Password Reset Client - Install only ActiveX and not GINA / Credential Provider RRS feed

  • Question

  • Is it possible to install only the ActiveX controls, or manually register the ActiveX controls for the Password Reset Client?

    If possible I would like to use the ActiveX controls from Citrix, but the Credential Provider does not play nice with logins from the client.

    Instead of delivering the application it is bringing the user to the login screen

    I read up on this technet post FIM Add-in Extensions, but couldnt find an answer.

    Tuesday, July 3, 2012 7:09 PM


All replies

  • Nope.

    Also, in FIM R2, there is no more ActiveX for SSPR. It's all pure web-based now :)

    The FIM Password Reset Blog

    Wednesday, July 4, 2012 2:00 AM
  • Just an update for anyone else interested...

    In the lab environment I was able to install the password reset client on the citrix server and manually remove the credential provider from the registry, (I'm sure this is not recommended for both Windows OS and FIM)

    After rebooting the citrix server, the clients didn't double prompt for authentication and the application could be delivered to the clients to allow the password reset process by manually invoking the AcitveX Control. This was a potential solution for thin clients where we didn't want to install the client locally.

    In my testing I also noticed that the FIM 2010 Password Reset Client works for Password reset on FIM 2010 R2 but not for Password Registration.

    Thursday, July 5, 2012 9:02 PM
  • I know this post has been out there for a few months but I hope you still check it.  We are new to both FIM 2010 R2 as well as thin clients.  I am trying to figure out a solution to an issue here and stumbled upon your post.  Can I ask for more info from you?  What we have are Wyse thin clients with Thin OS.  So the thin clients get their desktop from Citrix XenDesktop.  So from my understanding we can implement the Citrix self service password reset which uses the Citrix stuff.  Users are prompted to answer questions during registration just like with FIM.  Now since we are a school, we have a mix of thin, thick, standard computers, as well as web apps.  I can't redirect the thick, or web apps to the citrix to register and reset (from my understanding) but I can for FIM.  I really don't want to have 2 configurations and 2 sets of questions for end-users.  So are you saying that I can install the FIM Add-ins on the xendesktop servers and my thin clients would be able to reset their account from the thin clients or am I reading this wrong? 



    Joe M

    Tuesday, October 23, 2012 4:03 PM
  • I take it your goal is to use one SSPR (FIM or Citrix)? I don't know much about the Citrix SSPR, but what this post describes was the ability to deliver the FIM SSPR Client via a Citrix Seamless window application to a user from a thinClient. This required a modification on the thin client web-based login page to embed a hyperlink to an anonomously delivered citrix app [pnagent file] which hosts a custom .NET app that invokes the SSPR Client.

    This scenario would not require custom software installation on the thin client and allow for some initial branding on the .NET app before entering the FIM SSPR Control. It's similar to having the user go to the reset password site (which is another option you can do).With this option, the user (before having to login to a thin client) can then reset their password if they correctly answer the security questions.

    Wednesday, October 24, 2012 6:56 PM
  • That sounds pretty much like what we are trying or needing to do.  I much rather use FIM 2010 R2 since we have web-based applications (SharePoint) that students and staff use from home.  I know the FIM works great with it but the Citrix does not unless we direct everyone to the Citrix webpage prior to logging in.  Then they would log into that and then get to their SharePoint portal from a weblink.  Not really what our users want.  So the FIM looks like the best solution except when it comes to the thin clients.  So please bear with me since I am new to Citrix and thin clients and FIM.  You are saying that you (or someone) can write a custom (or have one) .NET app for the thin client login page that has an embedded hyperlink?  Can I ask how you modified the thin client web-based login page?  If I can do that and give them a link to launch an anonymously delivered citrix app, that would be great.  I hate to re-invent the wheel but I also understand that some stuff people do they like to guard (especially if they had to spend a lot of time on it).  Any direction or insight you could provide would be greatly appreciated.  I keep feeling like I am just going in circles with this.  Thanks

    Joe M

    Thursday, October 25, 2012 8:37 PM
  • Below are 2 images from my testing. One is the customizable web-based login page for the thin clients. The other is the user experience when they click on the hyperlink and fill in the credentials to invoke the password reset.

    • Proposed as answer by Guy Horn Thursday, November 22, 2012 9:43 AM
    Friday, October 26, 2012 9:35 PM
  • And this is from a thin client?  We are using Wyse Xenith thin clients which have the Xendesktop built into the firmware.  We are being told that we cannot customize that.  Not sure how true that is.  The Xenith do not get a OS from the IIS server.  Think this will still work?  Again, I apologize.  We are still very new to this and trying to get a grip on how it all works together.

    Joe M

    Monday, October 29, 2012 1:31 PM
  • Not sure if it will work. I would consult an expert that knows the capabilities of your particular thin clients and what / where customizations can be done. I just wanted to point out the fact that it is possible (but not supported) to invoke the Password Reset Client from a .NET application which can be hosted from Citrix and delivered to an end user. How you achieve that depends on your environmental configurations and limitations.
    Tuesday, November 6, 2012 7:32 PM