Automatic Password Rotation

Hello Everyone,

In Version 6 of Passwordstate, we have another new feature coming called ‘Automatic Password Rotation’.

With this feature, when a password expires (based on the ExpiryDate field), you can specify various options for automatically generating a new password and synchronizing the change with the Active Directory or Local Windows account.

You can specify the default values for these options at the Password List level, and then when you add or edit a password record, it will inherit the settings from the Password List. You can then choose to over-ride these values if you like. The options available are:

  • To enable/disable the feature
  • The time of day you want the password to be rotated
  • How many days you would like added to the ExpiryDate field
  • Whether or not to email Password List Administrators when the rotation was successful, or if it failed (for any reason)

Once you save the password record with these options, these settings will stay saved even after the initial rotation – effectively it’s a set and forget feature which will continually generate and update passwords when specified.

The following screenshot shows each of the options:

Automatic Password Rotation

 

We hope you like this new feature when V6 is released, which is just around the corner 🙂

Regards
Click Studios

Comments

  1. Using v6 beta. This new feature doesn’t seem to work properly when I manually expire a password.

    I have an AD account with admin rights on our servers which I’ve given to passwordstate. I’m telling passwordstate to sync passwords to Windows servers.

    It doesn’t auto-generate a new password, nor does it auto-sync.

    All it does is add an entry to the password history and copy over the old password. I get an email however.

  2. Hi Andy,

    In the current Beta 3 build these options only relate to Active Directory accounts, not local accounts on Windows Server. Initially we couldn’t figure out how to do this with local windows accounts, as you cannot issue the same LDAP statements as you can with Active Directory.

    After seeing your blog comment, we’ve spent some time this morning figuring out how we can do this for local windows accounts, and we’ve had some success.

    Thanks for your comments, and this will work in the official release of version 6.

    Regards
    Click Studios

Speak Your Mind

*