| The MetaFrame Password Manager Administration Console allows you to perform all the administration needed for MetaFrame Password Manager 2.0. The Citrix MetaFrame Password Manager console has the following minimum requirements. Microsoft Windows 98, 2000 (SP1+), or XP (Note: Windows 2000 SP1+ or XP required for Directory access) 120 MHz Pentium-compatible processor (233Mhz Pentium-compatible processor recommended) 48 Mb RAM (128Mb RAM recommended) 10 Mb hard drive space for MetaFrame Password Manager Console (depending on installation options) Microsoft .NET Framework 1.1 If you will be creating application definitions then you will be required to install the console on a machine with the appropriate applications and or install the application on a machine with the console. If you will be installing the console on a MetaFrame XP server then you will be able to publish it for administrative access. The default location is: C:\Program Files\Citrix\MetaFrame Password Manager\Console\SSOAdmin.exe. The following defines how to install the MetaFrame Password Manager Console. 1. Insert the Citrix MetaFrame Password Manager CD in the CDROM of the server you would like to manage the applications from. This does not need to be a MetaFrame XP server. It does however need to be a workstation has the appropriate applications installed, for creating any application definitions required. 
2. Install Microsoft .NET Framework 1.1, located on the MetaFrame Password Manager 2.0 CDROM, \SSO Administrative Console\dotnetfx.exe 3. Click the MetaFrame Password Manager Console button on the Password Manager splash screen to launch the installation program.
4. Click Next to continue. 
5. Click to select the I accept the terms in the license agreement radio button and click Next to continue. 
6. Click to select the Typical radio button and click Next to continue. 
7. Click Install to continue. 
8. Click Finish. 
You have now successfully installed the management console.
Now that we have the Management Console installed we will need to add the Citrix MetaFrame Password Manager 2.0 User Connection Licenses and create the License Repository. The following defines how to configure Password Managers License Repository and add user connection licenses to Citrix MetaFrame Password Manager 2.0. 1. Click Start click Programs click Citrix click MetaFrame Password Manager click MetaFrame Password Manager License Administration. The first time you launch Password Managers License Administration utility the License Repository Wizard is launched and guides you through the steps of choosing and setting up a shared folder or Active Directory for the license repository. Note: For this example I have documented the Shared Folder directory. 2. Click Next to continue. 
3. Click to select the directory service you created in the above section and click Next. 
4. Enter the location to the shared folder directory service, created the Configure File Share Directory Service section above, in the Location text box and click the Finish button to have the wizard created the License Repository and launch the Password Manager License Administration tool. 
5. Click the Add License  button. 
6. Enter the Product license serial number in the Product license serial number text box and click OK to continue. 
7. Double click on the newly added license to activate the license. 
8. You are now presented with the Activate License box. To obtain an activation code you will want to visit the Citrix Web site (http://www.citrix.com/activate) and follow the on screen prompts to obtain the activation code. Once obtained please enter the code in the Activation Code text box and click the OK button to continue. 
9. You have now activated the license added above, as shown below. 
Repeat the above steps for any additional user license serial number.
Now that we have configured the directory service and added the necessary licenses you are ready to configure how the Agent will communicate with the directory and any custom agent settings required. The following defines how to configure the Agent to synchronize with the directory created above and I have documented a few of the Agent settings that can be configured. Configure Agent to Use File Share Directory Service The first thing you will need to do is configure the Agent to communicate with the director, created above. The following defines how to configure the MetaFrame Password Manager Agent to synchronize with a file share directory service. 1. Click Start click Programs click Citrix click MetaFrame Password Manager click MetaFrame Password Manager Console. 2. Right click on the Agent Settings node and click New Settings. 
3. Enter a name for the Agent settings in the Name text box and click OK. Note: Remember you can configure different agent settings for different types of workstations. For example if you have remote workers and LAN workers then you might want to configure different settings for each. 
4. Expand the newly created Agent Settings and click the SyncManager node and click Add Synchronizer. 
5. Enter the name of the File Share in the Name text box (i.e., CitrixSync$) and select the directory service configured above in the Sync Type list box. Click OK when finished. 
6. Expand the Share folder name (i.e., CitrixSync$) 
7. Click the Servers node and verify the Configure checkbox is checked and in the Value text box enter the UNC for the File Share created in the above section. 
8. If you are using roaming profiles, and we are, then you will want to enable the DeleteOnShutdown policy under the Shell node. This setting removes user profiles after log. 
9. At this point you will want to go through each setting and verify if you want to enable or disable the feature. Once you are done we will be ready to export the Agent settings.
1. Now that we have customized the Agent setting we will want to export them for future use. Right click on the Agent Settings, in this example the DABCC Agent Settings, and click Export. Click the HKLM Registry Format (.REG) button 
2. Enter a name for the registry file and click Save to continue. 
Save this file in a safe place as you will use it to reload the Agent settings anytime you load the MetaFrame Password Manager Console.
You have now successfully configured the Agents setting and are ready to turn your attention to connecting to the directory, configure the user questions, create and application definitions, created the first time use list and generate a customized Agent installation MSI file. The following defines how to connect the MetaFrame Password Manager Console to the directory. 1. Right click on the Directory node and click Connect To. 
2. In the Directory Type select the Shared Folder and in the Synchronizer Path drop down box enter the UNC location for the File Share created earlier. 
You have now successfully attached to the File Share directory and are ready to continue with customizing MetaFrame Password Manager.
The Edit End User Questions option was designed to give the end-user a bit of additional security. When an end-user logs in the first time they are prompted with the first-time-use wizard and are required to perform a few tasks, one of which is to answer one of user questions. You will want to make sure the questions achieve two goals, 1) choose something that will not change, i.e., mothers maiden name where as your address does. 2) Something simple enough to ensure then end-user will remember the answer as they will be challenged for it any time the end-users Windows password changes. The following defines how to edit the User Questions presented to the end-users in the first-time-use wizard. 1. Click Tools click Edit User Questions. 
2. By default the end-user is presented with a generic question but you have the ability to create more detailed questions. I highly recommend doing this. Click the Add button to add additional end-user authentication questions. 
3. Enter the question you would like presented to the end-user in the Question text box. Remember to make it simple but make sure it is a question the will not change. You will also need to enter the maximum amount of characters you are requiring the answer to be in the Maximum Answer Length text box. You will want to be very careful with this. For example, if you ask for a favorite pets name then you will want to make sure you allow for names such as Sam, my favorite pets name. Click OK when finished. 
4. Repeat the above steps to add as many questions as you would like but do remember that the more questions you have the greater the odds of error. I recommend adding a couple simple questions. 
5. Click OK when finished. You are now ready to move forward with preparing your Password Manger 2.0 environment.
If during the design phase you defined to manage certain applications then you will be required to create application definitions for them. Application definitions allows for a few benefits, 1) it allows a company to restrict the use of Password Manger for only a select group of application, thus reducing support costs 2) allows an end-user to configure their username and passwords for all the predefined application the first time they logon 3) allows an administrator to configure applications and or web sites that the Agent has trouble recognizing on its own. MetaFrame Password Manager ships with preloaded application definitions for commonly-used Windows and Web based applications. If you want MetaFrame Password Manager to support a Windows application that does not have a pre-set application definition, you can do this with an easy to use wizard. How to Add a Windows Based Application Definition from a Predefined Template The following defines how to create a new Windows application definition. 1. Open the MetaFrame Password Manager Console and right click on the Applications node and click New Windows App. 
2. You are presented with the ability to create an application definition. 
3. Citrix has supplied us with a slew of application templates to make the process of creating an application definition all the much easier. If you find that the applications you are configuring is in the list then select it from the Application drop down box. 
4. Click Finish to continue. 
5. You have now successfully created an application definition and are ready to configure its advanced settings. Note: I will be adding information on the advanced configuration in the next version of Methodology in a Box. In the mean time I recommend reading the MetaFrame Password Manager 2.0 Administrators Guide. 
How to Add a Web Based Application Definition The following defines how to create a new Web application definition from a predefined template. 1. Right click on the Applications node and click New Web App. 
2. Select the Web based application template you would like to use and click Next to continue. 
3. You are now required to enter the URL for the web based application. You can do this in two way, 1) through the add button, as documented below or the Browse button that allows you to browse to the web site in case your not sure on the exact URL. Click Add to continue. 
4. Enter the URL to the desired web site and click OK to continue. 
5. Click Finish to continue. 
You have now successfully created an application definition for a web based application.
How to Add a Web Based Application Definition In most cases you will find that there is not a predefined application template for the web site and or web based application you are using. If this is the case you will be required to create a custom application definition. The following defines how to create a new Web application definition from a predefined template. 1. Right click on the Application node and click New Web App. 
2. Enter a name for the web site and or web application and click the Finish button. 
3. Click the Detect Fields button. 
4. Browse to the web site or the web based application you would like to manage. 
5. MetaFrame Password Manager will analyze the page for control and present them to you in the bottom half on the window. Browse the list of controls until you find the username, password and submit fields. 
6. Right click on the item representing the username control and click Username/ID 
7. Right click on the item representing the password control and click Password/Old Password. 
8. Right click on the item representing the submit control and click Submit. 
9. Click OK to continue. 10. Click OK. 
You have now successfully created an application definition for a web site and or web based application.
Adding Mainframe Definitions This section will be added in the next version.
One of the benefits of reconfiguring application definitions is the bulk-add feature. Adding an application to the bulk-add list allows the Agent to ask the end-user to provide their credentials to all the applications in the list during the first time run wizard. The following details how to add and or remove applications from the bulk-add list. 1. Click on the Applications node and click to select the Bulk-Add tab. You are presented with a list of all the application definitions that are currently in the bulk add list. If you desire to disallow the ability for the end-user to pre-configure the credentials of a particular application then click to select that desired application and click the Remove button. If you desire to allow the ability for the end-user to pre-configure the credentials of a particular application that is not already in the list then click the Add button. 
2. If you clicked the Add button then you will be presented with the following windows with a list of all the available application definitions. Click to select the desired application and click the OK button to continue. 
3. Repeat the above steps for all available applications until the Bulk-Add list is configured as you desire. 
From time to time you might want to export MetaFrame Password Managers settings to a file. The following defines just that. 1. Click File click Save As. 
2. Enter a name for the exported data and click the Save button. 
You have now successfully exported the consoles settings. This might be useful if you are adding application definitions that you do not want to add to the directory right away. You have the ability to import them at any time.
Now that you have configured application definitions and any other features you will want to save them to the directory. You will also be required to perform this task if you add, edit, or delete settings after you deploy a custom agent. The following defines how to export MetaFrame Password Manager Console settings to the configure directory. 1. Click on the Directory node in the right pane right click the directory share and click Configure SSO Support. 
2. Click the Console button to export the contents on the MetaFrame Password Manager Console to the configure directory. 
3. You are now prompted to select what will be exported to the directory. In this example we will export everything. Click to select the Send all Applications radio button to export all the configured application definitions to the directory. Click to check the Create First-Time-Use (FTUList) object checkbox. Click the Agent Settings drop-down box and select the desired agent settings configuration. Click Next when finished. 
4. Click the Finish button to export the consoles settings to the configured directory. 
Now that we have configured the Agent settings and created any application definitions we are ready to generate a custom MetaFrame Password Manager Agent installation file (MSI). The following defines how to generate a customized MetaFrame Password Manager Agent installation program (MSI). 1. From a console that is fully configured with the desired settings, click Tools Generate Customized MSI. 
2. In the Base (.MSI) text box enter the name and path to the MetaFrame Password Manager 2.0 Agent (setup.msi). In the Output (.MSI) text box enter the name and path to where you would like the customized MetaFrame Password Manager Agent file to be saved to. Click the Choose button associated with the Applications list box. 
3. Click the Use Console as Source radio button and click to select the Send all Applications radio button to customize the Agent to recognize the preconfigured applications. Click to check the Create First-Time-Use (FTUList) object checkbox to configure the Agent to present the First-Time-Use wizard to end-user users on their first logon after installation. Click the OK button when finished. 
4. Click the Choose button associated with the Agent Settings list box. 
5. Click to select the desired Agent Settings from the Use Console as Source drop-down box. Click OK when finished. 
6. Click the OK button to generate the customized MSI file. 
7. Click OK. You have now successfully configured MetaFrame Password Manager 2.0 and integrated those configuration n to a custom Password Manager 2.0 Agent installation program.
|