Product Documentation

About Self-Service Password Reset

Sep 27, 2016

Self-Service Password Reset enables end users to have greater control over their user accounts. Once Self-Service Password Reset is configured, if end users have problems logging on to their systems, they can unlock their accounts or reset their passwords to something new by correctly answering several security questions.

Resetting user passwords is an inherently security sensitive process. We recommend that you refer to the Secure configuration article to ensure that your deployment is correctly configured.

Self-Service Password Reset contains three components:

  • Self-Service Password Reset configuration console
  • Self-Service Password Reset Service
  • Security question enrollment in StoreFront
     

Self-Service Password Reset configuration console

  • Service configuration. Configures the Self-Service Password Reset service, including the central store address, data proxy account, and Self-Service Password Reset account.
    • Central store address: Network share location for storing Self-Service Password Reset data.
    • Data Proxy Account: Communicates with the central store. The account requires read and write access to the central store.  
    • Self-Service Password Reset account: Used to unlock the account and reset the password. 
  • User configuration. Configures which user/group/OU can use the Self-Service Password Reset feature, and specifies the license server address and default service address.
    • Name user configuration: Defines the target user groups of the Self-Service Password Service, which can include users/groups/OUs from Active Directory.
    • License server address: You can use Self-Service Password Reset with only XenApp or XenDesktop Platinum edition. Minimum License Server version must be 11.13.1 or higher.
    • Select or deselect the Unlock and Reset features.
    • Default service address: Specify the URL of Self-Service Password Reset service.
  • Identity verification. Configures the questionnaire used for enrollment and to unlock or reset the password. 
    • Add a question or group to the question store from which questionnaires are generated. 
    • Select a question list from the question store that will be used for enrollment. 
    • Export/import security questions or groups.

Self-Service Password Reset Service

The Self-Service Password Reset Service runs on a Web server and allows users to reset their Windows passwords and unlock their Windows accounts. The end users' requests are sent to this service through StoreFront.

Security question enrollment in StoreFront

Use StoreFront to allow users to enroll their answers to the security questions. When they are enrolled, they can reset domain passwords and unlock domain accounts. For more information, see Self-Service Password Reset in the StoreFront documentation.