We’re sorry for being so quiet for the past few months, but we’ve been busy working on this biggest release of Passwordstate since its initial release in 2004. We’re getting close to finishing it, with only a couple more features left to code and test. In total there about 80 updates in version 7, and below are some of the major features coming.
New Vertical Navigation Menu
In version 6 of Passwordstate we introduced a new Horizontal menu system at the bottom of the page. While this was well received by most customers, some customers didn’t like it. So in version 7 you will have the option of either a horizontal menu at the bottom of the screen, or a new vertical menu on the left-hand side of the screen.
There are 3 ways in which you can choose the Menu System to use – 1. It can be applied System Wide for all users, users can choose it as part of their Preferences, or you can create a User Account Policy and apply the setting to specific users or security groups.
Different Colour Themes
So you probably noticed a different shade of blue above J Yes, we’ve finally added in colour themes for version 7, and they can be applied the same way as the menu option above can be applied – System Wide, User Preferences or User Account Policy. Believe it or not this took quite a bit of work, as we needed to figure out how to change the colours applied to the Telerik ASP.NET Ajax Controls – http://www.telerik.com/products/aspnet-ajax.aspx
Browser Extensions for Form-Filling Web Site Logins
We’ve had a lot of customers requesting this feature, so we’re very excited we can finally offer it. Initially we will be releasing the extension for Chrome, and once we and our customers are happy with the functionality of it, we will provide extensions for Internet Explorer and Firefox as well.
Most of you are probably familiar with this sort of extension, and it will be similar to the functionality provided by LastPass, RoboForm, or any of the other offerings. Basically it allows you to save all your web logins into a Password List of your choice, and then every time you visit the site the extension can login for you automatically, without you needing to type in your username and password.
Discovery Different Windows Hosts on the Network, and Manually Add or Import Linux/Routers/Switches, etc
In itself, this feature doesn’t provide any real functionality, but is a pre-requisite to two other major features in version 7. You have the option to import Hosts via a CSV file, or we’ve added a ‘Discovery’ process which can query your Active Directory environment for Windows Hosts, and automatically import them into Passwordstate.
Access to each of the Hosts within Passwordstate are also permission based, so once imported you need to apply permissions for users who wish to make use of the new features which rely on the Hosts records. Below are a couple of screenshots of the Hosts screen, and the Discovery screen.
Reset Passwords Just About Everywhere
One of the major features in version 7 is the ability to change passwords automatically on various remote systems. The following will be supported when V7 is released:
- Active Directory Accounts
- Local Windows Accounts
- Windows Services
- IIS Application Pools
- Scheduled Tasks
- Cisco network equipment (routers, switches, etc)
- Linux/Unix Accounts
- Microsoft SQL Server and MySQL Server accounts
The Password Reset, Password Validation, and Resource Discovery features, are all achieved via the use of PowerShell scripts (we’re calling Windows Services, IIS App Pools and Scheduled Tasks ‘Resources’ in version 7). In the early planning stages, we were a little undecided whether to build our own ‘agents’ to be deployed to hosts to allow the password resets, or whether to use PowerShell scripts. In the end, it made much more sense to use to use PowerShell scripts, as it gives our users a lot more flexibility if they need to modify a script themselves, and some customers already use PowerShell heavily for managing their Windows environment. Unlike any solution for accessing and make changes to remote hosts, there are some system requirements for this functionality – primarily the Windows hosts will require PowerShell 2 or above installed, and PowerShell Remoting enabled. We provide full documentation for what’s required here. This functionality also works for non-trusted Active Directory Domains, so if you look after a lot of different client environments, all you need is functioning DNS, and domain account credentials with privileges to make the change. Below is a screenshot of the default scripts we provide, as well as a screenshot of one of the scripts. You can modify these scripts, restore the default script, or add your own.
As an example of the flexibility of this feature, when a password is updated in Passwordstate, you can also execute a PowerShell scripts to run any of your own custom MS SQL or MySQL scripts, say to update data in a table. The possibilities are only limited by your scripting skills J
Discovery Windows Services, IIS App Pools and Scheduled Tasks
As mentioned above, it’s possible to perform password resets for Windows Services, IIS Application Pools, and Scheduled Tasks which are configured to run under the identity of a domain account. While you can manually add these ‘Resources’ into Passwordstate, we’ve provided a feature where by you can automatically discovery them on your network, associated them automatically with the appropriate host, and also add the domain account used to a selected Password List if it doesn’t already exist in it.
Launch RDP, SSH, Telnet and VNC sessions to Remote Hosts
This is another new feature which takes advantage of adding/importing hosts into Passwordstate. Once you have installed out Remote Session Launcher utility (Windows only), and created one or more ‘Remote Session Credential Queries’, then you can launch a remote session to Hosts without having to enter your credentials to authentication – it logs you in automatically, and adds appropriate auditing records to reflect the action. The basic process use this functionality is:
- Install the Remote Session Launcher utility (Windows only, and requires PowerShell to be installed)
- Make sure you have all your Hosts added/imported into Passwordstate
- Create one or more Remote Session Credential queries, and link it to a password you have stored in Passwordstate – screenshot 1 below
- Now when you click on a Host in Passwordstate (screenshot 2 below), if the Host matches one of your saved “credential queries”, then it will launch the remote session without you needing to enter your Username and Password. There’s also an option to specify your login details manually if needed.
We also have provided a dedicated ‘Remote Session Launcher Screen’ which will allow you to use this feature all day long without being automatically logged out of Passwordstate if you are inactive for a period of time.
Two-Factor Authentication with Dou Security
We’ve had quite a few requests recently to support Duo Security Two-Factor Authentication (https://www.duosecurity.com), so we’ve added support for this to the Web User Interface, and the Mobile App
More improvements to the API
We’ve also made some improvements to the API in version 7, specifically:
- You can now add Folders and Password Lists through the API
- We’ve made it more secure by allowing the API Key to be specified in the Request Header instead of the querystring
- Private Password Lists can now be queried in the API, but only when using the Password List’s API Key, not the System Wide one.
And Various other Features
As mentioned, there are 80 updates in total, and below are a few more mentions:
- New Dashboard Layout for Password Home and Folder pages – allows you to choose which panels to display, and where
- New Favorite Password Lists feature, whereby favorites can be easily filtered in the Navigation Tree
- New “Self Destruct Message” feature for sending time-bombed messages to other users
- Added the ability to encrypt any one of the Generic Fields you can select for Password Lists
- Auditing data for the High Availability instance is now maintained if the HA site is accessed
- Added option to Password Lists to ensure passwords are not visible or can be copied to clipboard
- Added option to force users to use the Password Generator associated with a Password List
- User Account Policies can now dictate what Template to be used when creating Shared or Private Password Lists
- Added the ability to generate random passwords based on a pattern of alphanumeric characters
- Added the ability to exclude certain characters from a generated password
- Filtering in the Navigation Tree can now also filter on Folders names
- Users password, when using Forms based authentication, will now expire after a set period, and password reuse is prohibited
- Email alerts from the High Availability instance of Passwordstate are now queued, instead of being sent real-time
- Added the ability to see all Private Password Lists on the screen Administration -> Password Lists. Only features available with this is deleting the Password List, or changing settings
- Moved all ‘Administration’ navigation menu items to their own Navigation Tree
- It’s now possible to send specific email notifications to a generic email address
Quite a log post, but we have been busy J We hope you all like version 7 when it’s released in a month or two’s time.