Leaderboard

Hi Jimmy, Thanks for your patience with this, and we do need to apologize - this is an issue with our code, checking that xml file as you mentioned. I'm not sure why I didn't see this in testing - possibly it was cached somewhere. We've fixed this for the next release, which means you will obviously need to perform a manual upgrade when this new release is available. We're not sure when the next release is yet, but it could be 2 to 4 weeks again. Again, thanks for your patience, and sorry again. Regards Click Studios

In the meantime I've been testing the other way around: unplug the NIC. Now the button keeps saying "testing download..." forever (or at least for 30 minutes until I terminated it). So there seems to be some difference but still not like it works at your side. When the NIC is disconnected I see Windows Events "An error has occured executing the call 'SecurityGroupExists'. The server is not operational." Perhaps this is because the ADDS is then also unreachable. With te NIC connected I see nothing in the eventlog. To make sure it really attempts to access internet, I added www.clickstudios.com.au to the hosts file, pointing to 127.0.0.1. This causes the upgrade now to fail even faster. That proves that it does do a call to www.clickstudios.com.au at a point where it should not. (I double checked the permissions on the zip-file, and also extracted it once to verify that it's not corrupted) I have created a quick-and-dirty webserver replacement of http and https for www.cliskstudios.com.ca to have a bit of logging, and I see that it requests /NewBuildInfo.xml (plain over port 80?). Perhaps then you know what is going on? (it's not the upgrade zipfile but an xml) Tomorrow I won't be able to change or test anything, but please feel free to keep me informed (I am able to reach this site).

Hi Jimmy, We'''ll schedule an Internet outage at the office tomorrow, and see if we can replicate your issue again - it's currently 7pm in Australia. We'll let you know what we find. Regards Click Studios

Hi Jimmy, Sorry you're having some issues with this. I've just done some testing, but cannot seem to reproduce this - I disabled the network card for the test. We use the method of placing the passwordstate_upgrade.zip file in the /upgrades folder for every release, as we test the upgrade process before releasing - obviously we don't want to download from the Internet in this instance, as we haven't uploaded the new file yet. I've just done a code review, and it's possible that there is a different error which is causing our code to redirect to this page you are seeing. Can you try the following: 1. Make sure the Passwordstate folder, and everything beneath it, has Modify or Full NTFS permissions for the NETWORK SERVICE account 2. Now use the instructions '5. Manual Upgrade Instructions' in the following document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf Regards Click Studios

Hi Findus, Yes they can, and the SQL Server Replication will take care of this - changes in the DB are replicated almost immediately between the two SQL Servers. Regards Click Studios

Simple solution, add a custom field to your password list and populate it with the hostname via API. Your script could easily perform a reverse lookup on the IP of the host record, then populate the custom field with your hostname. However you should be doing everything via FQDNs anyway. Having poorly functioning DNS in an environment is not good, regardless of OS platform. I'd be looking to fix DNS.

Hello Azkabahn, Thanks for the detail, but at this stage we have no plans to change this functionality. All we can suggest is your look into your DNS issues so that you can rely on it, and use a proper Host Name instead of an IP Address. Regards Click Studios

If you want to be alerted via email of all Passwordstate builds, no matter how minor or major, please follow these instructions: 1. Join our forums 2. Click on the Announcements Section 3. Select Follow, and then choose to be alerted to all new content via email. We only announce new builds in this section of our forum, so your inbox won't be filled with any other type of forum post Regards, Support

Even more impressive than the "request a password which auto-expires" is the built-in "request access and get an RDP/SSH session" functionality, which will never show you an actual password

Hi Kevin Clickstudios has a lot of good video tutorials. Probably the following video could give you a hint, how to work with expiring passwords. Best regards, Fabian

We are currently evaluating Passwordstate for roll out. The Password extension is great, but I think it would be better, if you have the option to turn off auto complete, as it sometimes tries too hard to fill forms. Furthermore you don't have the option to decide which account should be used for some form. Maybe you have access to a global admin account, but want to use a personalized account instead? Better is to click some button or press some key shortcut to fill the form. I think of the way like Enpass does it, if you don't mind to try it out. Cheers

To write about every feature in that makes it a PAM solution would be akin to writing a thousand page essay. I think the better option would be if you could tell us what you are after in a PAM and what you're after Passwordstate to do? There's a good chance it does it. Yes.

Scratch that Buckit. Did a bit of the old googling and looks like this could be 'by design'. This seems similar to your problem: https://davidvielmetter.com/tricks/password-reset-delegation-not-working/ I'd bet this is happening for you. Further, I'd bet your break glass accounts won't remember the 'include inheritable permissions' checkbox because they are members of some protected AD groups. https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/appendix-c--protected-accounts-and-groups-in-active-directory https://technet.microsoft.com/en-us/library/2009.09.sdadminholder.aspx Is the process for updating the AdminSDHolder object. Full credit to the article and the commenters. You learn something new everyday! EDIT- For clarity Buckit, I wouldn't be modifying the AdminSDProp to enable inheritable permissions, I'd simply add a security group with your priv user being a member, and grant it the required roles to perform resets on AdminSDProp based objects. Wait for the SDProp process to run (1 hour ish), and you should be set. I don't like the idea of modifying the default ACL for protected objects, but I like the idea of enabling inheritable permissions even less. Also, i'd be taking screenshots of before and after for every change you make to the AdminSDProp object, and be documenting it fully.

Hi Buckit, I've made some changes to this Windows Service Reset Script today: It will only try and stop the service if it's currently running It will only try and restart the Service, if the Startup Type is set to one of the 'Auto' options I've just emailed you a copy of this new script, and this version will be included in the next release - due later this week. Regards Click Studios

Thanks a lot @Fabian Näf and @support, I'lll definitely try that

Hi Findus, Thanks for your enquiry. With our High Availability options, we support any of the SQL Server Replication technologies for data replication - we do not perform this function ourselves. We believe there is row-level filtering options in SQL Replication, but because of how we reference ID fields across multiple tables, making this 'filtering' work would be very difficult, if not impossible. We can only suggest to have two separate installs in this case. Regards Click Studios