Using ADSelfService Plus GINA agent with Windows Native VPN to change cached credentials
When enabling the VPN settings for updating the cached credentials via GINA, I wish to use the native Windows 10 VPN Client. The ADSelfService configuration requests a Pre shared Key for this type config, and the instructions are not specific. Do I need to configure an endpoint on the Win 2012R2 RRAS VPN server with the same pre-shared key? How do I troubleshoot issues with this feature (logs)? Thanks!
Auto-Enrollment
Is there a way in ADSelfService Plus to auto-enroll a user (based on query) with the email address defined in AD? We only use the 2FA w/ email and/or TXT Message and do not use the security questions. When we went live w/ this product a couple of months ago, we performed a bulk import of all users via CSV. Net new users are not 'enrolled' and we don't want them to do it themselves, but we also don't want to have an IT person re-run the import process as new hires (daily) are created. Is there
SQL injection
I am running Build Number : 5325. Our latest security has found the SQL injection vulnerability. Has this been addressed in the newest version?
GINA/MAC install error
Hi There is one problem to install GINA/Mac (Ctrl+Alt+Del) Error message: Try again after some time,There is already another Install process/scheduler running... There is no install process and scheduler we made but the error still same for 24 hours. How we solve this problem?
populate drop- down lists from AD
Is it possible to populate drop-down lists from AD?
SSO and social networks
Hello, Do you have plans to integrate Single Sign On with social networks like LinkedIn, Facebook, Instagram etc? Regards, Anton
ADSelfService Plus 5328 released! Features mobile app customization.
Hello Everyone! We are glad to release the latest version of ADSelfService Plus – build 5328. This release has options to customize the mobile app home screen, enhancements to password policy enforcer, and some bug fixes. Enhancements: Mobile app customization: Now you can completely customize the home screen of the app and disable access to certain features Dictionary rule in password policy enforcer can now be configured to restrict password that is either an exact match of a dictionary word or
ManageEngine Free Training! - Register Now
ManageEngine's ADSelfService Plus free online workshop series is back with a bang! This time around, we'll be exploring topics never covered in any of our previous workshops to get the best out of ADSelfService Plus deployment. Ready to see how easy password management can be? ADSelfService Plus free online workshop series April 18 - May 18, 2017 Register Now Password management implementation: Best practices Join our ADSelfService Plus veterans and learn about the ways to implement
Tomcat 6 and Java
Our Information Security team has brought forward a few concerns and would like to know what are Manage Engines plans to address the following: Tomcat 6 End Of Life 12/31/2016 (http://tomcat.apache.org/tomcat-60-eol.html) Numerous high-severity vulnerabilities publicly documented. High — Java 1.7.0_55 Limited Encryption Algorithm Selection in Java 7 especially when considering forward compatibility End of Life September 2017 (http://www.oracle.com/technetwork/java/eol-135779.html#Java6-end-public-updates).
Spelling Mistake
The word destinations is spelled incorrectly. How can we fix this?
SSL Go Daddy Certificate
Hi I have a Go Daddy certificate, run it though Keytool OK, moved the selfservice.keystore to the conf folder restarted the service and even rebooted the server - but still i get a certificate error via the URL. Bit baffled to be honest does anyone have any hints or tips? Simon
Remove registration request .
Hi, We want to remove the option that request the user to register , when an user tries to reset his password a message is displayed with this message : "You are required to subscribe for Verification Code. Please login (if you remember your password) and subscribe. Contact your admin in case you don't remember your password." How can we remove that the users don't need to register to reset or change the password ? Thanks
ADSELFSERVICE is it 2016 compatable yet
Hi, Is ADSelfService compatible with Server 2016 yet? Thank You Simon
Ports for GINA install.
Hello! Can someone please tell me the ports I need to have open on our firewall to "push" install GINA to all of my PC's?
Remote password changes - Can't get to work more the 50/50
Our company has about 400 remote users not on our domain with approximately 100 users at the corporate office and connected to the domain. We are cloud based for just about everything hence our interest in Manage Engine and password changes. Unfortunately we were led to believe we would not need a VPN connection to change ones password and the system (Manage Engine) would update the cache including passwords on local devices. We accepted the VPN process using Cisco AnyConnect and have found it
Apache Struts has been flagged as being vulnerable
Hello, the version of Struts used by the AD Self Service Portal is Struts version 1.1. Our IT security has flagged this as a serious security issue. Will Struts be updated to the latest version in the next build ? Strusts 1.1 is very old, has exploits, is unsupported and has long since reached its end-of-life. https://beta.nvd.nist.gov/vuln/search/results?adv_search=true&cpe=cpe%3a%2fa%3aapache%3astruts%3a1.1 https://struts.apache.org/struts1eol-announcement.html Thanks John
Update email address to get verification code
Hi Team, Let me know if there is a way to bulk update email address for users to get verification code as multi-factor authentication. Thanks, Rakesh
Slowloris Resource Depletion and Denial of Service
I have placed a support call previously on this issue and was advised it would be fixed in the next release. That was a few releases back and this vulnerability keeps appearing on our external vulnerability scans. Are there any changes that can be made to fix this issue without waiting for a patch in one of the releases? ADSelfService Plus is running on port 443, but it does allow the redirect if a user hits it on port 80. I am guessing that is why the vulnerability is showing below on port 80.
GINA - Password Policy Enforcement only
Hello, Is it possible to hide the Reset Password / Unlock Account Button in GINA? I really like the Password Policy enforcement for when users are changing their passwords, but I am not ready to force everyone to enroll yet. If possible I would like to install the GINA client on all workstations so that users can see the password requirements. Then, once I am ready to have people enroll in the system, I can unhide the Reset Password / Unlock Account button. Thanks, Michael
ADSelfService Plus 5327 released
Hello Everyone! We are glad to release the latest version of ADSelfService Plus - build 5327. This release comes with three new authentication methods to beef up security for the self-service password reset and account unlock processes, along with other bug fixes. Features: Duo Security, RSA SecurID and RADIUS-based authentication support: Self-service password reset and account unlock processes are now more secure than ever thanks to three new authentication methods for verifying users’ identities.
Modify Gina logo
Hi, There is a way to change the gina logo(when you launch ctr + alt + supr) "Manageengine ADSS" to one especif logo? Regards.
GINA\Mac VPN Client configuration different on PC and Mac
Have a question about GINA\Mac client configuration: ** Enter the location where the VPN client is installed on the users' machines. ** We'd like to use the GINA\Mac client on both PCs and Macs in our environment in order to updated cached credentials via Cisco AnyConnect. The path of the VPN client application will obviously be different on our PCs than our Macs. Will the 'VPN Client Location' field accept multiple locations separated by comma? Should we generate and maintain two separate build\configurations
Where do you install ADSelfService Plus
So this is a super simple question but for some reason I'm not understanding how ADSelfService is installed Do you install the Software on your domain controller/some other server and clients access the web portal? or Do you install the software on every client's machine? Option two doesn't seem right, but I can't find instructions explicitly saying to install the software on a server. Thanks.
ADSelfService Plus 5326 released with AD domain to domain password synchronization
Hello Everyone! We are glad to release the latest version of ADSelfService Plus - build 5326. This release brings Active Directory domain to domain synchronization feature along with some other enhancements and bug fixes. Enhancements: AD domain-to-domain password sync: Now you can enable password synchronization between two or more Active Directory domains. Option to synchronize passwords only after successful password reset in Active Directory. Ability to identify the IP addresses of machines used
How to change sample Name
Hi, May I change screen sample name in ADSelf Service
How to change answers to security questions?
Can users change answers to their own security questions?
ManageEngine AD Seminars - Coming to the UK in February & March (Edinburgh & London)
Just a quick heads up to all the UK based users of ManageEngine AD Tools. Seminars are scheduled to take place in Edinburgh & London (27th February & 2nd March) These seminars will be an opportunity to... Learn about the next-gen AD management trends and techniques Know how to configure and monitor the critical security setting of your AD environment Know about constructing email alerts, to be notified about changes to key security settings Consult with our AD experts. Discuss your Active Directory
Forcing ADSSP to get Display Name instead of Full Name when end user try to selfupdate attributes
Hi All, I'm working with ADSSP and I have a Challenge. In fact, In Active Directory logon name and full name are set as numbers and this cause a problem when an end user try to update his "Manager Attribute" he can't Know what to choose since he doesn't know his managers' ID, it will be great if the name is displayed. So, is it possible to force ADSSP to get the Display Name instead of Full name? Regards Rochdi
Mac Keychain
Does AD SelfService Plus password reset also reset the mac keychain password? So if a user chooses to reset their domain password from their Mac, will it also reset /sync that change to the local mac's keychain?
ADSelfService_Enroll.hta Assigned to AD Accounts That Had No Login Script.
We recently upgraded to the latest build of AD SelfService Plus (Version 5.3, Build 5324). After upgrading, approximately 24 hours later, any user that was in AD that did not have a login script assigned to their AD account got assigned ADSelfService_Enroll.hta as their login script. Can someone tell me if we did something wrong in the upgrade or why this happened? We recently added "&manualScript=true" to force enrollment. By adding that string to ADSelfService_Enroll.hta could that have made that
ADSelfService Plus build 5325 released
Hello Everyone! We are glad to release the latest version of ADSelfService Plus – build 5325. This build features some enhancements and a bug fix. Enhancements: Two-factor authentication for ADSelfService Plus login can now be configured based on OUs and groups. To configure the settings, navigate to Configuration > Policy Configuration > Select Policy > Advanced > Login TFA. Option to exclude smart card users from password/account expiration notifications, and soon-to-expire password users and password
Email push formatting, or lack there of.
I just recently did an email push for enrollment. There were no HTML controls in the box so I formatted it as best I could in plain text, when it went out, it looked so bad most of my employees either ignored it or actually called me thinking we got hacked and that it was a virus. Can the emails be configured with HTML to look better and perhaps match our internal memo emails? I am sorry if it is obvious, but I am unable to find anything. Thank you, Jim
ADSelfService Plus build 5324 released
Hello Everyone! We are glad to release the latest version of ADSelfService Plus – build 5324. This build features support for Cisco AnyConnect VPN client for cached credentials update and a major bug fix. Enhancements: Cisco AnyConnect VPN client is now supported for updating cached credentials. 64-bit version of VPN clients are now supported for cached credentials update. The photo attribute can now be set as ‘Read Only’ in self-update layout. Issue fixed: Vulnerability issue in self-password reset
Partial Backup -Exclude Configurations
Hello Team, In my company we've the enviroments PRODUCTION AND TEST, How can I make a backup only users (registered and not regi..) from my PRODUCTION enviroment ? We wanna use this backup for my Test enviroment and we dont want to lose the configurations on test. thanks!
ADSSP on non-member server
Can ADSSP be installed on a non-domain member server as long as the appropriate firewall ports are open from that server to the domain controllers?
[Free Webinar] Self Service Password Reset for Remote Users
Away from office + Forgotten password = A nightmare for users Did you know there are options available to allow users to reset passwords when away from the network? Join this live webinar by Derek Melber, Active Directory MVP, will explain how to securely allow remote users to reset their Active Directory password without help desk intervention. Date : Jan 31th 2017 Register now: https://goo.gl/A4rZwd ADSelfService Plus Team Toll Free: +1-888-720-9500 Direct: +1-408-916-9890 Email: support@adselfserviceplus.com
Displaying Information in Organizational Chart
Hi, I'm trying to display information for Employee Search in ADSeflService Plus. Is there a way to add columns aside from the ones already provided in the "available columns" option? For example, I'm trying to display the attribute "employeeID" column which is not available in the Display Columns selection. Kindly advise. Thanks, Herdyan
ADSelfService Plus 5.3 Build 5323
Hello everyone! We are happy to announce the release of the latest build of ADSelfService Plus-5323. This build further strengthens the Password policy enforcer feature by introducing dictionary rules, a passphrase option to override complexity requirements, a Unicode character requirement, and more. Enhancements: The password policy enforcer feature now ensures strong passwords for your users by: Preventing the use of any dictionary word. Prohibiting the use of five consecutive characters from
ADSelfService Plus 5.3 Build 5322
Hello Everyone! We have just released a hotfix for ADSelfService Plus – build 5322. This build fixes issues in the Windows logon (GINA/CP) client and policy configuration. Issues fixed: Issue in Windows logon agent (GINA/CP) when GINA/Mac customization scheduler is configured Issue which failed to save OU and group selections during policy configuration IMPORTANT: Existing customers can upgrade to the latest build by downloading the ADSelfService Plus Service Pack 5.3 SP 2.2 from the link below:
ADSelfService Plus Fixes and Enhancements [2017]
Release Notes for build 5509 (Dec 27, 2017) Enhancement: Bulk disenroll users: Select multiple users from the Enrolled Users report or import users from a CSV file to disenroll them in bulk. Issues fixed: Oracle EBS password sync driver has been updated to the latest version. Issue in using Google Authenticator while performing password self-service from the Android mobile app. Issue in enrolling more than 10,000 users at once from external databases. Issue which failed to refresh the CAPTCHA image
Next Page