Desktop Password Reset version 7.2

Desktop Password Reset version 7.2



This application allows end users to access any web-based password management solution and change their password - even if they have forgotten their password or are locked out of their computer. SailPoint strongly recommends using SailPoint's Password Management solution with this application as it is specially designed to ensure the security of the system. Changing the password will reset the user’s password and all the connected accounts on different Managed Systems. This application is accessed when the Forgot Password option is clicked from the Login screen on the end user’s computer. Once they change their password, their account is unlocked and they can log in normally.

This page describes how to install and configure the SailPoint Desktop Password Reset.



Deployment Overview


SailPoint Desktop Password Reset (referred to as the Desktop Password Reset) must be deployed on the Windows computer of each end user who should have access to the product. In a large organization, the deployment process can involve many thousands of computers. Therefore, the process for setting up installation files and installing the product on each computer must be carefully planned.

The basic steps for deploying the Desktop Password Reset are listed below. The steps may vary depending on the method used to distribute the product to the computers of the end users.

  1. Verify the system requirements for installing the Desktop Password Reset.
    For more information, see System requirements.
  2. Ensure the administrator has the required permissions.
    For more information, see Administrator permissions.
  3. Set up a directory containing the files for installing the Desktop Password Reset.
  4. If you mandated the verification of SSL certificate during configuration, prepare certificate for SSL.
  5. MSI package would be used for the installation of Desktop Password Reset.
    For more information, see Installing Desktop Password Reset.


Installing SailPoint Desktop Password Reset

This section describes preparing the installation setup that can be used to install the SailPoint Desktop Password Reset.


System Requirements

Following are the software requirements for Desktop Password Reset:

  • Microsoft Windows 10
  • Microsoft Windows 8.1 Pro


Administrator Permissions

The user must have the Administrator Permissions for installing Desktop Password Reset and editing the Deploy Configurator.


Installing Desktop Password Reset

Desktop Password Reset can be installed on the end user’s computer using one of the following methods:

  • Interactive installation
  • Silent installation

Before installing Desktop Password Reset version 7.2, if already installed, uninstall the previous version/s of Desktop Password Reset.

Before installing Desktop Password Reset version 7.2, if already installed, uninstall the previous version/s of Desktop Password Reset.


Note: You are only entitled to download components for which you have an active license with SailPoint and the availability of a component for download does not grant you a license to use a component or entitle you to use a component for which you do not have an active license.  Please contact your Account Representative or CSM for more information.


Interactive installation


To install the Desktop Password Reset, perform the following:

  1. Extract to a directory.
  2. Depending on the operating system navigate to the following appropriate directory and run setup.exe:
    • (For 32-bit): pathOfDesktopPasswordReset\x86\setup.exe
    • (For 64-bit): pathOfDesktopPasswordReset\x64\setup.exe
      Where pathOfDesktopPasswordReset is the path where file is unzipped in step 1 above.
  3. On the Welcome dialog box, click Next to continue the installation.
  4. On the License Agreement dialog box, select I Agree and click Next.
  5. Select the directory for the installation and click Next.
  6. Enter the following configuration parameters on the Configuration Options dialog box and click Next:


Key Name Description Values

Specify the product-specific URL that should be accessible from the Desktop Password Reset restricted browser.

Specific requirements for IdentityIQ and IdentityNow are described in the Values column

Ensure that this URL (host) is added as a Trusted Site through Internet Properties => Security TAB => Trusted Sites [Sites]

  • (For IdentityIQ) <Server URL>

For example, http://server:port/identityiq/desktopreset

In this URL the variables have the following values:

    • server: FQDN or IP address of the computer where IdentityIQ is installed.
    • port: http/s port number on which IdentityIQ Services are deployed.

To configure IdentityIQ Forgot Password/Unlock Account feature with Desktop Password Reset, you need to turn on the PassThrough authentication, Enable Forgot Password and Enable Account Unlock in IdentityIQ and each of the users must configure challenges/responses for individual account.

  • (For IdentityNow) https://<IdentityNow URL>/passwordreset

For example:

The above example refers to the Password Management Solution.

Login Button Text Caption for the button used to launch the Desktop Password Reset restricted browser Forgot Password?
Language Options Specify multiple languages to be supported by the password management solution. The value should have language name and language code separated by comma and multiple languages should be separated by semicolon. The restricted browser will set one of these languages to the browser depending on the user selection.

The value must be in following format:

languageName, languageCode;


  • languageName can be the name of the language that needs to be displayed to the user in the Restricted Browser.
  • languageCode should be the code of the language. Refer to the following link to get the code of different languages:

For example, English(US), en-US;French(Canada), fr-CA;

The Language Name and Language Code should be separated by comma (,) and each language setting should end with a semicolon (;).

Default value: English(US),en-US;


   7.  (Optional) If required select the following options on the Configuration dialog box:


Key Name Description Values
SSL Server Certificate Validation Required

States whether SSL certificate validation is mandatory. Possible values are Y and N.

As this involves security risks, SailPoint does not recommend setting this to N in the product.

Y: Indicates SSL certificate validation is mandatory.

N: Indicates SSL certificate validation is not mandatory.

Default value: Y

Unblock AltGr Key States whether AltGr Key is Unblocked. Possible values are Y and N.

N: Indicates AltGr key is blocked.

Y: Indicates AltGr key is unblocked.

Default value: N


   8. (Optional) Select the Deploy Configuration Utility check box if the configuration utility must be installed and click Next.

The product has a built-in application called the Configuration Utility for customizing and configuring the product settings. You can select to install the application along with the product. Alternatively, you can configure the product settings during installation itself.

   9. Click Next to proceed.

The screen shows the Confirm Installation page.

  10. On the Installation Complete dialog box click Close to exit.


Silent installation


Following table describes the various installation parameters available:


Name Description

Path of the installation directory.

Default: C:\Program Files


Deploys the configurator on a target machine.

Default: It is not deployed.


URL link of the server.

Default: <serverURL>


Text for the login button which is used for launching Desktop Password Reset browser.

Default: Forgot Password?


Various language options.

Default: English(US), en-US;


SSL server certificate validation required.

Default: SSL validation is true.


Unblock AltGr Key.

Default: AltGr key is blocked.

-afterreboot Run pre-requisites in silent mode.

Run MSI file in silent mode.

For example, /quiet


To install the Desktop Password Reset, perform the following:

  1. Extract to a directory.
  2. Depending on the operating system navigate to the following directory:
    • (For 32-bit): pathOfDesktopPasswordReset\x86\
    • (For 64-bit): pathOfDesktopPasswordReset\x64\
      Where pathOfDesktopPasswordReset is the path where file is unzipped in step 1 above.
  3. Open the command prompt as an administrator.
  4. On the command prompt, enter the following command with appropriate parameters:
    pathOfDesktopPasswordReset/setup.exe -afterreboot /quiet
    For example:
    • (For IdentityIQ):
      • pathOfDesktopPasswordReset/setup.exe -afterreboot URL="http://<ServerName>:<Port>/DesktopReset" /quiet
      • pathOfDesktopPasswordReset/setup.exe -afterreboot TARGETDIR="C:\Program Files" URL="https://<ServerName>:<Port>/DesktopReset" LOGINBUTTONTEXT="Forgot Password?" LANGUAGES="English(US),en-US;French (Belgium),fr-be;" SSL=1 ALTGRKEY=1 /quiet
    • (For IdentityNow):
  5. If SSL Server Certificate Validation Required option is selected as Yes, copy the required SSL certificate to the directory where the certmgr.exe is located (in the extracted directory of in step 1 above).
    Run the following command to install the certificate:
    InstallCert_Silent.bat certificateName
    In the preceding command, certificateName is the name of the certificate file. For example, SSLCertificate.cer



SailPoint Desktop Password Reset does not support upgrade. To install Desktop Password Reset version 7.2, uninstall the previous version.


Using the SailPoint Desktop Password Reset


The Desktop Password Reset is invoked from the Windows logon screen, but before you are logged on to the computer.

For security reasons and to limit access only to the web and not to the system, pop-ups and shortcut keys are disabled (for example, right click, Ctrl+O, Ctrl+S, Shift+Left Click, and so on).

To invoke the Desktop Password Reset, click on the Forgot Password? link located below the password field on the default Windows login screen as follows:



Depending on the parameters that are configured in the Configuration Utility, the Forgot Password? option will launch the Desktop Password Reset browser application.


Managing the SailPoint Desktop Password Reset


Desktop Password Reset configuration


Desktop Password Reset has a simple built-in configuration utility, which is used to modify customization parameters. The Configurator.exe file is available along with the Desktop Password Reset installation.

If at any time it is necessary to change the value of the configuration parameters for Desktop Password Reset, you can change them by using the Configuration Utility.


To update the configuration on all end users system, perform the following:

  1. On command prompt navigate to pathOfDesktopPasswordReset\SailPoint Technologies\Desktop Password Reset.
  2. Run the following command and press enter:
    Configurator.exe -export
    This creates a config.export file at the same location.
  3. Using remote deployment software, copy the config.export file to end users system at the installation location.
  4. Run the following command at the end users system:
    pathOfDesktopPasswordReset\SailPoint Technologies\Desktop Password Reset\Configurator.exe -import


Enabling logs


By default, logs are not enabled for the Desktop Password Reset. To enable logs for the Desktop Password Reset, modify the required key values in the system registry.


To modify values in the registry to enable logs, perform the following:

  1. Open the system registry in a registry editor.
    For example, select Start ==> Run and enter regedit.
  2. Modify the values for the following keys under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\SailPoint Technologies\Desktop Password Reset:
    • TraceLevel - Set the traceability level of the log files.
      The following options are available:
      • 0 - Disable logs
      • 4 - Enable logging of errors, warnings and verbose information
    • LogFilePath - Set the value of this key to the path where the log file should be generated.
  3. Exit the registry editor.


Uninstalling the SailPoint Desktop Password Reset


Desktop Password Reset can be uninstalled in one of the following ways from:


Command prompt

  1. Open the command prompt as an administrator.
  2. Depending on the operating system, navigate to the pathOfDesktopPasswordReset/operatingSystem directory and execute the following command:
  • (For 32-bit) msiexec.exe /x "SailPoint_Desktop_Password_Reset_7.2_x86.msi" /quiet
  • (For 64-bit) msiexec.exe /x "SailPoint_Desktop_Password_Reset_7.2_x64.msi" /quiet

where operatingSystem is:

    • (For 32-bit) x86
    • (For 64-bit) x64


Programs and Features Console

  1. Open Control Panel and navigate to Programs and Features.
  2. Select SailPoint Desktop Password Reset 7.2 and click Uninstall.
Labels (1)
Version history
Revision #:
2 of 2
Last update:
‎Sep 20, 2019 04:31 AM
Updated by: