MS GINA based Self Service Password Management
Self Service Password Management is the key tool that relieves IT administrators and helpdesk associates from the mundane change password requests from domain users who had forgotten their password. Associates may have login permissions for different applications and hence the passwords associated with each one of them need not be the same. This becomes the main reason for forgotten password issues. Many a time, it becomes a pain for administrators to reset the password every other day. Understanding the user password issues, ManageEngine ADSelfService Plus provides a web based portal that allows users to reset their Active Directory passwords securely from a remote machine. To avail this self-service facility, users need to enroll themselves by answering a few questions that they would need to remember. These answers will be taken for validation when the user tries to reset his password. The choice of questions and also the number can be decided by the administrator who can associate the user to a specific policy.
With a view to improvise the existing system, ADSelfService Plus introduces the ADSelfService Plus GINA. The ADSelfService Plus GINA is basically an extension of the standard Microsoft GINA, which comes with the functionality of displaying the Reset Password / Unlock button in the "CTRL+ALT+DEL" screen.
In case of Vista Machines, we have the ADSelfService Plus Credential Provider which works exactly like the ADSelfService Plus GINA and creates an extra "Reset Password / Unlock" Button on the Windows logon screen.
What is MS GINA?
GINA is the acronym for Graphical Identification and Authentication. GINA is basically a dynamic linked library that is loaded by the MS Windows executable logon process (Winlogon), during the booting process. Technically speaking, it is the msgina.dll that initiates the "Press CTRL+ALT+DEL to logon" screen to be displayed and accept the username and password.
What are GINA Extensions?
More functionalities can be added to MS GINA with the help of extensions. The GINA extensions are also dlls and can be installed on a computer in multiple numbers. However the multiple GINA extensions are installed in a specific order, and the Winlogon system calls the GINA extension that was last installed, which calls the previous one and so on, finally leading to the standard MS GINA.
What is a Credential Provider?
The Windows Vista machines, Credential Provider replaces the GINA architechture. The Credential Provider has the same functionality as the MS GINA.
The ADSelfService Plus GINA/CP Advantage
The ADSelfService Plus GINA/CP restricts unauthorized users from accessing the application by securing/managing the identities of enrolled users effectively. The ADSelfService Plus GINA/CP can be pushed to the client machines by simply installing the ADSelfService Plus Application from the server to the client machines. The Functionality and Usage of ADSelfService Plus GINA, will explain the working of the feature in detail.