Deployment and configuration

Before deploying the Windows Password Synchronizer, you must complete the post-installation configuration steps to register the Password Synchronizer for password change notifications.

Post-install configuration

1. From the TDI_install_dir\pwd_plugins\windows directory, copy the tdipwflt.dll DLL of the Windows Password Synchronizer.
2. Paste the DLL file to the System32 folder of the Windows installation folder. On 64–bit Windows operating systems, you must paste the 64–bit DLL of the Password Synchronizer in the System32 folder.
3. Add the name of the Windows Password Synchronizer DLL, tdipwflt to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages Windows registry key. Do not delete any of the existing data from the Notification Packages.
4. From the TDI_install_dir\pwd_plugins\windows directory, run the registerpwsync.reg file, which is shipped with the Password Synchronizer. The following key is created for the Windows Password Synchronizer in the Windows registry:

   HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Security Directory Integrator\Windows 
   Password Synchronizer

   Also, a string value ConfigFile is set and it contains the absolute file name of the configuration file of the Windows Password Synchronizer. See Configuration parameters in the Windows registry for a list of parameters that are added to the Windows registry.
5. Restart the system.

Password Stores setup information

The Security Directory Integrator installer by default configures the Password Synchronizer to use the Log Password Store.

For information about setting up the Password Stores, see:

• JMS Password Store
• Log Password Store

• Configuration parameters in the Windows registry
  You must register the Windows Password Synchronizer in the Windows LSA to receive password change notifications. You must also register the external library name in the specific registry key.
• Configuration parameters in the configuration file
  The Windows Password Synchronizer plug-in has a template configuration file that is installed at TDI_install_dir /pwd_plugins/windows/pwsync.props.
• Enable Local Security Policy
  Before deploying the Windows Password Synchronizer, modify the Local Security Policy settings.
• Plug-in administration tool
  The plug-in administration tool, pwsync_admin.exe, is a command-line tool to run the administrative tasks.

Parent topic:

Windows Password Synchronizer