Installing the Password Manager Windows Desktop Client
EmpowerID provides two extensions, Credential Provider (for Windows 7 and earlier) and Credential Provider V2 (for Windows 8 and above) in 32-bit and 64-bit versions that allow organizations to plug in to EmpowerID's Password Manager functionality for customizing the Windows logon experience beyond that supplied by the standard Windows Credential Provider tool. Credential Provider is a DLL that Windows loads and executes during the booting process to provide the Windows Security screen or user icons that users see when initially logging into, locking, or unlocking a computer. These native tools provide the functionality that allows workstation users to authenticate themselves by submitting correct username and password combinations.
The Problem
Credential Provider is a helpful— for users who remember their password. But what happens when they forget their password and cannot log into or unlock their machines? With the native Credential Provider they cannot progress any further without administrative or help desk intervention. These users are locked out of their systems, their productivity is lost, and the business costs associated with password recovery increase.
The Solution
The EmpowerID Credential Provider extensions solve this problem by extending the password recovery functionality of the EmpowerID Password Manager to the Credential Provider screen. Users who have enrolled themselves in the Password Recovery Service can reset their passwords by clicking the Click here to Reset Password link and supplying the answers to their password reset questions.
This topic describes how to deploy the EmpowerID Credential Provider extension in your environment and is divided into the following activities:
Installing the EmpowerID Credential Provider
Testing the EmpowerID Credential Provider
Configuring default Settings using GPO
Deploy Desktop Client using GPO
Installing the EmpowerID Password Extension adds the following Operating System-dependent registry values to the Microsoft Hive.
EmpowerID Credential Provider extension adds the subkey 4B2F0B15-CB86-40FD-8139-D8E4E5A4AEAD with a data value of EmpowerIDCredentialProvider to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
Installing the EmpowerID Password Extension utility on a computer where any other third-party extension is installed will disable that third-party extension. When you install the EmpowerID Password Extension utility, the previous extension will be enabled.
Prerequisites
Due to best practices for Web security, EmpowerID by default blocks loading any page in an X-Frame. This causes a blank page to show on the desktop client when running the Password Recovery Center workflow. To allow the Password Recovery Center workflow to load on each end-user machine, you must edit the web.config to override this default behavior on each EmpowerID Web and Application server.
From Windows Explorer, navigate to the EmpowerID.Web.SiteRoot folder, located in a default installation at "
C:\\Program Files\TheDotNetFactory\EmpowerID\Web Sites\EmpowerID.Web.SiteRoot
".From the folder, open the web.config file in any text editor and comment out the following line:
<add name="X-Frame-Options" value="SAMEORIGIN" />
.Directly below the commented out line, add the following line:
<add name="X-Frame-Options" value="allow-from https://YourEmpowerIDWebSite.com/" />
. Be sure to change "YourEmpowerIDWebSite.com" to the URL for your EmpowerID portal.
To install the EmpowerID Credential Provider extension
Locate the MSI for the credential provider version you received from EmpowerID and double-click it to open the Setup wizard.