Skip to main content

Password Reset for Locked Out Users

Help locked out user with domain secure kiosk account


Play movie

Content:

  • User locks out Windows login password.
  • User signs in with a domain-level secure kiosk account.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • Web browser is closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out PC.
  • No client software is installed on the PC.

Corporate user unlocks Windows XP password with GINA service


Play movie

Content:

  • User locks out Windows login password.
  • User presses a "help" button to access self-service.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • Web browser is closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows XP PC.
  • GINA DLL is not altered.
  • The native GINA UI is extended to include an unlock button, at runtime.

Mobile user unlocks Windows XP password with GINA service


Play movie

Content:

  • User locks out Windows login password.
  • User presses a "help" button to access self-service.
  • A temporary VPN tunnel is established.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • ActiveX updates locally cached password.
  • Web browser and VPN are closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows XP PC.
  • SSPR is available even away from the corporate office.
  • SSPR impacts locally cached credentials, not just on AD DCs.
  • GINA DLL is not altered.

Corporate user unlocks Windows 7 password with a Credential Provider


Play movie

Content:

  • User locks out Windows 7 login password.
  • User presses a "help" button to access self-service.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • Web browser is closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows 7 PC.
  • The UI extension is via the Credential Provider infrastructure.
  • The native login screen is extended to include an unlock button.

Mobile user unlocks Windows 7 password with Credential Provider


Play movie

Content:

  • User locks out Windows login password.
  • User presses a "help" button to access self-service.
  • A temporary VPN tunnel is established.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • ActiveX updates locally cached password.
  • Web browser and VPN are closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows 7 PC.
  • SSPR is available even away from the corporate office.
  • SSPR impacts locally cached credentials, not just on AD DCs.

User unlocks Windows password via telephone


Play movie

Content:

  • User locks out Windows login password.
  • User accesses self-service password reset via telephone.
  • User enters his network login ID using touch-tone input.
  • User gives numeric answers to security questions.
  • User selects one of several random password.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset despite being locked out of Windows.
  • User interaction via telephone, no client footprint.

page top page top