All Activity
This stream auto-updates
- Past hour
-
Yea, a minute after enabling the account, the next item is this Passwordstate Windows Service disabled the User Account
- Today
-
Hi Scoot, What schedule do you have set here for the AD sync, because above you said this happens every few seconds to minutes, but the minimum schedule we have here for the sync is 5 minutes. If you look on the Auditing screen, does it report the Passwordstate Windows Service is the process which is disabling the account? Regards Click Studios
-
Hello enigmatic, Other customers have the WinAPI from Linux machines - here is the forum post discussing it - https://www.clickstudios.com.au/community/index.php?/topic/2387-can-winapi-be-used-via-a-linux-shell-script/ We hope this helps. Regards Click Studios
-
It was already toggled off, but i toggled it on. And the account is still disabling itself after about 15 seconds.
-
That could solve it as all people involved have windows workstations, but scripts that need to fetch from passwordstate are often run remotely on linux boxes or automatically in response to some defined trigger... Would it be possible to extract some sort of auth header created by "Invoke-Restmethod -Method Get -Uri $PasswordstateUrl -UseDefaultCredentials" and reuse it on a different box (for example in curl as a request header)?
-
Hugo joined the community
-
Sometimes basic users are so basic that they can't go over a 1-click access, they don't remember the URL. I've done a very easy 3rd level redirect but they are sooooooooo basic and isn't enough. APP is more user friendly.
-
and for the password form too top would be versioning of changes
-
+1
-
+1
-
Scanning an Active Directory OU and adding each group into Passwordstate
support posted a topic in Passwordstate API
Purpose: Currently as of Build 8782 Passwordstate does not have a feature in the User Interface to scan an Active Directory OU and automatically add in all the security groups. This Powershell script can do this as an alternative way, which will search an Organisational Unit of your choice and add each security group in via the Passwordstate API. The Security Groups will automatically sync all members within about 1 minute of being added into the system. You must be running Passwordstate 8782 for this to work, and you'll find the Security Groups API key under Administration -> System Settings -> API The script is listed below, and you could potentially put this into a Windows Scheduled Task to run on a regular schedule. Please change the variables on lines 2,3,4 and 5 to suit your environment: #Set following core variables in lines 2,3 & 4 $APIKey = "6c27d83f5a9b43e79843b632fe5dac5e" $PasswordstateURL = "https://sandbox.contoso.com" $Domain = "contoso" $OUtoScan = "OU=Test,OU=Sandbox Testing,DC=contoso,DC=com" #Begin Script #Construct API URL for use later in script $APIURL = $PasswordstateURL + "/api" #Find Security Groups in OU $SecurityGroups = (get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase $OUtoScan).Name #Cycle through array and add each security group to Passwordstate foreach ($SecurityGroup in $SecurityGroups) { #JSON data for the object $Body = @{ SecurityGroupName = $SecurityGroup ADDomainNetBIOS = $Domain APIKey = $APIKey } # Convert Array to Json $jsonData = $Body | ConvertTo-Json #Add the group to Passwordstate $result = Invoke-Restmethod -Method Post -Uri $APIURL'/securitygroup' -ContentType "application/json" -Body $jsonData } Regards, Support. -
Hi Scoot, It sounds like something in the sync process is not acting like it should be. Possibly the privileged account has issues reading that one particular account due to some sort of AD permission structure. This is a bit of a band aid approach, but maybe change this system setting to No and it won't happen anymore: Regards, Support
- Yesterday
-
Have any of you come across an issue where an account keeps auto-disabling itself? I enable it, and a few seconds to a few minutes later it shows disabled. Accounts are synced through AD and it is not a disabled account or anything. Its also an administrator account in PS. I tried upgrading to the newest version, and am going to try recreating the account entirely unless someone has an idea what to look for on here. Thanks
-
Hello, It is SQL Server which moves data between the two instances, and not Passwordstate - so we expect your replication is not working correctly. Can you ask your DBA to look into this? Regards Click Studios
-
Hello, Thanks for your feedback. We're not sure if you're able to use it or not, but have you considered our Windows Integrated API - this does not need any API Keys, and gives you the same level of access as when you log into Passwordstate? Regards Click Studios
-
With our latest update 8782 our HA replication is not working. Changes are not replicating to the backup server. Publication and subscription are setup correctly.
-
U M joined the community
-
We have multiple password lists. Lists are grouped in folders. Folders have access control enabled with different people assigned to each one. Each list can be accessed by API using per list APIKey. If we use the same APIKey then everyone who needs to have automated access to one of them has access to all of them. If we use different APIKeys for each list then we preserve per folder access, but automatic access gets more complicated since we have to juggle both Passwordlist ID and APIKey (that should be secret and can't be stored in repo - like "hey before running this, set these 5 different apikey secret variables and don't write it down or check it in") What would be nice if there was a per user APIKey that would allow access to API like "/api/passwords/${LIST_ID}?QueryAll". This way everyone could run automated scripts and have access to all the password lists that they are assigned access to in Passwordstate by setting a single UserAPIKey environment/Header variable, and let Passwordstate to handle access control.
-
enigmatic joined the community
-
We backup PasswordState twice a day. We would like to receive the backup succesful e-mail on our department e-mailaddress which is not a security admin or user in passwordstate. In e-mailtemplates you have the option to include the send emails also to.... option. If we enable this template and configure the send to option all security admins will also receive the report twice a day in the personal mailbox. We don't want that. We want to have the send emails also to...option also available in the Email Notification Groups .... or .... that Email Notification Groups respect the also send email to option set in the template.
-
HRNL joined the community
- Last week
-
How to use the exported encryption keys
support replied to Christian Andersen's topic in General Support
Hi Christian, We have some information in our User Manual under the Help menu for Disaster Recovery, and you can find this in the KB Article section. Or you can reference the manual here https://www.clickstudios.com.au/downloads/version8/Passwordstate_User_Manual.pdf Generally you should never need to do anything with these keys, as long as you have backups of your Passwordstate folder and database. It is recommended to keep backups of the keys though, in case you chose to encrypt the AppSetting section in the web.config file. Regards Click Studios -
Hi Eric, Can you check again that "As per the screenshots below, can you confirm the encryption key is set correctly in the file C:\inetpub\Passwordstate\selfdestruct\web.config – this path will be different if you have installed this site separately" - I assume this matching the encryption key on your System Settings -> Self Destruct Messages? If you go to the screen Administration -> Error Console, is it reporting any more error data for this? It's odd that we get the message "The underlying connection was closed", when you've confirmed all the information above is correct - we're not exactly sure what else could cause this. Regards Click Studios
-
Capitalise First Letter in Password generator Policy?
support replied to Josh Dinsdale's topic in Feature Requests
Hi Josh, We don't have the option for this in the UI sorry, so it will have to be a feature request. I've moved this to our Feature Request forum where users can vote on it, and we'll do our best to put it into a future build. Thanks for your suggestion! Regards, Support -
Capitalise First Letter in Password generator Policy?
Josh Dinsdale posted a topic in Feature Requests
Is there a way to capitalise the first letter of generated word phrases in a password generator policy? We want to achieve something like the following: BiggestSettle786 Also, it would be cool if a random word phrase word could be a variable in the 'Generate Using a Pattern' option. Thanks! -
Troubleshooting Sending Self Destruct Messages
Eric Young replied to support's topic in Known Issues
I believe it is not configured: I configured it, but still get an error: -
I am missing a guide about how i can restore using the extracted encryption keys. So I have the keys but how do I use them ? If i have missed something please let me know Thanks
-
Restrict access to a Private Password List
support replied to Faktor400Postkasse's topic in General Support
Hello, You could use a User Account Policy for this, found under the Administration area. Create a policy, configured the two settings below, and then save the policy. Now apply permissions to this policy for "All Users & Security Groups". For any existing Private Password Lists you have, you can also link these to a template from the screen Administration -> Password List Teamplates. -
Hello tboggs13, At this stage we do not have support for updating existing password records - this will be something we'll look into for a future release. Regards Click Studios
