diff --git a/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md b/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md deleted file mode 100644 index 5556f178a3..0000000000 --- a/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md +++ /dev/null @@ -1,80 +0,0 @@ -# Persuading Users to Enroll - -Persuading Users to Enroll - -# Persuading Users to Enroll - -The Web Interface includes a REST API which your web sites and applications can query to determine -if a user is enrolled. Your web site or application can take appropriate action to encourage the -user to enroll. This could be anything from displaying a discreet message to denying access until -the user enrolls. - -## Enabling the API - -The API is disabled by default. If an attacker sends many queries to the API, they could try to -guess the domain and user names of enrolled users. They could get the same information by sending -many requests to the Web Interface.API is the more attractive target because API responds faster and -API queries are not logged to the Audit Log. - -If you do not want to enable the API because your Web Interface is accessible from the Internet, -then you could leave the API disabled on your Internet-facing Web Interface and set up an internal -Web Interface for API queries. Use the ServerIP registry value to point both Web Interfaces to the -same NPR Server, and enable the API only on the internal server. See the -[Multiple Server Installation](/docs/passwordreset/3.3/administrationoverview/installation.md#multiple-server-installation) topic for more -information. - -Follow the steps below to enable the API. - -**Step 1 –** Start the Registry Editor (regedit.exe). - -**Step 2 –** Expand the **HKEY_LOCAL_MACHINE**, **SOFTWARE**, **ANIXIS**, **ANIXIS Password Reset**, -and **3.0** registry keys. - -**Step 3 –** Create a new **DWORD** value called **WebAPIState**, and set it to 1. - -![persuading_users_to_enroll](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/persuading_users_to_enroll.webp) - -## Querying the API - -Send a GET request with the user's Active Directory domain and user name like: - -GET https://[server]/pwreset/apr.dll/api/enrollments/**[domain]**/**[user]** - -You can also use the User Principal Name (UPN): - -GET https://[server]/pwreset/apr.dll/api/enrollments/upn/**[user@domain]** - -## Interpreting the Response - -There are three possible responses: - -| Response | Meaning | -| ----------------------- | -------------------------------------- | -| `{"isEnrolled": true}` | User is enrolled | -| `{"isEnrolled": false}` | User is not enrolled or does not exist | -| `{}` | System maintenance is running | - -The API may also return one of these HTTP errors: - -| Error | Reason | -| ------------------------- | ------------------------------------------ | -| 400 Bad Request | Invalid request path | -| 403 Forbidden | API disabled, or cannot read configuration | -| 500 Internal Server Error | Other error | - -## Performance and Caching - -API performance is dependent on many factors. Synchronous queries will suffice in most cases, but -asynchronous queries are recommended to avoid delays. - -Avoid unnecessary calls to the API as they can overload the server. Try to call the API only once -after users logon. - -Caching improves performance and increases capacity. When the API sends a **user is enrolled** -response, it requests caching for up to two weeks. The web browser should cache the response and use -it for the next two weeks before querying the server again. No caching is requested for other -responses. - -**NOTE:** You may get a **user is enrolled** response after deleting an enrolled user when testing -the API. Clearing the browser cache may fix this, but not if other HTTP caches have cached the -response. diff --git a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md index 04f6956170..da68d41b62 100644 --- a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/configuring_password_reset.md @@ -15,7 +15,7 @@ Configuration Console to edit the configuration settings. Click **Start** > **Ne Reset** > **NPR Configuration Console**on the Password Reset Server computer to open the Configuration Console. -![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) +![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr.webp) Information about the configuration console tabs can be found in the following topics: diff --git a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md index d07d22d265..ee2a7e592c 100644 --- a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/email_tab.md @@ -86,5 +86,5 @@ understand their e-mail alerts. in the Web Interface language chosen by the attacker if the target user has not enrolled or changed their password with Password Reset. The target user will receive the e-mail alerts, but they may not understand them. Use the Rest API to remind new users to enroll so their preferred language is known -to Password Reset. See the [Enabling the API](/docs/passwordreset/3.3/administration/persuading_users_to_enroll.md#enabling-the-api) topic +to Password Reset. See the [Enroll Tab](/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/enroll_tab.md) topic for additional information. diff --git a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md index 87833b42b9..3fc4a47167 100644 --- a/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md +++ b/docs/passwordreset/3.3/administrationoverview/configuringpasswordreset/general_tab.md @@ -14,7 +14,7 @@ Use the General tab to maintain the list of managed domains, set the database op the Password Policy Enforcer integration. See the Netwrix Password Policy Enforcer topic for additional information. -![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr_3.webp) +![configuring_npr](/img/product_docs/passwordreset/3.3/administration/configuring_npr.webp) ### Domain List @@ -107,9 +107,7 @@ more detailed Rejection message when this registry value is set. Users may also policy, or no policy enforced if the queried server is not a domain controller in the user's domain. Queries to the Password Policy Server are sent to UDP port 1333 by default. You may need to create -firewall rules to open this port. See the -[Password Policy Client](/docs/passwordreset/3.3/passwordpolicyenforcer/administration/password_policy_client.md) -topic for more information. +firewall rules to open this port. See the Password Policy Enforcer documentation for additional information. **NOTE:** Due to a protocol upgrade, it is now recommended to enable protocol encryption for clients. To do so, please navigate to the PPS Properties in your Netwrix Password Policy Enforcer diff --git a/docs/passwordreset/3.3/administrationoverview/using_password_reset.md b/docs/passwordreset/3.3/administrationoverview/using_password_reset.md index 1abfd4a88b..fe3313a616 100644 --- a/docs/passwordreset/3.3/administrationoverview/using_password_reset.md +++ b/docs/passwordreset/3.3/administrationoverview/using_password_reset.md @@ -20,7 +20,7 @@ example: `http://[server]/pwreset/apr.dll? cmd=enroll&username=johnsmith&domain= Where [server] is the name or IP address of the server hosting the Web Interface. -![using_npr](/img/product_docs/passwordreset/3.3/administration/using_npr_1.webp) +![using_npr](/img/product_docs/passwordreset/3.3/administration/using_npr.webp) Users access the Enroll, Reset, Unlock, and Change features from the menu. These features are explained on the following pages. diff --git a/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md b/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md index 4f65fc0c17..753ccb797e 100644 --- a/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md +++ b/docs/passwordreset/3.3/evaluationoverview/configuring_password_reset.md @@ -14,7 +14,7 @@ In the previous section, you used Password Reset with a default configuration. Y Configuration Console to edit the configuration settings. Click Start > Netwrix Password Reset > NPR Configuration Console to open the console. -![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr_1.webp) +![configuring_npr_1](/img/product_docs/passwordpolicyenforcer/11.0/passwordreset/administration/configuring_npr.webp) The Configuration Console has a tabbed layout. Click the tabs along the top to see the various settings. Most of the settings are self-explanatory. Press **F1** on any of the tabs to see the help diff --git a/docs/passwordreset/3.3/evaluationoverview/using.md b/docs/passwordreset/3.3/evaluationoverview/using.md index ba622f0c5e..a9c2fa4e3c 100644 --- a/docs/passwordreset/3.3/evaluationoverview/using.md +++ b/docs/passwordreset/3.3/evaluationoverview/using.md @@ -28,6 +28,4 @@ Reset Configuration Console if you have installed and configured Password Policy Password Policy Enforcer Evaluator's Guide will help you to install and configure Password Policy Enforcer if you are not currently using it. -An Password Reset license does not include a Password Policy Enforcer license. See -[Administration](/docs/passwordreset/3.3/passwordpolicyenforcer/administration/administration_overview.md) in Password -Policy Enforcer topic for additional information. +An Password Reset license does not include a Password Policy Enforcer license. See the Password Policy Enforcer documentation for additional information. \ No newline at end of file diff --git a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/administration_overview.md b/docs/passwordreset/3.3/passwordpolicyenforcer/administration/administration_overview.md deleted file mode 100644 index 0779f797f3..0000000000 --- a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/administration_overview.md +++ /dev/null @@ -1,23 +0,0 @@ -# Administration - -Administration - -# Administration - -Netwrix Password Policy Enforcer helps secure your network by ensuring users set strong passwords. -When a user enters a password that does not comply with the password policy, Password Policy -Enforcer immediately rejects the password and details why the password was rejected. - -![introduction_2](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) - -Unlike password cracking products that check passwords after they are accepted by the operating -system, Password Policy Enforcer checks new passwords immediately to ensure that weak passwords do -not jeopardize network security. - -You can also use Password Policy Enforcer to ensure that passwords are compatible with other -systems, and to synchronize passwords with other networks and applications. - -**NOTE:** The [Evaluate Password Policy Enforcer](/docs/passwordreset/3.3/passwordpolicyenforcer/evaluation/evaluation_overview.md) contains -step-by-step instructions to help you quickly install, configure, and evaluate Password Policy -Enforcer. Consider using the Evaluation Guide if you are using Password Policy Enforcer for the -first time, prior to installing and deploying on your domains. diff --git a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/password_policy_client.md b/docs/passwordreset/3.3/passwordpolicyenforcer/administration/password_policy_client.md deleted file mode 100644 index b926c41240..0000000000 --- a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/password_policy_client.md +++ /dev/null @@ -1,24 +0,0 @@ -# Password Policy Client - -Password Policy Client - -# Password Policy Client - -The Password Policy Client helps users to choose a compliant password. Detailed information is -provided if their new password is rejected. - -The Password Policy Client is optional. If it is not installed, the -[Similarity Rule](/docs/passwordreset/3.3/passwordpolicyenforcer/administration/similarity_rule.md) can not be enforced. Users only see the default Windows error -message if their password is rejected, not the detailed help they receive from the Password Policy -Client. - -![the_password_policy_client](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client.webp) - -![the_password_policy_client_1](/img/product_docs/passwordpolicyenforcer/11.0/administration/the_password_policy_client_1.webp) - -The Password Policy Client displays the password policy during a password change so that users can -see the policy while they choose their password. The Password Policy Client also displays a detailed -rejection message to explain why a password was rejected. Both these messages are customizable. - -**NOTE:** The Password Policy Client does not modify any Windows system files. It also does not send -passwords or password hashes over the network. diff --git a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/similarity_rule.md b/docs/passwordreset/3.3/passwordpolicyenforcer/administration/similarity_rule.md deleted file mode 100644 index 0d8dea5d1b..0000000000 --- a/docs/passwordreset/3.3/passwordpolicyenforcer/administration/similarity_rule.md +++ /dev/null @@ -1,37 +0,0 @@ -# Similarity Rule - -Similarity Rule - -# Similarity Rule - -The Similarity rule rejects passwords that are similar to a user's current password. Password -similarity may indicate that a user is serializing their passwords. For example, "password1", -"password2", "password3". Password serialization allows an attacker to guess the new password. - -![Similarity Rule](/img/product_docs/passwordpolicyenforcer/11.0/administration/similarity.webp) - -Select the **Similarity** check box to enable the Similarity rule. - -Select **Current password** to apply the similarity rules the user's existing password. The Password -Policy Enforcer client must be installed on the user's machine to enforce this rule. - -Select **User display name** to reject passwords that are similar to a user's Active Directory -display name (full name for local accounts). - -Select **User logon name** to reject passwords that are similar to a user's logon name (user name). - -For each option enabled, set the rules: - -Set **Character substitution** to **Yes** to reject passwords that rely on character substitution to -comply with this rule. - -Set **Words typed backward** to **Yes** to additionally test passwords with their characters -reversed. Enabling bi-directional analysis stops users from circumventing this rule by reversing the -order of characters in their password. For example, a user may enter "drowssapdloym" instead of -"myoldpassword". - -Set a **Tolerance** value to specify the maximum number of matching characters that Password Policy -Enforcer allows before rejecting a password. For example, the two passwords "old**passwd**" and -"new**passwd**" contain six consecutive matching characters (shown in bold type). Password Policy -Enforcer rejects the new password if the tolerance is five (or lower), and accepts it if the -tolerance is six (or higher). diff --git a/docs/passwordreset/3.3/passwordpolicyenforcer/evaluation/evaluation_overview.md b/docs/passwordreset/3.3/passwordpolicyenforcer/evaluation/evaluation_overview.md deleted file mode 100644 index 9b456309a0..0000000000 --- a/docs/passwordreset/3.3/passwordpolicyenforcer/evaluation/evaluation_overview.md +++ /dev/null @@ -1,20 +0,0 @@ -# Evaluate Password Policy Enforcer - -Evaluate Password Policy Enforcer - -# Evaluate Password Policy Enforcer - -Netwrix Password Policy Enforcer is an advanced password filter for Windows. Use this guide to -quickly install, configure, and test an evaluation version of Password Policy Enforcer. Netwrix -Password Policy Enforcer helps secure your network by ensuring users set strong passwords. When a -user enters a password that does not comply with the password policy, Password Policy Enforcer -immediately rejects the password and details why the password was rejected. - -![introduction_3](/img/product_docs/passwordpolicyenforcer/11.0/evaluation/introduction_3.webp) - -Unlike password cracking products that check passwords after they are accepted by the operating -system, Password Policy Enforcer checks new passwords immediately to ensure that weak passwords do -not jeopardize system security. - -**NOTE:** You can also use Password Policy Enforcer to ensure that passwords are compatible with -other systems, and to synchronize passwords with other systems and applications. diff --git a/static/img/product_docs/passwordreset/3.3/administration/configuring_npr.webp b/static/img/product_docs/passwordreset/3.3/administration/configuring_npr.webp new file mode 100644 index 0000000000..3eac53b087 Binary files /dev/null and b/static/img/product_docs/passwordreset/3.3/administration/configuring_npr.webp differ diff --git a/static/img/product_docs/passwordreset/3.3/administration/using_npr.webp b/static/img/product_docs/passwordreset/3.3/administration/using_npr.webp new file mode 100644 index 0000000000..c1254d9347 Binary files /dev/null and b/static/img/product_docs/passwordreset/3.3/administration/using_npr.webp differ