On-site user unlocks Windows 7 password with a Credential Provider


Content:

  • User locks out Windows 7 login password.
  • User presses a "help" button to access self-service.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • Web browser is closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows 7 PC.
  • The UI extension is via the Credential Provider infrastructure.
  • The native login screen is extended to include an unlock button.

Off-site user unlocks Windows 7 password with Credential Provider


Content:

  • User locks out Windows login password.
  • User presses a "help" button to access self-service.
  • A temporary VPN tunnel is established.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new password.
  • ActiveX updates locally cached password.
  • Web browser and VPN are closed.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset from a locked out Windows 7 PC.
  • SSPR is available even away from the corporate office.
  • SSPR impacts locally cached credentials, not just on AD DCs.

Transparent password synchronization


Content:

  • Illustrate the flow of a new password from a change initiated on Windows via Ctrl-Alt-Del, through an AD DC, to HiPM and finally to another application.

Key concepts:

  • Reducing the number of passwords users must remember.
  • Password synchronization without exposing a user to a new UI.
  • Intercepting password changes on AD DCs.
  • Propagating new passwords to multiple systems and applications.

Transparent password synchronization: realistic scenario with load balancing and feedback loops


Content:

  • Illustrate the flow of a new password during password synchronization.
  • Highlight interactions with load balancers, multiple HiPM systems and multiple trigger systems.
  • Show how HiPM prevents feedback loops.

Key concepts:

  • Reducing the number of passwords users must remember.
  • Ensuring that password synchronization does not introduce feedback loops on the network.
  • Illustrate the advanced architecture to properly scale up a password synchronization system.

Unlocking a user who forgot his McAfee/Safeboot boot password


Content:

  • User forgot the password he must type to unlock his encrypted hard disk.
  • User calls the help desk and is routed to the HiTPM server.
  • User identifies and authenticates himself over the telephone.
  • User acts as an intermediary between McAfee/Safeboot software and HiTPM, passing codes in both directions.
  • User receives and keys in an unlock code, enabling him to boot his OS.

Key concepts:

  • Access to key recovery for users with encrypted hard disk.
  • Self-service process eliminates help desk calls and offers 24x7 service.

User unlocks Windows password with self-service telephone call


Content:

  • User locks out Windows login password.
  • User accesses self-service password reset via telephone.
  • User enters his network login ID using touch-tone input.
  • User gives numeric answers to security questions.
  • User selects one of several random password.
  • User signs into Windows with the new password.

Key concepts:

  • Access to self-service password reset despite being locked out of Windows.
  • User interaction via telephone, no client footprint.

Password reset for Lotus Notes ID files using a Notes client extension DLL


Content:

  • HiPM simulates a password reset on Lotus Notes ID files using a repository.
  • ID files are fetched by Notes.exe at startup time, using an Extension DLL.

Key concepts:

  • Simulating password resets on Notes ID files.
  • On-demand delivery of updated ID files to users.
  • Minimal client footprint.

Self-service reset for a forgotten or locked out smart card PIN


Content:

  • User forgets the PIN to his smart card.
  • User presses a "help" button to access self-service.
  • A kiosk-mode web browser is launched.
  • User enters his network login ID.
  • User answers security questions.
  • User chooses a new PIN for his smart card.
  • ActiveX runs on the user's PC, unblocks the card and injects the new PIN.
  • User signs into Windows with the smart card and new PIN.

Key concepts:

  • Access to self-service password reset from a locked out PC.
  • PIN reset is available on-site and also while mobile (via temporary VPN).
  • ActiveX is used to communicate with the smart card reader, unblock the card and set the new PIN.