|
|
An administrator can configure Force Enrollment to users in the domain, or users who are part of the Password Policy. Configuring Force Enrollment allows ADSelfService Plus to search for non-enrolled users and associate their accounts with a Logon Script, which prompts them to enroll whenever they log in to the network
Click on Configuration -->>Administrative Tools -->> Quick Enrollment -->>Force Enrollment using Logon Script.
Provide a check against the "Enable Force Enrollment" option
In the "Message To Be Conveyed" textbox, specify the message for the 'Non-Enrolled Users'
Specify the "Server Access URL For Enrollment" - URL configured for accessing the server - in the respective textbox
Select the 'Desired Policy (s)' (Policies to which enrollment should be forced)
Configure the Scheduler (in order to search for the non-enrolled users & assign their accounts with the "Logon Script" )
Options available for Scheduling are:
Daily
Weekly (specify the Day)
Monthly (specify the Date)
Hourly
Select the "Time" - at which the notification would be displayed - from the drop-down list box
Click on "Save" to store the configured setting.
|
|
The default location for the 'Logon Script'(ADSelfService_Enroll.hta) is the 'SYSVOL' folder. In some cases, the 'ADSelfService_Enroll.hta' might not be stored in the 'SYSVOL', owing to some permission issues concerning the Domain Controller. Under such circumstances, make sure to 'copy & paste' the 'ADSelfService_Enroll.hta' ( located at <ADSelfService Plus Installation Directory>\Bin ) onto the 'SYSVOL' folder. |
You can also manually enforce enrollment for a select set of users instead of automatically enforcing it on all users in a self-service policy. To do this, you need to manually add an entry in the 'ADSelfService_Enroll.hta' file.
Steps To Be Followed:
(i) Go to <ADSelfService Plus Installation Directory>\Bin folder and locate the script file 'ADSelfService_Enroll.hta'.
(ii) Open the file in a text editor and locate the property postData.
(iii) Add "&manualScript=true" at the end as shown below:
postData = "user=" + objNetwork.UserName + "&domainFlatName=" + objNetwork.UserDomain + "&domainDNSName=" +strdns
+ "&manualScript=true"
(iv) To allow users to close the enrollment request pop-up, append "&forceEnroll=false" to the manualScript tag in the above step. Check the below code for reference:
postData = "user=" + objNetwork.UserName + "&domainFlatName=" + objNetwork.UserDomain + "&domainDNSName=" +strdns
+ "&manualScript=true&forceEnroll=false"
(v) Save the file and apply the script to users through group policies.
Note: When you apply this script to users through group policies, users will be forced to enroll for password self-service even if you haven't created any schedulers for "Force Enrollment using Logon Script" option in the product.
The ‘Force Enrollment logon script’ is compatible with any type of logon script that may be running in your system already. In case of “already using a logon script”, you have to follow the steps stated below:
Steps To Be Followed:
(i) If the logon script is a batch file
Add the following line at the end of your logon script
path = "<ScriptPath>"
start /d %path% ADSelfService_Enroll.hta
(ii) If the logon script is a vb script
Add the following lines at the end of your logon script
Set objShell = WScript.CreateObject("WScript.Shell")
path = "<ScriptPath>"
objShell.Run(path+"\"+"ADSelfService_Enroll.hta")
Set objShell = nothing
Note: Replace <ScriptPath> with the location of ADSelfService_Enroll.hta
‘Force Enrollment logon script’ can be customized with alternate window size and texts to suit your organizational needs.
Steps To Be Followed:
|
|
