Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Last week
  3. support

    Have I Been Pwned? Integration

    Hello, Thanks for the feedback - we appreciate it. To have an offline version of this, it would be a complete new module for Passwordstate. And as we've discussed, there would need to be some sort of process for constantly updating this DB. At this stage we're not sure what the interest is from the community on this, so we will need to wait to see how many customers would like it. Regards Click Studios
  4. sqhharsunen

    Have I Been Pwned? Integration

    Well, using range search is fine for anonymity-wise. But if there would be a option to use offline list, I'd still choose that one. Hosting 30GB of files on a Windows server is not an issue, I would not expect it to be for anyone opting to a offline list. Just the search performance would need to be quick and if making transforms from the source files to some other form, performance of that transformation. Transformation could also happen on some other server than one's hosting PasswordState. One thing to scratch your heads, would be when Troy releases new version of pwned passwords list, would it be manual update and how would we get information, do we need to follow Troy's blog or could you provide the information about list updates within PasswordState notifications. Without offline list support we need to weight the pros and cons of using online API for this feature.
  5. support

    Have I Been Pwned? Integration

    Hello, Yes, the API call being used is https://api.pwnedpasswords.com/range/ We did download the database ourselves, and when you extract the zip file it's about 30GB. Would you want to host something that big? And this database is constantly being updated as well. We'd need to figure what high performance DB we would use for this as well, as you wouldn't want to overheads of SQL Server for this sort of functionality. Regards Click Studios
  6. sqhharsunen

    Have I Been Pwned? Integration

    And is the API request using the "Range" type? Any plans to support the offline list version for companies not having internet access from PasswordState server?
  7. Hi Everyone, Today we have release build 8397, which includes 1 new update and 8 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  8. support

    Have I Been Pwned? Integration

    Hi Everyone, Happy to report back here that we now have Pwned integration in our software, in our standard Passwordstate Vault and also in the Password Reset Portal module. After upgrading to 8388 or higher, you will see this option under Bad Passwords: Then, as long as Bad Passwords is enabled on the Password List, when a user goes to add or update an existing password, it will perform a Pwned check and deny them setting the password if it has a match to the online Pwned API. Thanks for the suggestions! Support.
  9. If you need to import all of your data from PasswordSafe into Passwordstate, this is the preferred process due to the below Powershell script keeping the correct format of your KeePass database. We'd like to thank one of our customers Fabian Näf from Switzerland for writing this script for us. He did a great job and it's helped out many of our customers. Process Start: In Passwordstate, identify and note down your System Wide API key from Administration-> System Settings -> API and you will find it under “Anonymous API Settings & Key” Create a Password List Template under the Passwords Menu -> Password List Templates. On this template please set the following options and then save the template: Disable the option to prevent the saving of password records if they are found to be a “Bad Password” (screenshot 1 below) Uncheck the option so the Password field is not required, and the URL field is enabled (screenshot 2 below) Identify and note down the TemplateID by toggling the column visibility (screenshot 3 below) In PasswordSafe, open your database and export the contents to a XML file. This can be executed from File -> Export to -> XML Format Download the script from: https://www.clickstudios.com.au/downloads/import-passwordsafe-xml.zip Extract this zip file and open with Powershell ISE or the straight Powershell shell, if you prefer You will be prompted to answer 5 pieces of information: The username of your Passwordstate Security Administrator Your Passwordstate URL Your System Wide API key Your PasswordList Template ID It will ask you to browse to your Exported XML file That’s it, the script will now run through and automatically read all of the information out of the XML file, and import it into Passwordstate. From here, there are a few other things you might want to consider doing after the script has run successfully: You may want to rearrange your folder structure. Ie possibly you might want to create some new folders for each of your teams, and then drag and drop existing Password Lists/Folders inside of them Once you are happy with your Folder structure, you should start applying permissions to either Password Lists or Folders using the following video as a guide: https://www.youtube.com/watch?v=QBJE_xD185U Best practices are to use Security Groups to apply permissions, instead of individual users, if possible Screenshot 1: Screenshot 2: Screenshot 3: Regards, Support
  10. support

    discover domain accounts

    Hi rene_p, We do have a forum post here which outlines how to manually set up a Password Record: https://www.clickstudios.com.au/community/index.php?/topic/1733-active-directory-password-reset-example/ Alternatively, there is documentation in Passwordstate for this under Help -> User Manual -> KB Articles -> Password Resets -> Resetting Active Directory Passwords. Hope this helps! Support
  11. rene_p

    discover domain accounts

    Thanks for the response. Is there any documentation on how to add the Ad accounts via UI or API? Thanks, Rene
  12. support

    discover domain accounts

    Hi Rene_p, The 'Windows Local Admin Accounts' discovery job is only designed to discover Windows accounts, not Active Directory ones. For your AD Accounts, you can instead use the 'Windows Dependency Accounts' discovery job, and it will find on your hosts where AD Accounts are being used for Windows Services, Scheduled Tasks or IIS Application Pools. If you're are needing anything more than this for AD accounts, you will need to add this records manually into Passwordstate - either via the UI, or our API. We hope this helps. Regards Click Studios
  13. rene_p

    discover domain accounts

    When I do an account discovery on hosts it discovers all local accounts in the local admin group. Is there a way to also discover domain accounts that are added to the local admin group? Ideally what I would like to do is discover all domain service accounts that are located in one ou and configure them for both check in and check out as well as random password change on a quarterly basis. Is that possible? Thanks, Rene
  14. rene_p

    cannot browse active directory

    Thanks. issue resolved
  15. Okay great, thanks for the quick update!
  16. Hello again, I've just found the bug for this, and we will have an update in the next release - sorry for the inconvenience in the short term. We'll update this post once the new build is available. Regards Click Studios
  17. Hi Roger, For the 'Reason' request on the mobile client - this is by design. It would be quite challenging to implement all the features we have in the full UI in the mobile client. After the test this morning was working, it also doesn't seem to be working for me anymore in emailing users. I will need to investigate this further to determine what the issue is - sorry about that. Regards Click Studios
  18. Hi, I am using the embedded site within the main Passwordstate website by just appending /mobile to the main site's URL. The Passwordstate Windows Service is running and no email notifications are disabled in all 3 places you mentioned. All user accounts have email addresses associated with them. As I mentioned before, email notifications are working fine when going through the main website rather than the mobile site so everything appears to be configured correctly. One other thing I noticed is that when a password list requires the user to enter a reason for viewing the password, this feature does not seem to work on the mobile site. Is this by design? Thanks, Roger
  19. Hi Everyone, Today we have release build 8388, which includes 16 new updates and 11 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  20. Hi Roger, I've just done a code review of this, as well as tested the functionality, and it seems to be sending emails for us okay. Have you deployed the mobile web site separately, or are you using the embedded site within your main Passwordstate web site? Can you also check your Passwordstate Windows Service is started, and that no Email Notifications are disabled. These can be disabled in three places: Administration -> Email Templates Administration -> Email Notification Groups Preferences -> Email Notifications And the user accounts also need to have an email address associated with them on the screen Administration -> User Accounts. Regards Click Studios
  21. Email notifications are not generated for members of a shared password list when viewing a password record from the mobile client. The email notification works as expected when viewing the password record from the web interface so there doesn't appear to be anything wrong with my configuration. Also, the event does correctly create an audit record that the password screen was opened in the mobile client. Is anyone else experiencing this issue? I am running the latest build V8.3 (Build 8361). Thanks, Roger
  22. Earlier
  23. sysadmin-z

    Scheduled backup zip is empty

    Awesome - thanks for the update.
  24. support

    Scheduled backup zip is empty

    Hi Guys, We did notice a small difference between the manual and scheduled backups today, so we've now fixed this and you can open the zip file from both in Windows. It still seems to take a while to open in Windows Explorer, which is really odd, but other zip programs seem to be fine. We'll have this fix in the next release. Regards Click Studios
  25. support

    Scheduled backup zip is empty

    Hi Fabian, We're using a pretty copy zip library for this feature. If you use 7-zip does it work as expected? We'll see if there's an update to this library we can apply. Regards Click Studios
  26. Fabian Näf

    Scheduled backup zip is empty

    Hi All I'm experiencing the same issue. The ZIP file is not extractable or even browsable with the windows explorer. When I open the ZIP file with the tool IZArc, it looks like below (two empty folders are in the path). With IZArc I'm able to extract the ZIP file, but then the folder and file stucture is completely messed up. When I use the Powershell command Expand-Archive (as mentioned above), I can successfully extract all the files with the correct folder structure. Best regards, Fabian
  27. sysadmin-z

    Scheduled backup zip is empty

    Hi, it looks like 7zip was able to extract this archive. Odd - I am not sure why it won't work with the built in tool from windows. I tried expanding with the powershell cmdlet expand-archive and that seems to be successful as well.
  28. support

    cannot browse active directory

    Hi rene, We just updated that other post with an interim fix for this bug. Thanks very much. Regards Click Studios
  1. Load more activity
×