Configuration

In default configuration of solution, management tools do not require specific configuration to be able to communicate with PDS – PDS is automatically discovered using discovery process as described here

However, there may be deployment scenarios that require configuration of management tools. Management tools are configurable via configuration values stored in the following registry path:

HKLM\Software\Policies\Microsoft Services\AdmPwd

Currently the following configuration values are supported:

Value	Type	Meaning
UseSharedSPN	REG_DWORD	Setting to non-zero causes management tools to use SPN SVC/AdmPwd when authenticating with PDS When set to zero or not present at all, management tools use SPN HOST/ when authenticating with the service. See [PDS configuration](../Password-Decryption-Service/Configuration.md) for more details on when and how to configure PDS to use specific SPN. Managed by policy “PDS service runs using domain account”
PDSList	REG_MULTI_SZ	List of PDS instances to be used by administrative tools. When this value is specified, management tools do not USE DNS SRV records to discover PDS instances, and rather use instances specified here. Supported format of values: <Host FQDN>(Example: host.domain.com) <Host FQDN>:<Port> (Example: host.domain.com:61185 - used when PDS does not listen on default port) <Host FQDN>:<Port&gt:<AD Forest DNS Name> (Example: host.domain.forest.com:61184:forest.com - used when UI and POwerSHell module are expected to work withz multiple independent AD forests) PDS instances are used in order specified in the value Managed by policy “PDS to be used”

Value

Type

Meaning

UseSharedSPN

REG_DWORD

Setting to non-zero causes management tools to use SPN SVC/AdmPwd when authenticating with PDS When set to zero or not present at all, management tools use SPN HOST/ when authenticating with the service. See [PDS configuration](../Password-Decryption-Service/Configuration.md) for more details on when and how to configure PDS to use specific SPN. Managed by policy “PDS service runs using domain account”

PDSList

REG_MULTI_SZ

List of PDS instances to be used by administrative tools. When this value is specified, management tools do not USE DNS SRV records to discover PDS instances, and rather use instances specified here.

Supported format of values:

<Host FQDN>(Example: host.domain.com)
<Host FQDN>:<Port> (Example: host.domain.com:61185 - used when PDS does not listen on default port)
<Host FQDN>:<Port&gt:<AD Forest DNS Name> (Example: host.domain.forest.com:61184:forest.com - used when UI and POwerSHell module are expected to work withz multiple independent AD forests)

PDS instances are used in order specified in the value Managed by policy “PDS to be used”

Note: In GPO UI, all configuration settings related to configuration of CSE ale located under Computer configuration/Administrative Templates/AdmPwd Enterprise/Administrative Tools path