -15,8 +15,7 @@ To install a new license key, copy the entire license e-mail to the clipboard, a license from clipboard. :::note -Password Reset includes a 30-day evaluation license for up to 50 users. Please -[contact Netwrix support](mailto:support@netwrix.com)[](mailto:support@anixis.com) if you would like -to evaluate Password Reset with more than 50 users. +Password Reset includes a 30-day evaluation license for up to 50 users. [Contact Netwrix support](mailto:support@netwrix.com)[](mailto:support@anixis.com) to +evaluate Password Reset with more than 50 users. ::: diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/email_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/email_tab.md index 69065c9230..968a29c6ba 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/email_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/email_tab.md @@ -29,7 +29,7 @@ this option if your mail server supports pickup folders. ### Triggers -Triggers define when e-mails are sent. If the trigger for an event is enabled, then Password Reset +Triggers define when Password Reset sends e-mails. If the trigger for an event is enabled, then Password Reset sends an e-mail when the event occurs. Enabled triggers are underlined. Click the name of an enabled trigger to edit the trigger's e-mail template. @@ -51,8 +51,8 @@ macros. :::note Use [NPR_OR_AD_EMAIL] with caution as Password Reset does not check the validity of e-mail -addresses. If the e-mail address in Password Reset's database is no longer valid, then the alert is -only sent to the invalid address. +addresses. If the e-mail address in Password Reset's database is no longer valid, then Password Reset sends the alert +only to the invalid address. ::: @@ -61,7 +61,7 @@ carbon copies. Separate multiple recipients with a semicolon. Type the e-mail's subject in the **Subject** text box. -Type the e-mail's body in the large text box. The e-mail is sent as plain text unless the body +Type the e-mail's body in the large text box. Password Reset sends the e-mail as plain text unless the body contains the `` tag. Include the entire HTML document when sending e-mail as HTML. You can also use these macros. @@ -71,23 +71,23 @@ also use these macros. | [AD_USER] | The user's Active Directory logon name | Password Reset stores the user's preferred language every time they successfully complete an Enroll, -Reset, Unlock, or Change. E-mail alerts are sent in the user's preferred language, or in the current -Web Interface language if the user's preferred language is not known. If an e-mail template is not -defined for the user's preferred language, then the alert is sent in English. +Reset, Unlock, or Change. Password Reset sends e-mail alerts in the user's preferred language, or in the current +Web Interface language if the user's preferred language is not known. If no e-mail template exists +for the user's preferred language, Password Reset sends the alert in English. Use the drop-down list at the bottom of the E-mail template editor to switch between template languages. Changes are preserved as you switch between languages. The **From**, **To**, and **Bcc** are the same for all languages. -A warning icon is shown beside the language drop-down list if an e-mail template is not defined for +A warning icon appears beside the language drop-down list if no e-mail template is defined for every language. You should define an e-mail template for every language to ensure that users can understand their e-mail alerts. ![configuring_npr_5](/images/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_5.webp) :::warning -An attacker may choose a specific language to avoid detection. E-mail alerts are sent -in the Web Interface language chosen by the attacker if the target user has not enrolled or changed -their password with Password Reset. The target user will receive the e-mail alerts, but they may not +An attacker may choose a specific language to avoid detection. Password Reset sends e-mail alerts +in the Web Interface language the attacker chose if the target user has not enrolled or changed +their password with Password Reset. The target user receives the e-mail alerts, but may not understand them. Use the Rest API to remind new users to enroll so their preferred language is known to Password Reset. See the [Enroll Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md) topic for additional information. diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md index 48605ddb16..cb3737b459 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md @@ -17,7 +17,7 @@ questions from the Question List. **Add a question** -Follow the steps below to add a question to the list. +To add a question to the list: **Step 1 –** Select a language from the drop-down list above the Question List. @@ -29,7 +29,7 @@ Follow the steps below to add a question to the list. **Remove a question** -Follow the steps below to remove a question from the list. +To remove a question from the list: **Step 1 –** Select a language from the drop-down list above the Question List. diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md index 99cf1669dd..e2c3982e73 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md @@ -19,7 +19,7 @@ name. You can configure Password Reset to display a list of domains instead of a **Add a Domain to the list** -Follow the steps below to add a domain to the list. +To add a domain to the list: **Step 1 –** Click **Add...** @@ -28,7 +28,7 @@ Follow the steps below to add a domain to the list. **Step 3 –** Click **OK**, and then click **Apply**. :::note -The most frequently used domain should be first in the list as it will be the default. You +The most frequently used domain should be first in the list, because it becomes the default. You can rearrange the domains by dragging them to another position. You can also click Sort to sort them alphabetically. ::: @@ -36,7 +36,7 @@ alphabetically. **Remove a Domain from the list** -Follow the steps below to remove a domain from the list: +To remove a domain from the list: **Step 1 –** Select the domain name in the Domain List. @@ -49,7 +49,7 @@ Follow the steps below to remove a domain from the list: Password Reset uses an SQL Server Compact database by default. It creates two database files (apr.sdf and aprlog.sdf) in the Password Reset installation folder. -Follow the steps below to move these files to another folder. +To move these files to another folder: **Step 1 –** Close the Data Console if it is open. @@ -98,8 +98,8 @@ address of a Password Policy Server. The `PPEIPAddress` value is in :::note Due to a protocol upgrade, Netwrix Password Reset v3.3 is not compatible with Netwrix Password Policy Enforcer v8.x and earlier versions. If you are using Netwrix Password Reset with any -of those older Netwrix Password Policy Enforcer versions, please consider upgrading Netwrix Password -Policy Enforcer first to a current version, and only then upgrade Netwrix Password Reset to v3.3 (or +of those older Netwrix Password Policy Enforcer versions, upgrade Netwrix Password +Policy Enforcer to a current version before upgrading Netwrix Password Reset to v3.3 (or later). ::: @@ -108,22 +108,21 @@ Users are more likely to see the Password Policy Enforcer Generic Rejection mess more detailed Rejection message when this registry value is set. Users may also have the wrong policy, or no policy enforced if the queried server is not a domain controller in the user's domain. -Queries to the Password Policy Server are sent to UDP port 1333 by default. You may need to create +Password Reset sends queries to the Password Policy Server at UDP port 1333 by default. You may need to create firewall rules to open this port. See the Password Policy Enforcer documentation for additional information. :::note -Due to a protocol upgrade, it is now recommended to enable protocol encryption for -clients. To do so, please navigate to the PPS Properties in your Netwrix Password Policy Enforcer +Due to a protocol upgrade, enable protocol encryption for clients. Navigate to the PPS Properties in your Netwrix Password Policy Enforcer server configuration, and enable "Only accept encrypted client request". ::: ![using_ppe_with_npr](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_ppe_with_npr.webp) -Please do not enable this option if you are using Netwrix Password Reset v3.3 with Netwrix Password +Do not enable this option if you are using Netwrix Password Reset v3.3 with Netwrix Password Policy Enforcer v8.x or earlier versions, or with Netwrix Password Policy Enforcer/Web. If you are using Netwrix Password Reset v3.3 with any of those older versions of Netwrix Password Policy -Enforcer, please consider upgrading first to a current and supported version. +Enforcer, upgrade to a current and supported version first. :::note Password Policy Enforcer is not included with Password Reset. Go to diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/security_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/security_tab.md index 3c43d08165..d698ef9eb8 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/security_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/security_tab.md @@ -29,14 +29,14 @@ article for additional information. The hotfix is included with SP1 for Windows standard feature on later Windows versions. Users are more likely to forget a password shortly after changing it. Enforcing a minimum age for -password resets may increase the number of help desk calls because users won't be able to reset -recently changed passwords. One solution is to clear the check box above, and select the **Require -users to change their password after a reset** check box instead. The Active Directory password -history policy won't be enforced for the password reset, but it will be enforced for the password -change when the user logs on. This stops users from reusing a recent password, but it won't stop +password resets may increase the number of help desk calls because users cannot reset +recently changed passwords. One solution is to clear the **Enforce the AD password history and minimum age policies for resets** check box, and select the **Require +users to change their password after a reset** check box instead. Active Directory does not +enforce the password history policy for the password reset, but does enforce it for the password +change when the user logs on. This stops users from reusing a recent password, but does not stop them from resetting a recently changed password. -Users whose passwords are set to never expire in Active Directory will not be forced to change their +Users whose passwords are set to never expire in Active Directory are not forced to change their password during logon, even if this check box is selected. :::note @@ -65,13 +65,13 @@ codes. Select a value from the **Lockout user after...** drop-down list to specify how many incorrect answers Password Reset accepts before locking out a user. Set it to 0 incorrect answers to disable -the lockout feature. Incorrect verification codes are counted as incorrect answers if the **Lockout +the lockout feature. Password Reset counts incorrect verification codes as incorrect answers if the **Lockout users if they enter too many incorrect verification codes** check box is selected on the **Verification** tab. :::note Locked out users must re-enroll before they can use Password Reset to reset their password -or unlock their account. The incorrect answer count is reset when a user enrolls, or answers all +or unlock their account. Password Reset resets the incorrect answer count when a user enrolls, or answers all questions during a reset or unlock. ::: diff --git a/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md b/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md index 055ced4a97..4ecbd0ce77 100644 --- a/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md +++ b/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md @@ -7,8 +7,8 @@ sidebar_position: 40 # Verification Tab Use the **Verification** tab to enable verification codes for resets and unlocks. Verification codes -are used for two-factor authentication, and to authenticate users that have not manually enrolled. A -verification code is sent to the user's mobile phone by e-mail and/or SMS, and the user enters the +provide two-factor authentication and authenticate users that have not manually enrolled. Password Reset sends a +verification code to the user's mobile phone by e-mail and/or SMS, and the user enters the verification code to continue. ![configuring_npr_6](/images/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_6.webp)7 @@ -25,32 +25,32 @@ when they request a reset or unlock, and sends them a verification code for auth that are automatically enrolled can also manually enroll with questions later. Users that are only automatically enrolled cannot continue to reset their password and unlock their account if this option is subsequently disabled. Automatic enrollment should only be used with secure devices -connected to a secure network, otherwise a stolen or lost device could be used to reset a user's +connected to a secure network, otherwise a stolen or lost device could allow an attacker to reset a user's password. Automatically enrolled users: -- Do not have an Password Reset e-mail address, so verification codes are only sent to the user's +- Do not have a Password Reset e-mail address, so Password Reset only sends verification codes to the user's Active Directory e-mail address and/or phone number. -- Must be authenticated with a verification code, so their reset or unlock request will be denied +- Must be authenticated with a verification code, so Password Reset denies their reset or unlock request even if the Users can reset and unlock without a verification code if a code cannot be sent check box is selected. - Need to manually enroll if the sending of verification codes, or automatic enrollments are disabled after they are automatically enrolled. - Can manually enroll at any time. Authenticating users with questions and verification codes is more secure than using only verification codes. -- Are not sent the After Enroll e-mail alert. +- Do not receive the After Enroll e-mail alert. Select the **Users can reset and unlock without a verification code if a code cannot be sent** check -box if users should be allowed to continue when a verification code cannot be sent. Verification -codes can only be sent to users that have a mobile phone number or e-mail address in Active +box if users should be allowed to continue when a verification code cannot be sent. Password Reset can only send verification +codes to users that have a mobile phone number or e-mail address in Active Directory, or an e-mail address in Password Reset's database. Even if this information is present, an error could stop the verification code from being sent. If this check box is not selected, then -users will need to contact the help desk if a verification code cannot be sent. +users must contact the help desk if a verification code cannot be sent. -Select the **Lockout users if they enter too many incorrect verification codes** check box if the -incorrect answer count should be incremented when users submit an incorrect verification code. A -user's Password Reset record can be locked out if they enter too many incorrect answers or +Select the **Lockout users if they enter too many incorrect verification codes** check box if +Password Reset should increment the incorrect answer count when users submit an incorrect verification code. +Password Reset can lock out a user's record if the user enters too many incorrect answers or verification codes. The lockout threshold is set on the **Security** tab. Select the **Show incomplete e-mail addresses and phone numbers to users** check box if NPR should @@ -68,7 +68,7 @@ expiry features are enabled. Select a value from the **Expire verification codes after...** drop-down list to limit how long users have to enter their verification code. Set it to 0 minutes if the verification code should not -expire. A new verification code is sent for every reset and unlock. This setting limits how long a +expire. Password Reset sends a new verification code for every reset and unlock. This setting limits how long a user has to enter their verification code, it does not allow old verification codes to be reused. ### E-mail @@ -77,26 +77,26 @@ Select the **Send verification codes by e-mail** check box to send verification e-mail. You must configure the E-mail delivery options in the **E-mail** tab to send verification codes by e-mail. See the Verification Tab topic for additional information. -Verification codes can be sent to the Active Directory e-mail address and/or the Password Reset +Password Reset can send verification codes to the Active Directory e-mail address and/or the Password Reset e-mail address. Select the desired option from the **Send to** drop-down list. -Click **Edit...** to edit the e-mail template for verification codes. The [CODE] macro is replaced +Click **Edit...** to edit the e-mail template for verification codes. Password Reset replaces the [CODE] macro with the verification code, so include the [CODE] macro in the e-mail subject or body. -The user's Active Directory e-mail address is read from the **mail** attribute by default. Click +Password Reset reads the user's Active Directory e-mail address from the **mail** attribute by default. Click **AD Attribute** if you want to use an e-mail address from a different attribute. Type the name of the attribute, and then click **OK**. #### SMS Select the **Send verification codes by SMS** check box to send verification codes to users via SMS. -Any SMS provider with a Windows command-line interface (CLI) can be used. +You can use any SMS provider with a Windows command-line interface (CLI). Click **Browse...** to select the executable that sends the SMS. The executable is supplied by your SMS provider. Type the command-line parameters in the Parameters text box. Refer to your SMS provider's -documentation for the expected parameters. You can also use the macros in the table below. Use +documentation for the expected parameters. You can also use the macros in the following table. Use quotes around parameters and macros that may contain space characters. | Macro | Replaced with | @@ -107,7 +107,7 @@ quotes around parameters and macros that may contain space characters. | [DOMAIN] | User's Active Directory domain name | | [LANG] | Current Web Interface language code | -The user's Active Directory mobile phone number is read from the mobile attribute by default. Click +Password Reset reads the user's Active Directory mobile phone number from the mobile attribute by default. Click **AD Attribute** if you want to use a phone number from a different attribute. Type the name of the attribute, and then click **OK**. diff --git a/docs/passwordreset/3.3/administration/editing_the_html_templates.md b/docs/passwordreset/3.3/administration/editing_the_html_templates.md index 2ab6d1d96b..52d5c57327 100644 --- a/docs/passwordreset/3.3/administration/editing_the_html_templates.md +++ b/docs/passwordreset/3.3/administration/editing_the_html_templates.md @@ -6,16 +6,16 @@ sidebar_position: 70 # Editing the HTML Templates -Password Reset's user interface is built with customizable templates. You can easily modify the user +Password Reset's user interface is built with customizable templates. You can modify the user interface by editing the templates. The templates are written in HTML5 and formatted with CSS3, so they work with all modern web browsers. Older browsers such as Internet Explorer 8 may work, but the -pages may be badly formatted. Please [contact Netwrix support](mailto:support@netwrix.com) if you +pages may be badly formatted. [Contact Netwrix support](mailto:support@netwrix.com) if you need to use Password Reset with older web browsers. ## User Interface Files Password Reset installs seven `.htm` files for every language. Each filename starts with a language -code. The files for the US English language are: +code. The files for the U.S. English language are: | Filename | Content | | ----------------- | ------------------------------------ | @@ -33,7 +33,7 @@ files are installed into the `\Inetpub\wwwroot\pwreset\` folder by default. :::note Always backup the user interface files before and after editing them. Your changes may be overwritten when Password Reset is upgraded, and some changes could stop Password Reset from working -correctly. Having a backup allows you to quickly revert to a working setup. +correctly. A backup lets you quickly revert to a working setup. Web browsers display pages differently, so test your changes with several versions of the most popular browsers to ensure compatibility. ::: @@ -46,7 +46,7 @@ are used to prepare the pages. Some of these comments define ranges. A range loo **Some text or HTML** -The Web Interface deletes ranges (and the text inside them) when they are not needed. Some ranges +The Web Interface deletes ranges (and the text inside them) when they aren't needed. Some ranges span only one word, while others span several lines. The other type of comment tag is called a field. @@ -66,7 +66,7 @@ Each template ends with a resource string section. `*/}{/*/RESOURCE_STRINGS*/}` Resource strings are mostly validation error messages, but they can contain any text Password Reset -may need to build the page. Do not modify the identifiers on the left, only edit the text on the +may need to build the page. Don't modify the identifiers on the left, only edit the text on the right. Resource strings are always inside a range called RESOURCE_STRINGS. Password Reset deletes this range before sending the page to the user's web browser. See the [Error Messages](using_password_reset.md#error-messages) topic for additional information. @@ -81,7 +81,7 @@ on larger screens. :::warning You may rebrand the Password Reset user interface, but it is a violation of the License -Agreement to modify, remove or obscure any copyright notice. +Agreement to modify, remove, or obscure any copyright notice. ::: @@ -92,7 +92,7 @@ understanding of Password Reset's templates. You don't need to be an expert in H examples, but a basic understanding of HTML will help. Work through them carefully, and backup files before you edit them. The examples in this section are -from the US English files, but the format is the same for all languages. +from the U.S. English files, but the format is the same for all languages. ### Replace the Netwrix Logo @@ -100,7 +100,7 @@ The Netwrix logo is shown at the top of the page. The logo is installed into the `\Inetpub\wwwroot\pwreset\images\` folder by default, and it is called logo.svg. You can replace this file with one containing your organization's logo. -You will also need to edit the HTML files if your logo is not in SVG format, or if it has a +You will also need to edit the HTML files if your logo isn't in SVG format, or if it has a different aspect ratio to the Netwrix logo. Open every HTML file in a text editor such as Notepad, and search for the line shown below. Change the filename (logo.svg), height (70 pixels) and width (116 pixels) to suit your logo. @@ -110,10 +110,10 @@ and search for the line shown below. Change the filename (logo.svg), height (70 ### Edit Page Instructions Instructions appear at the top of each page. You can edit the instructions by opening the relevant -.htm file and searching for the text you wish to modify. +.htm file and searching for the text you want to modify. Instructions are often inside a range called SECTION_A, SECTION_B, SECTION_C, or SECTION_D. Each -section contains instructions for the different pages in the template. Make sure you edit the +section contains instructions for the different pages in the template. Ensure you edit the instructions in the correct section, or they may be displayed on the wrong page. The text_long and text_short classes are used in page instructions to tailor content to the screen size. @@ -143,10 +143,10 @@ normally caused by invalid user input. Validation error messages are defined in the relevant template (en_enroll.htm, en_reset.htm, en_unlock.htm, or en_change.htm). The error messages are in the resource strings section near the end of the file. Some messages are defined in more than one file, so you may need to edit several -files to change all instances of a message. See the Resource Strings topic for more information. +files to change all instances of a message. See the [Resource Strings](#resource-strings) topic for details on editing message text. You may see placeholders like %1 and %2 in some error messages. These are replaced with more -information about the error. You should keep these, but you can delete them if you do not want them. +information about the error. You should keep these, but you can delete them if you don't want them. | String | Message | | --------------------------- | ----------------------------------------------- | @@ -157,12 +157,12 @@ information about the error. You should keep these, but you can delete them if y ### Edit Critical Error Messages All the critical error messages are defined in en_error.htm. The messages are in the resource -strings section near the end of the file. See the Resource Strings topic for more information. +strings section near the end of the file. See the [Resource Strings](#resource-strings) topic for details on editing message text. ![using_npr_13](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) You may see placeholders like %1 and %2 in some error messages. These are replaced with more -information about the error. You should keep these, but you can delete them if you do not want them. +information about the error. You should keep these, but you can delete them if you don't want them. | String | Message | | --------------------- | ----------------------------------------------------- | @@ -170,7 +170,7 @@ information about the error. You should keep these, but you can delete them if y | `@RES_LOCKED_OUT_AD` | `Your account is locked because an incorrect passwo…` | | `@RES_REQUEST_FAILED` | `The server %1 could not handle your request. Pleas…` | -If you want to display some text for all error messages, then insert your text above or below the +To display text for all error messages, insert your text above or below the `

{/*ERROR*/}

` line. For example: ```html @@ -182,14 +182,14 @@ If you want to display some text for all error messages, then insert your text a Finished messages are shown after users successfully complete an enroll, reset, unlock, or change. These messages are defined in the Resource Strings section near the end of `en_finished.htm`. See -the Resource Strings topic for more information. +the [Resource Strings](#resource-strings) topic for details on editing message text. ![using_npr_9](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) `en_finished.htm` has two resource strings for password changes (RES_FINISHED_CHANGE and RES_FINISHED_CHANGE_INVITE). The first is shown when a user who has enrolled into NPR changes their password. The second is shown when a user who has not enrolled changes their password. The second -message invites the user to enroll so they can also use the reset and unlock features in future. +message invites the user to enroll so they can also use the reset and unlock features. ### Replace Enroll Question Lists with Text Boxes @@ -202,7 +202,7 @@ The lines you need to edit in en_enroll.htm look like this: `` There are ten of these lines in en_enroll.htm, each with their own question number (the number after -the q). You do not have to edit all ten lines. If users will be allowed to enter two questions, then +the q). You don't have to edit all ten lines. If users will be allowed to enter two questions, then only edit the q1 and q2 lines. Replace these lines with a line like this: `` @@ -239,7 +239,7 @@ browser's cache to see the changes. ### Change Icon Colors The Web Interface icons are in Scalable Vector Graphics (SVG) format. Vector graphics maintain their -sharpness when resized. You can easily change the colors of the icons with a text editor. Open the +sharpness when resized. You can change the colors of the icons with a text editor. Open the SVG file with a text editor like Notepad, and edit this section of the file: `fill="#FF7F00"` @@ -249,8 +249,8 @@ this one to generate the color code: [https://www.w3schools.com/colors/colors_picker.asp](https://www.w3schools.com/colors/colors_picker.asp) :::note -Some old web browsers with basic HTML5 support cannot display SVG images. Password Reset -works with these browsers, but the SVG images are not shown. You can convert the icons to GIF or PNG +Some old web browsers with basic HTML5 support can't display SVG images. Password Reset +works with these browsers, but the SVG images aren't shown. You can convert the icons to GIF or PNG format if you want them shown on these older browsers. ::: diff --git a/docs/passwordreset/3.3/administration/installation.md b/docs/passwordreset/3.3/administration/installation.md index 7f30c07585..094b495ba2 100644 --- a/docs/passwordreset/3.3/administration/installation.md +++ b/docs/passwordreset/3.3/administration/installation.md @@ -41,7 +41,7 @@ the credentials are valid. :::note Microsoft SQL Server Compact is installed with the Password Reset Server. SQL Server Compact is free to use, and should only be removed if you move the database to SQL Server. SQL -Server Compact is an embedded database. Unlike SQL Server, you do not need to configure or manage +Server Compact is an embedded database. Unlike SQL Server, you don't need to configure or manage it. See the [Working with the Database](/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md) topic for additional information. ::: @@ -85,26 +85,25 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Accept the terms, then click **Next**. **Step 5 –** Select the **All Components** option, and then click **Next**. **Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. **Step 7 –** Enter a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. +account. The account is created and added to the Domain Admins group if it doesn't exist. :::note You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the +account, ensure it has the required permissions. See the [Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic for additional information. ::: **Step 8 –** Click **Next**. -**Step 9 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Step 9 –** Select an **IIS Web Site** from the dropdown list, and optionally change the default **Virtual Directory** for the Web Interface. :::note @@ -159,22 +158,21 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Accept the terms, then click **Next**. **Step 5 –** Select the Server **Only option**, and then click **Next**. **Step 6 –** Type a **User Name**, **Domain**, and **Password** for the Password Reset service -account. The account will be created and added to the Domain Admins group if it does not exist. +account. The account is created and added to the Domain Admins group if it doesn't exist. :::note You can remove the account from the Domain Admins group later. If using an existing -account, make sure it has the required permissions. See the +account, ensure it has the required permissions. See the [Securing Password Reset](/docs/passwordreset/3.3/administration/securing_password_reset.md) topic for additional information. ::: -**Step 7 –** Make sure the **Create Windows Firewall Exception for the NPR Server service** check +**Step 7 –** Ensure the **Create Windows Firewall Exception for the NPR Server service** check box is selected, and then click **Next** twice. **Step 8 –** Wait for the Password Reset Server to install, and then click **Finish**. @@ -201,14 +199,13 @@ is detected. Backup the files, and then click **Next**. **Step 3 –** Click **Next**. -**Step 4 –** Read the License Agreement. Click **I accept the terms of the license agreement**, and -then click **Next** if you accept all the terms. +**Step 4 –** Read the License Agreement. Accept the terms, then click **Next**. **Step 5 –** Select the **Web Interface Only** option, and then click **Next**. **Step 6 –** The Setup wizard may offer to install IIS. Click **OK** to install IIS. -**Step 7 –** Select an **IIS Web Site** from the drop-down list, and optionally change the default +**Step 7 –** Select an **IIS Web Site** from the dropdown list, and optionally change the default **Virtual Directory** for the Web Interface. The Web Interface should be installed in its own virtual directory. @@ -227,8 +224,8 @@ installed the Password Reset Server onto. ![installing_npr_1](/images/passwordpolicyenforcer/11.0/passwordreset/administration/installing_npr_1.webp) The Password Reset Setup wizard only installs one Web Interface on each server, but you can copy the -files to another directory and publish several Web Interfaces from one server. This allows you to -present different user interfaces from each directory. The Web Interfaces all communicate with the +files to another directory and publish several Web Interfaces from one server. Each directory can +present a different user interface. The Web Interfaces all communicate with the same NPR Server because there is only one ServerIP value. Follow the steps below to configure the Web Interfaces to communicate with different Password Reset @@ -256,7 +253,7 @@ recommended if you have not installed NPR before. ### Before You Begin -The database files are not overwritten during an upgrade, but you should still create a backup +The database files aren't overwritten during an upgrade, but you should still create a backup before upgrading. See the [Backing up the Database](/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md#backing-up-the-database) topic for additional information. @@ -266,14 +263,14 @@ Interface files before upgrading**. The Web Interface files are installed in the `\Inetpub\wwwroot\pwreset\` folder by default. :::note -A full backup of the NPR server(s) is recommended. This allows you to roll back to the -previous version if the upgrade cannot be completed. +A full backup of the NPR servers is recommended. Rolling back to the previous version +is possible if the upgrade can't be completed. You may need to restart Windows after upgrading. ::: -If Password Reset was originally installed by someone else and you do not have their installation -notes, then read the Installation topic before you begin. Also make sure you know the password for +If Password Reset was originally installed by someone else and you don't have their installation +notes, then read the Installation topic before you begin. Also ensure you know the password for the Password Reset Server service account as you will need it during the upgrade. ### Upgrading to V3.3 @@ -285,12 +282,12 @@ If the Password Reset Server and Web Interface are installed on different server servers before using the new version. The Password Reset Server and Web Interface are only tested with matching versions. -Restore any customized Web Interface files after upgrading. Do not restore APR.dll from the backup +Restore any customized Web Interface files after upgrading. Don't restore APR.dll from the backup as it belongs to the previous version. You should keep a copy of the original Web Interface files and compare them with the files from the previous version using a file comparison tool. Any changes between versions should be merged into your customized files. -The Password Reset V3.30 data console does not read the VerificationCode or EnrollRecord columns +The Password Reset V3.30 data console doesn't read the VerificationCode or EnrollRecord columns from the User table on SQL Server. Access to these columns can be denied for Data Console users after upgrading all instances of the Data Console. See the [Using the Data Console](/docs/passwordreset/3.3/administration/usingthedataconsole/using_the_data_console.md) topic for additional information. @@ -302,9 +299,9 @@ trial run on a lab network is recommended, especially if you are customizing the the [Editing the HTML Templates](/docs/passwordreset/3.3/administration/editing_the_html_templates.md) topic for additional information. :::warning -Due to a protocol upgrade, Netwrix Password Reset v3.3 is not compatible with Netwrix +Due to a protocol upgrade, Netwrix Password Reset v3.3 isn't compatible with Netwrix Password Policy Enforcer v8.x and earlier versions. If you are using Netwrix Password Reset with any -of those older Netwrix Password Policy Enforcer versions, please consider upgrading Netwrix Password +of those older Netwrix Password Policy Enforcer versions, consider upgrading Netwrix Password Policy Enforcer first to a current version, and only then upgrade Netwrix Password Reset to v3.3 (or later). ::: @@ -312,7 +309,7 @@ later). ### Before You Begin -**Step 1 –** Backup the NPR V2.x server(s). +**Step 1 –** Backup the NPR V2.x servers. **Step 2 –** Close the Data Console if it is open. @@ -325,7 +322,7 @@ information. **Step 1 –** Follow the steps for either Single Server Installation or Multiple Server Installation. If the Web Interface is on a different server, then upgrade it as well. -**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to make sure the data was +**Step 2 –** Open the Data Console, and check the Audit Log and User tabs to ensure the data was imported. **Step 3 –** Open NPR in a web browser and test the Enroll, Reset, and Change features. @@ -340,7 +337,7 @@ imported. The database files are created in the installation folder when NPR is first installed. The default installation folder for NPR V2.x was below the Program Files (x86) folder, but in NPR V3.3 it is -below the Program Files folder. The database files are not moved automatically during an upgrade, so +below the Program Files folder. The database files aren't moved automatically during an upgrade, so you should move them to the new installation folder (or a different folder) after upgrading. Follow the steps below to move the database files to the `\Program Files\Netwrix Password Reset\` @@ -373,7 +370,7 @@ information. Configure Password Reset Client to use IE11 emulation mode Older versions of the Password Reset Client display pages in Internet Explorer 7 emulation mode. -This mode cannot display the new HTML templates correctly. You can upgrade the Password Reset Client +This mode can't display the new HTML templates correctly. You can upgrade the Password Reset Client to the latest version, or configure existing installations to use IE 11 mode. This only works on Windows Vista and later with IE 9 or later. diff --git a/docs/passwordreset/3.3/administration/password_reset_client.md b/docs/passwordreset/3.3/administration/password_reset_client.md index a4452b7c93..bcaf131a30 100644 --- a/docs/passwordreset/3.3/administration/password_reset_client.md +++ b/docs/passwordreset/3.3/administration/password_reset_client.md @@ -6,14 +6,14 @@ sidebar_position: 80 # Password Reset Client -The Password Reset Client allows users to securely reset their password or unlock their account from +With the Password Reset Client, users can securely reset their password or unlock their account from the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password Reset system. ![the_password_reset_client](/images/passwordreset/3.3/administration/the_password_reset_client.webp) :::note -The Password Reset Client does not modify any Windows system files. +The Password Reset Client doesn't modify any Windows system files. ::: @@ -197,13 +197,13 @@ This will help prevent users from navigating to untrusted sites within the Passw **Step 10 –** Close the Group Policy Management Editor. -The new PRC configuration is applied to all computers in the domain. This does not happen +Windows applies the new PRC configuration to all computers in the domain. This doesn't happen immediately, as Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of Group Policy on the local computer with the following command: gpupdate /target:computer The Password Reset Client only opens URLs with .dll, .htm, and .html extensions. URLs without a -filename are not opened. The PRC also blocks some page content, including audio and video files, +filename aren't opened. The PRC also blocks some page content, including audio and video files, ActiveX controls and Java applets. Send an e-mail to [support@netwrix.com ](mailto:support@netwrix.com)if you need to change the default filename and content restrictions. @@ -269,7 +269,7 @@ Editor. **Step 12 –** Close the Group Policy Management Editor. -The license key is applied to all computers in the domain. This does not happen immediately, as +Windows applies the license key to all computers in the domain. This doesn't happen immediately, as Windows takes some time to apply the changes to Group Policy. You can force an immediate refresh of Group Policy on the local computer with the following command: diff --git a/docs/passwordreset/3.3/administration/securing_password_reset.md b/docs/passwordreset/3.3/administration/securing_password_reset.md index 35cae26477..efee67016c 100644 --- a/docs/passwordreset/3.3/administration/securing_password_reset.md +++ b/docs/passwordreset/3.3/administration/securing_password_reset.md @@ -13,13 +13,13 @@ Server. ## Installing and Using an SSL Certificate -The Web Interface and Password Reset Server always communicate over a secure channel. You do not +The Web Interface and Password Reset Server always communicate over a secure channel. You don't have to configure the encryption for this connection, but you do need to set up SSL (Secure Sockets Layer) encryption for the connection between the web browser (or Password Reset Client) and the web -server. See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic for more information. +server. See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic for configuration steps. :::warning -Do not use Password Reset on a production network without SSL encryption. +Don't use Password Reset on a production network without SSL encryption. ::: @@ -28,8 +28,7 @@ certificates from a certificate authority. You can install the Web Interface on already has an SSL certificate if you would rather not purchase another one. Your certificate authority will have instructions to guide you through the certificate request and -installation process. You can also learn more about using SSL certificates with IIS on the pages -below. +installation process. The following pages cover how to set up SSL certificates with IIS. - [http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis](http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis) - [http://technet.microsoft.com/en-us/library/cc732230(WS.10).aspx](http://technet.microsoft.com/en-us/library/cc732230(WS.10).aspx) @@ -37,8 +36,8 @@ below. :::note Ensure that users only access Password Reset over an encrypted connection after the SSL certificate is installed. The Start address and Restricted path in the Password Reset Client -configuration should start with https://. Web browsers can be redirected to the secure URL. See the -[Configuring the PRC](password_reset_client.md#configuring-the-prc) topic for more information. +configuration should start with https://. Web browsers can be redirected to the secure URL. See +[Configuring the PRC](password_reset_client.md#configuring-the-prc) for steps to configure the start address and restricted path. ::: @@ -54,11 +53,11 @@ You can grant Active Directory permissions from the command-line with dsacls.exe graphical user interface. The examples below use the command-line, but you can use either method. The commands you need to execute are: -**dsacls "[object]" /I:S /G "[account]:CA;Reset Password;user"** +`dsacls "[object]" /I:S /G "[account]:CA;Reset Password;user"` -dsacls "[object]" /I:S /G "[account]:RPWP;lockoutTime;user" +`dsacls "[object]" /I:S /G "[account]:RPWP;lockoutTime;user"` -**dsacls "[object]" /I:S /G "[account]:RPWP;pwdLastSet;user"** +`dsacls "[object]" /I:S /G "[account]:RPWP;pwdLastSet;user"` Where [object] is the distinguished name of the domain or OU containing the user accounts, and [account] is the name of the service account in user@domain or domain\user format. @@ -72,30 +71,30 @@ after a reset** option is enabled in the Configuration Console's **Security** ta For example, the following command grants the axs\apr account permission to reset passwords for users in the axs.net domain: -**dsacls "dc=axs,dc=net" /I:S /G "axs\apr:CA;Reset Password;user"** +`dsacls "dc=axs,dc=net" /I:S /G "axs\apr:CA;Reset Password;user"` If Password Reset is configured to use an SQL Server Compact database, then give the service account -read and write permissions to the database files. See the -[Moving to SQL Server](/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md) topic for more information. +read and write permissions to the database files. See +[Moving to SQL Server](/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md) for steps to move the database and configure permissions. Remove the service account from the Domain Admins group and restart the Password Reset service after -executing these commands. Check the Windows Application event log if the service does not start. +executing these commands. Check the Windows Application event log if the service doesn't start. ### Using Delegated Permissions with Protected Groups -When you delegate permissions for the Password Reset service account, the delegated permissions are -initially applied to all users in the domain or OU. After some time, Windows restores the original -permissions for some important user accounts. The restored permissions do not allow Password Reset +When you delegate permissions for the Password Reset service account, Windows initially applies the +delegated permissions to all users in the domain or OU. After some time, Windows restores the original +permissions for some important user accounts. The restored permissions don't allow Password Reset to reset passwords or unlock accounts for these users. The accounts protected by this feature vary by Windows version, and include members of the Domain Admins, Enterprise Admins, and Schema Admins groups. The list of protected groups is configurable, so it may differ from the defaults in the Windows documentation. -If you are using an Password Reset service account with delegated permissions and do not want these +If you are using an Password Reset service account with delegated permissions and don't want these privileged accounts to reset their password or unlock their account with Password Reset, then there is no need to make any configuration changes. Windows automatically restores the original -permissions for these accounts. This is done every hour by default. +permissions for these accounts. Windows does this every hour by default. If you want to allow these users to reset their password and unlock their account with Password Reset, then you need to change the permissions for the AdminSDHolder container. The commands you @@ -113,7 +112,7 @@ The DN of the AdminSDHolder container for the netwrix.com domain is CN=AdminSDHolder,CN=System,DC=netwrix,DC=com :::note -Changes to the AdminSDHolder container are not applied to accounts immediately. You may +Windows doesn't apply changes to the AdminSDHolder container to accounts immediately. You may need to wait up to an hour for Windows to update the DACL for these accounts. You can also start the process manually. Search for runProtectAdminGroupsTask or FixUpInheritance in Microsoft's documentation or more information. diff --git a/docs/passwordreset/3.3/administration/using_password_reset.md b/docs/passwordreset/3.3/administration/using_password_reset.md index c524a1a0e1..ee33ac72b1 100644 --- a/docs/passwordreset/3.3/administration/using_password_reset.md +++ b/docs/passwordreset/3.3/administration/using_password_reset.md @@ -9,7 +9,7 @@ sidebar_position: 20 Netwrix Password Policy Enforcer is a web application. Users can access it from a web browser, or from the Password Reset Client. The default URL for the Web Interface is:` http://[server]/pwreset/` -See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic for more information. +See the [Password Reset Client](/docs/passwordreset/3.3/administration/password_reset_client.md) topic to install and configure the client application. You can use URL parameters to open a specific page, and to set the user and domain names. For example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=johnsmith&domain=CORP` @@ -26,7 +26,7 @@ The connection between the Web Interface and Password Reset Server is always enc Install an SSL certificate on the web server and use HTTPS to encrypt connections from the browser to the web server. See the [Installing and Using an SSL Certificate](securing_password_reset.md#installing-and-using-an-ssl-certificate) -topic for more information. +for steps to install and configure an SSL certificate. ::: @@ -37,7 +37,7 @@ answering some questions about themselves, or they can be enrolled automatically enrollment is enabled. Users only need to enroll once, but they can enroll again if they are locked out of Password Reset, or if they want to change their questions or answers. See the [Verification Codes](/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md#verification-codes) and -[Verification Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md) topics for more information. +[Verification Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md) topics to configure verification code settings and automatic enrollment. Follow the steps below to manually enroll into Password Reset. @@ -48,9 +48,9 @@ Follow the steps below to manually enroll into Password Reset. **Step 2 –** Type a **Username**, **Domain**, and **Password**. **Step 3 –** Type an e-mail address if the **E-mail** text box is visible. See the -[Options](/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md#options) topic for more information. +[Options](/docs/passwordreset/3.3/administration/configuringpasswordreset/enroll_tab.md#options) topic to configure whether an e-mail address is required for enrollment. -**Step 4 –** Select a question from each of the **Question** drop-down lists, and type an answer to +**Step 4 –** Select a question from each of the **Question** dropdown lists, and type an answer to each question in the **Answer** text boxes. **Step 5 –** Click **Next**, and then click **OK** to return to the menu. @@ -82,7 +82,7 @@ questions are answered correctly. ![using_npr_3](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_3.webp) -**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +**Step 4 –** Password Reset may ask you to enter a verification code. The verification code is sent to your phone by e-mail or SMS. Type the **Code**, and then click **Next**. ![using_npr_5](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_5.webp) @@ -113,7 +113,7 @@ questions are answered correctly. ![using_npr_8](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_8.webp) -**Step 4 –** You may be asked to enter a verification code. The verification code is sent to your +**Step 4 –** Password Reset may ask you to enter a verification code. The verification code is sent to your phone by e-mail or SMS. Type the **Code**, and then click **Next**. ![using_npr_9](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_9.webp) @@ -122,8 +122,8 @@ phone by e-mail or SMS. Type the **Code**, and then click **Next**. :::note The Unlock feature unlocks accounts in Active Directory. Users who are locked out of -Password Reset should re-enroll to gain access to Password Reset. See the -[Verification Codes](/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md#verification-codes) topic for more information. +Password Reset should re-enroll to gain access to Password Reset. See +[Verification Codes](/docs/passwordreset/3.3/administration/configuringpasswordreset/verification_tab.md#verification-codes) for details on automatic enrollment and lockout behavior. ::: @@ -155,14 +155,14 @@ policy is enabled. ## Error Messages -Validation errors are shown in a red box below the page instructions. Validation errors are normally -caused by invalid user input. They can often be overcome by changing the value of one or more input +Validation errors appear in a red box below the page instructions. Validation errors are normally +caused by invalid user input. You can often resolve them by changing the value of one or more input fields and resubmitting the form. ![using_npr_12](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_12.webp) -Critical errors are shown on their own page. These errors are mostly a result of configuration or -system errors. An event may be written to the Windows Application event log on the Password Reset +Critical errors appear on their own page. These errors are mostly a result of configuration or +system errors. Password Reset may write an event to the Windows Application event log on the Password Reset Server computer when a critical error occurs. Users can sometimes overcome a critical error by following the instructions in the error message, but most critical errors are beyond the user's control. @@ -170,5 +170,5 @@ control. ![using_npr_13](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_npr_13.webp) Validation and critical error messages are stored in the HTML templates. You can modify the default -messages by editing the templates. See the -[Resource Strings](editing_the_html_templates.md#resource-strings) topic for more information. +messages by editing the templates. See +[Resource Strings](editing_the_html_templates.md#resource-strings) for details on editing validation and error message text. diff --git a/docs/passwordreset/3.3/administration/usingthedataconsole/filter_editor.md b/docs/passwordreset/3.3/administration/usingthedataconsole/filter_editor.md index 68ed9e58f5..f144b1a6e8 100644 --- a/docs/passwordreset/3.3/administration/usingthedataconsole/filter_editor.md +++ b/docs/passwordreset/3.3/administration/usingthedataconsole/filter_editor.md @@ -13,14 +13,14 @@ Editor** button in the lower right corner of the Data Console. ![using_the_data_console_9](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) A filter may contain several conditions. Conditions start with a column name, followed by an -operator, and sometimes a value. Column names are shown in green, operators in maroon, and values in +operator, and sometimes a value. The Filter Editor shows column names in green, operators in maroon, and values in blue. -A filter also contains a root node and optionally one or more groups. These are used to include -Boolean operators in the filter. Boolean operators are shown in red. Grouped conditions are +A filter also contains a root node and optionally one or more groups. These include +Boolean operators in the filter. The Filter Editor shows Boolean operators in red. Grouped conditions are indented. -The filter in the image above contains the root node, one group, and four conditions. It will show +The filter in the image contains the root node, one group, and four conditions. It shows all reset requests in the last fourteen days originating from IP addresses starting with 192.168.115 or 192.168.119. diff --git a/docs/passwordreset/3.3/administration/usingthedataconsole/filtering_data.md b/docs/passwordreset/3.3/administration/usingthedataconsole/filtering_data.md index fbcd725001..11f3445024 100644 --- a/docs/passwordreset/3.3/administration/usingthedataconsole/filtering_data.md +++ b/docs/passwordreset/3.3/administration/usingthedataconsole/filtering_data.md @@ -6,11 +6,11 @@ sidebar_position: 10 # Filtering Data -The Data Console can show thousands of records, but only some of them will be of interest to you at +The Data Console can show thousands of records, but only some are of interest at any time. Filters let you focus on the important information. You can create simple filters by typing values directly into the filter row, or by selecting values -from Filtering by Column Values. More complex filters are created with the Custom Filters and +from Filtering by Column Values. Create more complex filters with the Custom Filters and [Filter Editor](/docs/passwordreset/3.3/administration/usingthedataconsole/filter_editor.md) windows. ### The Filter Row @@ -21,21 +21,21 @@ values directly into this row. ![using_the_data_console_3](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_3.webp) The Filter Row is empty when you first open the Data Console. To create a filter, click the **Filter -Row** in the column you wish to filter. A cursor will appear. Type a value, and then press **ENTER** +Row** in the column you want to filter. A cursor appears. Type a value, and then press **ENTER** or **TAB**. -Click the button to shown an editor or selector that helps you enter a value. Values can include +Click the button to show an editor or selector that helps you enter a value. Values can include wildcard characters. Use a ? to match any single character, or a \* to match more than one character. ![using_the_data_console_4](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_4.webp) -The image above shows a filter on the Date, Source, and Source IP columns. Only password reset -events on 2/5/2015 originating from IP addresses starting with 192.168.115 are shown. The small blue +The image shows a filter on the Date, Source, and Source IP columns. Only password reset +events on 2/5/2015 originating from IP addresses starting with 192.168.115 appear. The small blue icons in the column headers show which columns have active filters. :::note -Rows are shown only if they match all filter values (logical AND). Use the custom filter +The Data Console shows only rows that match all filter values (logical AND). Use the custom filter or the filter editor windows for a logical OR filter. ::: @@ -72,15 +72,15 @@ filters. Click **(Custom...)** in a column header's value list to create a custo ![using_the_data_console_8](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_8.webp) Custom filters can contain one or two conditions for each column. Select an operator for the first -condition from the drop-down list below the column name. Only relevant operators are shown for each +condition from the drop-down list below the column name. The list shows only relevant operators for each column. Type a value for the condition in the text box beside the operator. The text box may have a button -on the right. Click the button to shown an editor or selector that will help you enter a value. +on the right. Click the button to show an editor or selector that helps you enter a value. Values can include wildcard characters. Use a ? to match any single character, or a \* to match more than one character. -Select the **AND** or **OR** operator if the filter will have two conditions. Select **AND** if the +Select the **AND** or **OR** operator if the filter has two conditions. Select **AND** if the filter should only show rows that meet both conditions. Select **OR** if the filter should show rows that meet either condition. @@ -88,7 +88,7 @@ Select an operator and value for the second condition, or leave them blank if yo one condition. Click **OK** to close the Custom Filter window and apply the filter. :::note -The Filter Editor is shown instead of the Custom Filter window if the current filter is +The Filter Editor appears instead of the Custom Filter window if the current filter is too complex for the Custom Filter window. ::: @@ -114,7 +114,7 @@ A drop-down button appears to the right of the filter. Click it to select a rece You can export the visible rows to Microsoft Excel, HTML, text, and XML formats. -Follow the steps below to export the visible rows in the current tab. +To export the visible rows in the current tab: **Step 1 –** Click the **Audit Log** or **Users** tab. @@ -130,14 +130,13 @@ The default file type is .xlsx. ## Deleting Users -Users are automatically deleted from Password Reset's database approximately one week after they are -deleted from Active Directory. You can also manually delete users from the Data Console. +Password Reset automatically deletes users from its database approximately one week after Active Directory deletes them. You can also manually delete users from the Data Console. -Follow the steps below to delete a user. +To delete a user: **Step 1 –** Click the **Users** tab. -**Step 2 –** Select the user(s) you wish to delete. +**Step 2 –** Select the users to delete. **Step 3 –** Press the **DELETE** key, and then click **OK**. diff --git a/docs/passwordreset/3.3/administration/usingthedataconsole/using_the_data_console.md b/docs/passwordreset/3.3/administration/usingthedataconsole/using_the_data_console.md index fb10b34ea1..fbb8dc7a84 100644 --- a/docs/passwordreset/3.3/administration/usingthedataconsole/using_the_data_console.md +++ b/docs/passwordreset/3.3/administration/usingthedataconsole/using_the_data_console.md @@ -10,8 +10,7 @@ The Data Console allows you to view and export data collected by Password Reset. **Netwrix Password Reset** > **NPR Data Console** to open the console. The Data Console has three tabs. The **Recent Activity** tab shows a chart of recent requests. The -chart is empty when Password Reset is first installed, but it will populate itself as the system is -used. +chart is empty when Password Reset is first installed, but populates as the system is used. ![using_the_data_console](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console.webp) @@ -38,7 +37,7 @@ The **Audit Log** tab has nine columns: - Source IP — The request's source IP address - Source User — The request's source username (blank if anonymous access is enabled) -The **Users** tab contains Information about each user. All users are shown by default, but you can +The **Users** tab contains information about each user. The tab shows all users by default, but you can create filters to find specific users. ![using_the_data_console_2](/images/passwordreset/3.3/administration/using_the_data_console_2.webp) diff --git a/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md b/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md index b834c83f38..9f7b2c0bf5 100644 --- a/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md +++ b/docs/passwordreset/3.3/administration/workingwiththedatabase/moving_to_sql_server.md @@ -6,14 +6,12 @@ sidebar_position: 10 # Moving to SQL Server -Some planning is needed before moving the database to SQL Server. A trial run on a lab network is -recommended. You can run the Data Copy wizard more than once if you cannot complete the move on the +Plan the database move to SQL Server before proceeding. A trial run on a lab network is recommended. You can run the Data Copy wizard more than once if you cannot complete the move on the first attempt. A move back to SQL Server Compact is also possible. ### Create the Database -Your database administrator needs to set up the SQL Server database. The instructions below are an -overview of the procedure, they are not step-by-step instructions. NPR V3.30 has been tested with +Your database administrator needs to set up the SQL Server database. The following instructions provide an overview of the procedure, not step-by-step guidance. NPR V3.30 has been tested with SQL Server 2012 to 2019. Follow the instructions below for an overview of the procedure. @@ -45,8 +43,7 @@ by the Data Console. ### Create the Tables and Copy the Data The Data Copy wizard creates the database tables and copies the data to SQL Server. You must run the -wizard even if the SQL Server Compact database is empty. Data in the destination database is deleted -before it is copied from the source database. +wizard even if the SQL Server Compact database is empty. The wizard deletes data in the destination database before copying it from the source database. Follow the steps below to create the tables and copy the data. @@ -81,9 +78,7 @@ The SQL Server Native Client must be installed if **Trust server certificate** i ### Configure Netwrix Password Reset to Connect to SQL Server -Configure Password Reset to connect to SQL Server immediately after copying the data. If the cutover -is delayed, then run the Data Copy wizard again to update the SQL Server database with the latest -data. To configure Password Reset to connect to SQL Server: +Configure Password Reset to connect to SQL Server immediately after copying the data. Run the Data Copy wizard again if the cutover is delayed, to update the SQL Server database with the latest data. To configure Password Reset to connect to SQL Server: **Step 1 –** Open the Configuration Console. @@ -103,8 +98,7 @@ option should be selected to protect user information. **Step 8 –** Select the **Trust server certificate** option if SQL Server is using a self-signed certificate. SQL Server uses a self-signed certificate if a trusted certificate is not installed. -Password Reset cannot connect to SQL Server with a self-signed certificate if this option is not -selected. The SQL Server Native Client must be installed if **Trust server certificate** is +Select this option to allow Password Reset to connect to SQL Server with a self-signed certificate. The SQL Server Native Client must be installed if **Trust server certificate** is selected. **Step 9 –** Click **OK**, and then click **Apply**. @@ -115,8 +109,7 @@ can change the database back to SQL Server Compact while you troubleshoot the is ### Other Tasks -Open the Data Console and set your SQL Server connection options. You will need to enter a password -every time you open the Data Console if **SQL Server Authentication** is selected. The Data Console +Open the Data Console and set your SQL Server connection options. You need to enter a password every time you open the Data Console if **SQL Server Authentication** is selected. The Data Console executable and help file (APRDC.exe and CHM_NPR.chm) can be copied to the computers of other users who will use the Data Console. diff --git a/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md b/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md index 179962db4c..90c8e13271 100644 --- a/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md +++ b/docs/passwordreset/3.3/administration/workingwiththedatabase/working_with_the_database.md @@ -27,8 +27,7 @@ See solutions to these disadvantages in the [Moving to SQL Server](/docs/passwor ## Backing up the Database -The database should be backed up regularly. The instructions below are for a SQL Server Compact -database. If using SQL Server, then use your backup software to backup the database. +Back up the database regularly. The following instructions apply to a SQL Server Compact database. To back up a SQL Server database, use your backup software. Follow the steps below for the recommended backup procedure. diff --git a/docs/passwordreset/3.3/evaluation/conclusion.md b/docs/passwordreset/3.3/evaluation/conclusion.md index f6328b1421..0a923c7c16 100644 --- a/docs/passwordreset/3.3/evaluation/conclusion.md +++ b/docs/passwordreset/3.3/evaluation/conclusion.md @@ -6,7 +6,7 @@ sidebar_position: 70 # Conclusion -Congratulations! You have successfully installed, configured, and used Netwrix Password Reset. This +You have successfully installed, configured, and used Netwrix Password Reset. This brief guide has introduced you to Password Reset, but you can do much more with it. The Administrator's Guide covers many more topics, including: @@ -19,7 +19,7 @@ Administrator's Guide covers many more topics, including: - Creating complex filters in the Data Console. - Modifying the user interface and error messages. -You can learn more about Password Reset and Password Policy Enforcer at -[www.netwrix.com/password_policy_enforcer](https://www.netwrix.com/password_policy_enforcer.html). +Visit the [Netwrix Password Policy Enforcer product page](https://www.netwrix.com/password_policy_enforcer.html) +to learn about Password Reset and Password Policy Enforcer features, licensing, and downloads. -Please [contact Netwrix support](mailto:support@netwrix.com) if you have any questions. +[Contact Netwrix support](mailto:support@netwrix.com) if you have any questions. diff --git a/docs/passwordreset/3.3/evaluation/configuring_password_reset.md b/docs/passwordreset/3.3/evaluation/configuring_password_reset.md index 342c43bf8e..dc6feed127 100644 --- a/docs/passwordreset/3.3/evaluation/configuring_password_reset.md +++ b/docs/passwordreset/3.3/evaluation/configuring_password_reset.md @@ -16,12 +16,11 @@ The Configuration Console has a tabbed layout. Click the tabs along the top to s settings. Most of the settings are self-explanatory. Press **F1** on any of the tabs to see the help page for the current tab. -Configuration changes are applied when you click **Apply** or **OK**. Clicking **OK** also closes -the Configuration Console. +Password Reset applies configuration changes when you click **Apply** or **OK**. Clicking **OK** also closes the Configuration Console. :::note Password Reset includes a 30-day evaluation license for up to 50 users. -Please[ contact Netwrix support](mailto:support@netwrix.com) if you would like to evaluate Netwrix +[Contact Netwrix support](mailto:support@netwrix.com) if you would like to evaluate Netwrix Password Reset with more than 50 users. ::: diff --git a/docs/passwordreset/3.3/evaluation/data_console.md b/docs/passwordreset/3.3/evaluation/data_console.md index 00193f063a..1775d07a94 100644 --- a/docs/passwordreset/3.3/evaluation/data_console.md +++ b/docs/passwordreset/3.3/evaluation/data_console.md @@ -6,11 +6,10 @@ sidebar_position: 40 # Data Console -The Data Console allows you to view and export data collected by NPR. Click **Start** > **Netwrix +Use the Data Console to view and export data collected by NPR. Click **Start** > **Netwrix Password Reset** > **NPRData Console** to open the console. -The Data Console has three tabs. The Recent Activity tab shows a chart of recent requests. The chart -is empty when Password Reset is first installed, but it will populate itself as the system is used. +The Data Console has three tabs. The Recent Activity tab shows a chart of recent requests. The chart is empty when Password Reset is first installed, but it populates as the system is used. ![the_data_console](/images/passwordreset/3.3/evaluation/the_data_console.webp) @@ -18,7 +17,7 @@ The bars in the chart show how many successful enrollments, resets, unlocks, and every day. You can click the bars to see a filtered view of the events for that day. The Audit Log tab contains all the events recorded by Password Reset. You can create filters to show -only some of the events. Filters are very flexible and easy to create. +only some of the events. Filters are flexible. ![the_data_console_1](/images/passwordpolicyenforcer/11.0/passwordreset/administration/using_the_data_console_9.webp) diff --git a/docs/passwordreset/3.3/evaluation/evaluation_overview.md b/docs/passwordreset/3.3/evaluation/evaluation_overview.md index 85e8beecd7..7b53b76b7b 100644 --- a/docs/passwordreset/3.3/evaluation/evaluation_overview.md +++ b/docs/passwordreset/3.3/evaluation/evaluation_overview.md @@ -7,14 +7,14 @@ sidebar_position: 30 # Evaluation Password Reset is a self-service password management system that helps organizations to reduce the -number of password related help desk calls. Password Reset allows users to securely change their -password and unlock their account, even if they have forgotten their password. +number of password related help desk calls. Users can securely change their +password and unlock their account with Password Reset, even if they have forgotten their password. This Evaluator's Guide shows you how to quickly install, configure, and test Password Reset. You should read this guide if you are evaluating Password Reset, or if you are using Password Reset for the first time. -Please [contact Netwrix support](mailto:support@netwrix.com) if you have any questions, or if you +[Contact Netwrix support](mailto:support@netwrix.com) if you have any questions or if you encounter any problems during your evaluation. ![introduction_1_1](/images/passwordpolicyenforcer/11.0/passwordreset/evaluation/introduction_1_1.webp) diff --git a/docs/passwordreset/3.3/evaluation/installation.md b/docs/passwordreset/3.3/evaluation/installation.md index fc2633210c..e145c0dd2d 100644 --- a/docs/passwordreset/3.3/evaluation/installation.md +++ b/docs/passwordreset/3.3/evaluation/installation.md @@ -9,7 +9,7 @@ sidebar_position: 10 Password Reset has two server components, and an optional client. See the [Password Reset Client](/docs/passwordreset/3.3/evaluation/password_reset_client.md) topic for additional information. Both server components can be installed on one server, or they may be installed on separate servers if your web -server is in a DMZ. As the evaluation server is not in a DMZ, we will install both components on one +server is in a DMZ. As the evaluation server isn't in a DMZ, both components can be installed on one server. The Web Interface is the component that users interact with. It accepts user requests, encrypts @@ -28,7 +28,7 @@ Follow the steps below to install Password Reset on the server. **Step 2 –** Click **Next**. -**Step 3 –** Read the license agreement. Click **I accept the terms of the license agreement**. +**Step 3 –** Read the license agreement. Select the checkbox to accept the license agreement terms, then click **Next**. Click **Next** if you accept all terms. **Step 4 –** Click **Next**, then click **OK** to install IIS, if asked. diff --git a/docs/passwordreset/3.3/evaluation/password_reset_client.md b/docs/passwordreset/3.3/evaluation/password_reset_client.md index 425894d73b..7c2b5ad790 100644 --- a/docs/passwordreset/3.3/evaluation/password_reset_client.md +++ b/docs/passwordreset/3.3/evaluation/password_reset_client.md @@ -6,17 +6,17 @@ sidebar_position: 50 # Password Reset Client -The Password Reset Client allows users to securely reset their password or unlock their account from -the Windows Logon and Unlock Computer screens. Users click **Reset Password** to access the Password +Users can securely reset their password or unlock their account from the Windows Logon and Unlock +Computer screens with the Password Reset Client. Users click **Reset Password** to access the Password Reset system. ![the_password_reset_client_1](/images/passwordreset/3.3/evaluation/the_password_reset_client_1.webp) -The Password Reset Client does not modify any Windows system files. +The Password Reset Client doesn't modify any Windows system files. The Password Reset Client is normally deployed with Group Policy, Microsoft System Center Configuration Manager, or some other software deployment tool. It takes about 15 minutes to set up -an automated deployment, so we will install the PRC manually for the evaluation. +an automated deployment, so this guide covers manual installation for the evaluation. ## Installing the PRC @@ -28,12 +28,11 @@ Follow the steps below to install the PRC. **Step 3 –** Click **Next**. -**Step 4 –** Read the license agreement. Click **I accept the license agreement**. Click **Next** if -you accept all the terms. +**Step 4 –** Read the license agreement. Select the checkbox to accept the license agreement terms, then click **Next**. **Step 5 –** Click **Next**. -**Step 6 –** Once the Password Reset Client is installed, click **Finish**. +**Step 6 –** After the Password Reset Client is installed, click **Finish**. **Step 7 –** Click **Yes** is asked to restart the computer. @@ -43,8 +42,8 @@ evaluation. ## Configuring the PRC The Password Reset Client is normally configured with an Active Directory administrative template. -This allows you to centrally configure all computers in the domain. It takes about 15 minutes to set -up the Administrative Template, so we will configure the PRC by importing the settings into the +With an administrative template, you can centrally configure all computers in the domain. It takes about 15 minutes to set +up the administrative template, so this guide covers configuring the PRC by importing the settings into the registry for the evaluation. **Step 1 –** Download the sample configuration from the following link: @@ -72,7 +71,7 @@ when asked to confirm. Repeat this step on any client computers being used for t :::note You must import the configuration settings into the registry whenever you edit -PRC_Config.reg, otherwise the old settings will remain. +PRC_Config.reg, otherwise the old settings remain. ::: diff --git a/docs/passwordreset/3.3/evaluation/using.md b/docs/passwordreset/3.3/evaluation/using.md index 422924ebcd..4e5de633b5 100644 --- a/docs/passwordreset/3.3/evaluation/using.md +++ b/docs/passwordreset/3.3/evaluation/using.md @@ -15,13 +15,12 @@ users choose strong passwords. Password Reset can integrate with Password Policy Enforcer to help users choose a compliant password. Password Reset displays the Password Policy Enforcer password policy message when a user is prompted for their new password, and the Password Policy Enforcer rejection message if the new -password does not comply with the password policy. +password doesn't comply with the password policy. ![using_npr_with_password_policy_1](/images/passwordreset/3.3/evaluation/using_npr_with_password_policy_1.webp) -Select the **Password Policy Enforcer integration** check box in the General tab of the Password +Select the **Password Policy Enforcer integration** checkbox in the General tab of the Password Reset Configuration Console if you have installed and configured Password Policy Enforcer. The -Password Policy Enforcer Evaluator's Guide will help you to install and configure Password Policy -Enforcer if you are not currently using it. +Password Policy Enforcer Evaluator's Guide helps you install and configure Password Policy Enforcer if you aren't using it. -An Password Reset license does not include a Password Policy Enforcer license. See the Password Policy Enforcer documentation for additional information. +A Password Reset license doesn't include a Password Policy Enforcer license. See the Password Policy Enforcer documentation for additional information. diff --git a/docs/passwordreset/3.3/evaluation/using_password_reset.md b/docs/passwordreset/3.3/evaluation/using_password_reset.md index 10ff2a8d01..ce129cf016 100644 --- a/docs/passwordreset/3.3/evaluation/using_password_reset.md +++ b/docs/passwordreset/3.3/evaluation/using_password_reset.md @@ -83,8 +83,7 @@ Follow the steps below to change a password. **Step 3 –** Enter the **Old Password**, **New Password**, and **Confirm Password** in the respective field. Click **Next**. -Password Reset's user interface is built with customizable templates. You can easily modify the user -interface by editing the templates. Even the error messages are defined in the templates, so you can +Password Reset's user interface is built with customizable templates. You can modify the user interface by editing the templates. Even the error messages are defined in the templates, so you can edit those too. See the [Editing the HTML Templates](/docs/passwordreset/3.3/administration/editing_the_html_templates.md) topic of the Administrator's Guide for additional information. diff --git a/docs/passwordreset/3.3/what_new.md b/docs/passwordreset/3.3/what_new.md index 87ba99dcd3..2d0a2f5463 100644 --- a/docs/passwordreset/3.3/what_new.md +++ b/docs/passwordreset/3.3/what_new.md @@ -12,27 +12,18 @@ Netwrix Password Reset v3.3 includes the following improvements: ### Enhancements -• **Updated branding** — The product has been updated to reflect the Netwrix brand. +• **Updated branding** — The product now reflects the Netwrix brand. • **Increased protocol requirement to version 9.0 or higher** — Due to a protocol upgrade, Netwrix Password Reset v3.3 is not compatible with Netwrix Password Policy Enforcer v8.x and earlier -versions. If you are using Netwrix Password Reset with any of those older Netwrix Password Policy -Enforcer versions, please consider upgrading Netwrix Password Policy Enforcer first to a current -version, and only then upgrade Netwrix Password Reset to v3.3 (or later). +versions. If you are using Netwrix Password Reset with any of those older Netwrix Password Policy Enforcer versions, upgrade Netwrix Password Policy Enforcer to a current version before upgrading Netwrix Password Reset to v3.3 or later. -Older versions of Netwrix Password Policy Enforcer can still enforce the policy, but Netwrix -Password Reset 3.3 will not get the policy and rejection messages or enforce the Similarity rule -from Netwrix Password Policy Enforcer versions older than 9.0. See the [General Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md) +Older versions of Netwrix Password Policy Enforcer can still enforce the policy, but Netwrix Password Reset 3.3 does not get the policy and rejection messages or enforce the Similarity rule from Netwrix Password Policy Enforcer versions older than 9.0. See the [General Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md) topic for more information. -• **Option to enable PPC protocol encryption** — Due to a protocol upgrade, it is now recommended to -enable protocol encryption for clients. To do so, please navigate to PPS Properties in your Netwrix -Password Policy Enforcer server configuration, and enable "Only accept encrypted client request". +• **Option to enable PPC protocol encryption** — Due to a protocol upgrade, Netwrix recommends enabling protocol encryption for clients. To do so, go to PPS Properties in your Netwrix Password Policy Enforcer server configuration and enable "Only accept encrypted client request". -Please do not enable this option if you are using Netwrix Password Reset v3.3 with Netwrix Password -Policy Enforcer v8.x or earlier versions, or with Netwrix Password Policy Enforcer/Web. If you are -using Netwrix Password Reset v3.3 with any of those older versions of Netwrix Password Policy -Enforcer, please consider upgrading first to a current and supported version. See the +Do not enable this option if you are using Netwrix Password Reset v3.3 with Netwrix Password Policy Enforcer v8.x or earlier versions, or with Netwrix Password Policy Enforcer/Web. If you are using Netwrix Password Reset v3.3 with any of those older versions of Netwrix Password Policy Enforcer, upgrade to a current and supported version first. See the [General Tab](/docs/passwordreset/3.3/administration/configuringpasswordreset/general_tab.md) topic for more information. • **Enabled ‘ServerMayChangeIPAddress’ for PPC queries** — This ensures that Netwrix Password Reset diff --git a/docs/passwordreset/CLAUDE.md b/docs/passwordreset/CLAUDE.md new file mode 100644 index 0000000000..f0958a616c --- /dev/null +++ b/docs/passwordreset/CLAUDE.md @@ -0,0 +1,54 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Product Overview + +Netwrix Password Reset (NPR) is a self-service password management system that reduces password-related help desk calls. It allows users to securely change their passwords and unlock their Active Directory accounts, even after forgetting their passwords. The product runs on Windows Server with IIS, communicating over UDP port 5100 between the Web Interface and the Password Reset Server. + +## Versions + +Two versions are maintained in this directory: + +| Version | Path | Status | Notes | +|---------|------|--------|-------| +| 3.3 | `3.3/` | Latest (default) | Deeper content structure with subdirectories | +| 3.23 | `3.23/` | Older | Flatter structure, fewer files | + +Edits to one version do not propagate to the other. Update each version that needs the change. + +## Structure Differences Between Versions + +Version 3.3 has a deeper directory hierarchy than 3.23: + +- **3.3** splits configuration into `administration/configuringpasswordreset/` (7 tab-specific files: general, enroll, email, verification, security, permissions, about), data console into `administration/usingthedataconsole/` (3 files), and database into `administration/workingwiththedatabase/` (2 files). Also includes `what_new.md`. +- **3.23** keeps these as single flat files under `administration/` (e.g., `configuring_password_reset.md`, `using_the_data_console.md`, `working_with_the_database.md`). Has `persuading_users_to_enroll.md` which 3.3 does not. + +Both versions share the same top-level sections: `administration/`, `evaluation/`, and `kb/`. + +## Image Paths — Cross-Product References + +All images live under `static/images/` at the repo root. In markdown, paths start with `/images/...` (Docusaurus serves `static/` at the root). Many passwordreset images are stored under `static/images/passwordpolicyenforcer/`, not `static/images/passwordreset/`. This is by design — the products were historically bundled together. + +- **3.3 docs** → files on disk at `static/images/passwordpolicyenforcer/11.0/passwordreset/`, referenced in markdown as `/images/passwordpolicyenforcer/11.0/passwordreset/...` +- **3.23 docs** → files on disk at `static/images/passwordpolicyenforcer/10.2/password_reset/`, referenced in markdown as `/images/passwordpolicyenforcer/10.2/password_reset/...` (note the underscore) +- Some images are under `static/images/passwordreset/3.3/` and `static/images/passwordreset/3.23/` as expected + +When adding or updating images, check existing references in the file to determine which image directory path convention to follow. + +## Knowledge Base + +KB articles in `3.3/kb/` and `3.23/kb/` are **copied by the build script** from `docs/kb/` — never edit them directly. The canonical KB source is `docs/kb/`. KB categories for this product: security-and-administration, portal-access-and-authentication, configuration-and-customization, integrations-and-notifications, deployment-and-infrastructure. + +## Sidebar Config + +Sidebar files are at `sidebars/passwordreset/3.3.js` and `sidebars/passwordreset/3.23.js` (relative to repo root). These are auto-generated and rarely need manual editing. + +## Key Terminology + +- **NPR** — Abbreviation for Netwrix Password Reset, used extensively in image filenames and some legacy references +- **APR** — Older product name (ANIXIS Password Reset), still appears in registry paths (`HKLM\SOFTWARE\ANIXIS\ANIXIS Password Reset\3.0`), setup filenames (`APR330.exe`), and database filenames (`apr.sdf`, `aprlog.sdf`) +- **PPE** — Netwrix Password Policy Enforcer, a companion product that integrates with Password Reset +- **PRC** — Password Reset Client, the optional desktop client component +- **Configuration Console** — The main admin interface for configuring Password Reset settings +- **Data Console** — The reporting/audit interface for viewing user enrollment and activity data