Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. support

    Security architectural diagram

    Hi tburke, We're working on a document at the moment for this, and I can email you a draft copy now. We will eventually publish this on our web site, and include it in downloads. Regards Click Studios
  3. I have pieced together most of the security ports needed to setup possible systems from the security admin manual. https://password.gcpud.org/help/securityadminmanual/index.html?introduction.htm My request to Clickstudio is for a specific network diagram that explains all the ports that need to be opened in all of the Passwordstate scenarios. This includes the remote site, reset portal, mobile. I realize it's mostly 443 ports being opened but there are things like the gateway on the Passwordstate server seems to require a certain port for communication. Scripts require ssh and winrm. What ever the heartbeat stuff needs...stuff like that. I'd like to see a single, nice clear diagram of all these things working together so I can just hand it over to my security administrator and not spend allot of time trying to figure out if something is incoming through the firewall or needs two way traffic and what ports. I'd like to know all the ports as if even the OS servers our completely closed up and I need to re-open up just what I need to get things working. I've seen some diagrams looking through the documentation but not everything in one spot so I can have a fairly quick meeting with our network security people.
  4. Today
  5. Hi Marek, No it is not sorry. We do not have the ability to have live replication of the SQLite database. Regards Click Studios
  6. Hi Tbourke, Can you open IIS and check to see if your Windows API is configured similar to my screenshot below? It should look like a website icon, not a folder icon. Can you also look under the Application Pools to ensure there is one for the WinAPI and also who is it running under? Is it Network Service or some other account? Regards, Support
  7. HI tburke, Thanks for confirming, and Anonymous Authentication being enabled is the default for a new install, so you must have disabled it? If you enable Maintenance Mode under a certain account, you need to log back in with that account after the first phase of the upgrade is complete. So disabling Anonymous Authentication here has caused this issue for you, as you could not longer log back in with this 'Forms' account you're referring to. Regards Click Studios
  8. Thanks for your suggestions tburke - we appreciate it.
  9. Yesterday
  10. With the new request access to passwords feature, the approver can only reject or approve a request. It's up to the requestor to set a date and time for when he/she will have access to the record. A customer has requested that the approver should be able to modify that time during the approval process. Regards, Support
  11. support

    API for export all KeePass encrypted zip

    Hi Tburke, We generally recommend High Availability for disaster recoveries, as exporting all passwords does not export Private password lists. Unfortunately, we do not have an options in the UI to zip a file or password protect it sorry, so a custom script would be the best way to achieve this:) Regards, Support.
  12. As one of my programmatic secondary backup plan I wanted to use the API to dump the passwords periodically for save keeping. I'm reading up on the api call to do the export all and it's pretty easy to get the data using a simple powershell command as described in the documentation. Then you can just export that into a CSV by piping it into "Export-CSV". Easy enough, but I really like the in UI where I can export as KeePass encrypted zip. Before I try and write this myself, is this already available as a sample or API parameter?
  13. Looks like the link for the "Windows Integrated API Documentation" on the 8519. I reconfirmed with build 8556 and see it there as well.
  14. Ah, this worked great, thank you! So the only thing really missing here is setting that value under "Administration" and "System Settings" and "miscellaneous" at the same time. I would think if your replacing the webserver you would want this updated as well. Maybe have it as an option when adding the server like this? This seems like it's really close to being able to be containerized. I'd love that to be the update path, just drop in a new container instead of pushing these files around...plus it would be easier to test out new features before deploying them. Since all the configuration is kept in the database, this would be really slick setup.
  15. Anonymous Authentication was disabled for the site. Flipping it to "enabled" allowed me to log in and the second stage of the update worked great. For this "Forms" setup I was testing with (just isolated setup to test this sort of thing so I didn't have it connected to an AD), is part of that particular setup, do I need to manually flip this option in the IIS site settings?
  16. So is it not possible to have selfdestruct portal on the both servers in HA?
  17. Well this has been a long time in the reply and we're sorry we haven't reported back here earlier about this, but converting Private Password Lists to Shared Password Lists is now disabled by default as of Passwordstate 8. If you need to convert a Private List to a Shared one, please see this forum Post: https://www.clickstudios.com.au/community/index.php?/topic/2398-how-do-i-take-ownership-of-a-private-list/ Regards, Support
  18. Hello. We've just made a change for the next release, and you won't need to manually enter this blank GUID1 string in the file - it will work as expected and do this for you. Regards Click Studios
  19. Hello, Do you have Anonymous Authentication disabled for the site in IIS - this is the only think I can think of where it would present this screen to you, as Passwordstate is detecting your accessing it using a different domain account? You can clear this in the database if you like, by running the following command using SQL Management Studio: USE Passwordstate UPDATE SystemSettings SET MaintenanceModeUserID = '' Rergards Click Studios
  20. But that is just it, I can't get a login prompt to get back in to complete the install. I've tried just the base url https://mysite without the 'error....' part and just give me this below. One thing I forgot to mention in this scenario, I"m doing the form based login and because I don't have an AD where I'm spinning up this test. I tried redirecting the url to different login aspx files but I haven't hit one that works yet so maybe I'm not approaching this the right way.
  21. Last week
  22. Hi tburke, Can you let us know what you see on the screen at the moment? If you enabled maintenance mode before the upgrade started, then you need to log back in with the same account to finish the second phase of the upgrade, which is to upgrade the database? So there are two stages to the upgrade: Upgrade all the files Upgrade the database Thanks Click Studios
  23. Sorry for all the questions lately. I'm just trying to go through all of the scenarios on a test system before I try it on our new production passwordstate setup. Senario Upgrading from v8.5 (8519) to newest (which at the moment is 8556) using the automatic upgrade option within Passwordstate. Using the doc: https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf Problem Auto update leaves my system in "Upgrade In Progress" when access the webpage with now way to get out of that state. Attempted I tried to go back and do the manual step to see if I can move it along. So simply shut the service down, shut IIS down entirely because of some locked out file. Downloaded the latest upgrade, copied it into the passwordstate folder as described, started the windows service and IIS back up. Still got the " Upgrade In Progress". Logs UpgradeLog.txt (from when doing it through the push button way on the website) Other Info So I did look away during the upgrade, and was auto logged out. So I never had a chance to put it back into non-maintenance mode. Maybe that's just the problem is that it still thinks it's in maintenance mode but I can't log in to take it out of this mode. The database is still at 8519 when I do the build query on it so I know there stuff not done there but probably because I can't get logged back into the web service.
  24. Hi tburke, Thanks for pointing this out, and we need to update our documentation here a little bit - what you will need to do is add the following line in your web.config file: <add key="GUID1" value="" /> Once this is done, and browse to the site, you will be prompted to enter your Emergency Access password to register the web server properly. It seems to be adding a duplicate GUID1 setting when doing this, bit does work - we will look into why this is doing this. Sorry for the oversight, and we will update our documentation now. Regards Click Studios
  25. support

    Using Browser Extension - Auditing Concerns

    Hello, Yes, we are aware of this issue and have fixed it for the next rounds of releases for broswer extensions. We did not want to release so late in the year, as these new extensions when they automatically update in your browser, will force you to also upgrade Passwordstate if you want to continue using the extensions - there is a dependency change in the API needed here. So we will release these updates at the start of next year. Regards Click Studios
  26. Hello, I tried to see if this issue has already been brought up but did not find anything. It has been brought to my attention, the following scenario: A user browses a website, lets say "https://portal.office.com" where they have a password entry saved in their private password list. We also have a high number of shared passwords that have the same URL. When the user browses "https://portal.office.com" the auditing log shows that the user "retrieved password" for every password we have in the database using that URL. I feel that this process should be revised (assuming it has not been yet as we have yet to update to the latest version). There shouldn't be an audit entry stating that the password was retrieved unless it was actually pulled and used. Maybe pull a list of titles/usernames and audit that but not the actual password unless it is intended to be used by the end user. This fills up the auditing log and could cause for some confusion when a user is showing tons of password pulls when they did not intentionally do so. Has anyone else run into this? Thank you.
  27. Ok, wiped it all out again, same process, restore database, remove passwordstate_user on the database....read it in the security section making sure it's the owner of the passwordstate DB. Query to DB looks fine. Spun up a brand new IIS box, installed Passwordstate. In the web.config before pointing the browser to the site: Updated Connection string with IP of SQL server, passwordstate_user and password. Turned "SetupStage" value to "Setup Complete" Added values for Secret1 and Secret2 Restart entire IIS service just to be sure. Using the above query on the DB I got: No Guid1 added in web.config at this point. Back to using the "/emergency" Url. Emergency password worked and I'm in the Administration tab. Can't add web server, same as before. So the next thing I tried was inserting the GUID1 key back into the web.config. Sure enough, this time when I went to the normal url (without the /emergency path) I get the "Web Server Not Registered". I entered my emergency password and it looks like it adds the web server just fine and I'm good to go. I'm a little worried about not being able to reconstruct the web.config by just using the exported keys. I haven't tried it with the latest build, I'm still testing this at V8.5 (Build 8519).
  28. Hello Clickstudios, The RADIUS Secret is currently visible. Can this field be marked as a password field? Its not really an feature request, but it will increase the overall security of the system. Thanks in advance!
  1. Load more activity