Password Policy Enforcer Upgrading from PPE V4.x

Upgrading from PPE V4.x

The PPE V6.x Password Policy Server is backwards compatible with the V4.x Password Policy Client. You can benefit from most of the new features by upgrading the Password Policy Server on the domain controllers. Do this before deploying the V6.x Password Policy Client.

Upgrading the Password Policy Server

The PPE installer detects existing V4.x installations and upgrades them to V6.1. Refer to the Installing PPE section for complete installation instructions.

The PPE V6.x management console automatically imports V4.x configuration settings when started for the first time.

The management console imports valid subscription license keys, but it will not import V4.x perpetual license keys as they cannot be used with PPE V6.x. PPE will revert to a 30-day evaluation license if it cannot import the V4.x license key. Open the PPS Properties page after an upgrade to check your license details.

You can run a combination of V4.x and V6.x Password Policy Servers, but do not enable any of the new features until all the Password Policy Servers are upgraded to V6.x. Extended use of both versions is not recommended as it adds administrative overhead. Maintain both versions only for a short time while you roll out PPE V6.x.

Any configuration changes made from the V6.x management console will only affect V6.x domain controllers. Likewise, any changes made from the V4.x management console will only affect V4.x domain controllers. You must make configuration changes in both management consoles until all domain controllers are upgraded to V6.x. Failure to do so may lead to inconsistent enforcement of the password policy.

You can start enforcing the new rules after all the domain controllers are upgraded to V6.x. Older V4.x clients will work with the new server, but there are some benefits to using the V6.x client when enforcing the new rules. These benefits include:

Users less likely to see the Generic Rejection message.

Faster response times.

Slightly reduced network utilization.

Slightly reduced server load.

Older versions of the PPE client (prior to V6.0), including PPE/Web V3.x and ANIXIS Password Reset V1.x cannot detect passphrases. Users must comply with the policy's compliance level when these older clients are installed.

PPE/Web V3.x and ANIXIS Password Reset V1.x use the PPE V3.x communication protocol. These clients do work with the V6.x server, however they will always display the Generic Rejection message when a password is rejected by one of the new rules.

Do not use the automatic tolerance option with PPE V4.x or V3.x clients, including PPE/Web V3.x and ANIXIS Password Reset V1.x. These clients will enforce an extremely restrictive password policy if this option is enabled. They will reject any password that contains a character found in the comparison parameter.

Upgrading the Password Policy Client

The Password Policy Client installer detects existing V4.x installations and upgrades them to V6.1. Refer to the Installing the PPC section for complete installation instructions.