Installing Passwordstate on a Windows 10 PC

One of the issues faced by small businesses, especially in today’s Cloud First World, is there is very little in the way of computing infrastructure that is hosted out of a bricks and mortar premises. A lot of small business utilising SaaS (Software as a Service) based applications typically have an Internet modem/router, a number of individual or shared PCs, a local printer and a small network switch connecting all these together.

This type of setup may make it seem hard when you need to centrally manage your accounts and passwords. But it doesn’t need to be. Passwordstate will quite happily exist on a Windows 10 PC with only modest resources. In fact, I recently purchased a small form factor PC (Intel i5 NUC) with 16Gb of Memory and a 1 TB SSD hard drive, along with a copy of Windows Professional for under $1,000 AUD or $750 USD. This handles the Passwordstate workload for 5 users with ease. The minimum system requirements can be found here.

Hardware and Operating System Prerequisites

Assuming you’ve got either an existing Windows 10 PC, or a brand new PC, you’ll want to do the same thing. That is install a completely fresh copy of the Windows 10 operating system. Don’t be tempted to just delete some “stuff” off of the existing PC and then use it as is. You’ll be forever chasing down why things aren’t working properly, if not immediately, then at some stage in the future. Just bite the bullet and perform a clean install.

You’ll need to ensure the edition of the operating system is Windows 10 Professional. Once the base install has been done ensure that you’ve applied all the operating system patches by going to Settings->Windows Update->Check for Updates.

When prompted to create an account, create a local account as you’re effectively creating a Passwordstate appliance that will only need to have one (1) login. This won’t be a shared PC, it’ll be dedicated to running your Passwordstate Instance. From now on anytime you need to login to the PC itself you’ll be using this account.

Next, you’ll need to confirm the version of PowerShell and .Net Framework that is installed. A clean install of Windows 10 that is fully patched should be running PowerShell 5. To confirm the version you have, simply search for Windows PowerShell, select Run as Administrator, and type in $PSVersionTable and hit return. You should see a response like the one below,

If your result shows the PSVersion lower than 5 you’ll need to install the latest. Just search for “how to install PowerShell 5” in your browser and pick one of the top responses and follow the instructions. You’ll also need to have the correct .Net Framework installed. This can be also confirmed in PowerShell (running as Administrator) by typing,

Get-ChildItem ‘HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP’ -Recurse | Get-ItemProperty -Name version -EA 0 | Where { $_.PSChildName -Match ‘^(?!S)\p{L}’} | Select PSChildName, version

Your result needs to be 4.7.2 or higher. If you need to upgrade to the latest version search for “Install the .NET Framework on Windows 10” in your browser and pick one of the top responses and follow the instructions.

Download Passwordstate and Install SQL Express

Assuming you’ve already downloaded Passwordstate, you’ll need to extract all the files from into a directory on the PC. If you haven’t downloaded Passwordstate yet then follow the prompts here.

To extract the files just open the file and select the Extract All from the File Explorer Extract->Compressed Folder Tools Menu. This will extract all the installation files as well as copies of the documentation. In this you’ll find the following documents;

\Installation Instruction\1_Preinstallation_Checklist.pdf

\Installation Instruction\2_Quick_Install_Guide.pdf

\Installation Instruction\3_Installation_Instruction.pdf

I’d thoroughly recommend running through the 1_Preinstallation_Checklist.pdf to ensure you’re ready to start. It’ll cover off on the requirements for the Web Server and Database Server and link to other documents as required. One of these linked documents will take you through how to download and install Microsoft SQL Server Express. This needs to be done before you commence the Passwordstate installation. When you install SQL Express you’ll be prompted to create an sa account. Remember the password you specify for this as you’ll need it later on!

Once you’ve covered off on all of the checklist items, you’re ready to start the Passwordstate installation. Open up either the 2_Quick_Install_Guide.pdf or 3_Installation_Instruction.pdf and get ready to go.

Install Passwordstate

Click on the Passwordstate.exe file that has been extracted. You’ll probably be prompted by User Access Control asking Do you want to allow this app to make changes to your device, as per the image below,

Just click on Yes to continue. You’ll then be presented with the InstallAware Wizard that’ll guide you through the installation process. Click Next,

Specify the destination folder you want Passwordstate to be installed in. I would highly recommend that you keep the default destination folder to ensure you have no issues with future In-Place Upgrades etc. Then click Next,

You’ll now be prompted to supply the preferred URL that will be used when you browse to your Passwordstate website. By default, this will be the name of your PC. If you’re just running the Passwordstate Instance on your local network you can keep this as is. Note that you’ll be initially using a Self-Signed SSL certificate for this website. Again, if you’re running just on a local network this is fine. Click Next to continue,

You’ll be presented with the Completing the InstallAware Wizard for Passwordstate screen. The Wizard will now configure Passwordstate on your computer. Once completed you’ll be presented with the screen below. Take note of the URL that is presented (in the red circle) as this is the URL that you’ll be browsing to in the next section and click on Finish.

First Time Configuration and Initialization

Now that Passwordstate is installed you’ll need to create and initialize the database and create a Passwordstate Admin Account. To do this open your web browser and browse to the Passwordstate URL that was created. If you used the defaults, you’ll just need to type in the PC name immediately after typing https:// . This will open the following web page,

From here you’ll need to select Primary Instance and click Begin. You’ll now be prompted for your Database settings,

You’ll need to supply the Database Server Name, which is the PC Name you are using, specify SQLEXPRESS as the SQL Server instance Name, the sa account for the SQL Login Name and Password that you used when installing SQL Express. Once you have supplied these details click on the Test Connection button. If everything is correct the Status at the bottom left will change from Not tested to Connection Okay and the Next button will become available to click on. Once clicked on you’ll be taken to the System Settings section.

Here all you really need to be concerned with is selecting the Authentication Method to be Forms Based Authentication and… very importantly…creating an Emergency Access Account. The Emergency Access Account is the “break glass” account that let’s you into the Administration area of Passwordstate in the event you can’t logon as normal with a User Account. It’s intended to be restricted to the person that handles all the Passwordstate Security Administration, it has an elevated level of auditing and doesn’t allow access to Password Records or Lists. Once you’ve supplied these details click on Next,

You’ll now be prompted to create the first Account. This will be the Admin Account and is typically used by the person that handles all the Passwordstate configuration and support. This Admin Account is granted the role of Security Administrator for this purpose. Enter the details and click Next,

Your setup is now complete… but you’ll need to export your Encryption Keys first. The Encryption Keys are split into 4 secrets, with 2 of the split secrets stored in your Web.config file. The other 2 split secrets are stored within the Passwordstate database. It is absolutely crucial that these are backed up!  In the event of a disaster, and you are unable to locate a copy of your Web.config file and database, Click Studios will be unable to help you rebuild your Passwordstate environment. Enter a password to encrypt the .zip file backup and click on Export Keys (and then store them somewhere safe),

And that’s the base install pretty much completed. Now you can click on the Start Passwordstate button and logon. Now when you open a browser and type in the Passwordstate URL you’ll be prompted with the Forms Based Authentication login screen below,

and on entering the Admin Account details you’ll be logged into Passwordstate and be presented with the Passwordstate Guided Tour dialog. As a new user to Passwordstate it’s worthwhile doing this.

Anti-Virus Exclusions

One issue you may face is performance and or website session termination as a result of Ant-Virus software running on the Windows 10 PC (and on Servers). Some Anti-Virus solutions are worse than others, but regardless, you should look at setting up exclusions for Passwordstate. In the example here I’m using the stock standard Windows 10 Anti-Virus solution (Microsoft Defender). In the screen shot below you’ll see I’ve set exclusions on both the C:\inetpub directory, and the default is for all subdirectories as well, and on the w3wp.exe process that is used by IIS,

And that’s it, you’re now ready to start adding User Accounts, and your users can start adding Password Lists and Password Records for all their passwords. For small businesses a Windows 10 Machine, on a local LAN and using Forms Based Authentication is a simple and effective way to get Passwordstate up and running. Now there’s no excuse to not centrally managing your passwords!

As always, we welcome your feedback via

Speak Your Mind