Pricing  Get Quote
 
 

GINA / CP

Reset passwords and unlock accounts from your Windows login screen

Most organizations rely on password self-service management tools to empower users to perform password operations. On the flip side, most password self-service solutions can be accessed only from a web browser, forcing locked-out users to reset their passwords from a colleague’s workstation or from a kiosk with a web browser. This defeats the whole purpose of secured self-service password management. To combat this, ManageEngine ADSelfService Plus enables users to securely perform self-service password operations in several different ways.

With the help of ADSelfService Plus' GINA/CP logon agent, users can reset their passwords and unlock their accounts from the logon screen of their Windows, Linux, or macOS machines. By allowing users to perform password operations even when they're locked out, they don't have to resort to using another machine. This feature helps organizations trim down costs associated with IT help desk calls and frees administrators from such trivial issues, helping them focus on more important tasks.

ADSelfService Plus uses the ADSelfService CP logon agent as a credential provider (CP) tile in machines running on Windows Vista and above while the ADSelfService Plus GINA logon agent displays the Reset Password/Unlock Account button on the logon screens of machines running older versions of Windows. The ADSelfService Plus GINA agent is basically an extension of the standard Microsoft GINA and has the same functionality as the ADSelfService Plus CP agent.

What is a credential provider?

credential provider

Self service password Windows GINA/Credential Provider

Credential providers are COM objects that are displayed when a secure attention sequence event in initiated, which happens by pressing CTRL+ALT+DEL. They procure information about the user’s credentials and pass it over to the Local Security Authority server for authentication. Credential providers were first introduced with Windows Vista and have since been an integral part of all Windows versions. Third-party credential providers (i.e., the ADSelfService Plus CP agent) can coexist with the CPs that Microsoft provides.

What is Microsoft GINA?

Microsoft GINA/Credential Provider

Graphical identification and authentication (GINA) is essentially a dynamic linked library loaded by Winlogon during the booting process. Technically , it's the msgina.dll module that initiates the "Press CTRL+ALT+DEL to logon" screen to be displayed and accept the username and password. More functionality can be added to MS GINA with the help of extensions. GINA extensions are also DLLs, and multiple can be installed on a computer.

What is the ADSelfService Plus GINA/CP logon agent?

The ADSelfService Plus GINA/CP logon agent is an integral component of ADSelfService Plus that enables end users to access ADSelfService Plus from the logon screens of their Windows machines. It empowers users to reset their passwords securely and unlock their accounts without help desk intervention or assistance from other users.

Supported operating systems:

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 10
  • Windows 8.1
  • Windows 8
  • Windows 7

How ADSelfService Plus enables Windows GINA password resets

Note: Installation of the ADSelfService Plus GINA/CP logon agent is mandatory to enable this setting.

enable Windows GINA password reset using ADSelfService Plus

  1. A user clicks the Reset Password/Unlock Account button on their Windows login screen. They are asked to enter their username.
  2. After successfully completing all the enforced authentication methods, the user is allowed to reset their password.
  3. ADSelfService Plus resets the password in Active Directory (AD) and notifies the GINA/CP client that the password reset was successful.
  4. The GINA/CP client establishes a secure connection with AD and updates the cached credentials in the machine after AD approves its request.

Highlights of ADSelfService Plus

 

Self-service password management

Enable users to reset forgotten passwords and unlock their accounts without involving the help desk, anywhere at any time.
 

Multi-factor authentication

Secure machine logon, application logon, and VPN logon with over 15 authentication methods that can be configured in minutes.
 

Single sign-on

Implement single sign-on for over 100 major enterprise applications and custom applications from a single portal.
 

Password Synchronizer

Automatically sync the Windows Active Directory user password across various platforms, eliminating password fatigue.
 

Password Policy Enforcer

Ensure strong passwords that are equipped to fight dictionary attacks, brute-force attacks, and other password threats.
 

Directory self-update

Allow users to update personal information in Active Directory, freeing the help desk from this daunting and repetitive task.

Empower users to reset passwords right from their Windows login screen

Get Your Free Trial  

ADSelfService Plus trusted by