Jump to content


Popular Content

Showing content with the highest reputation since 03/13/14 in all areas

  1. 3 points

    Recycle Bin Options

    Hi, I would like to place this Feature Request here because I found nothing about it in the manuals. A member of a team here in my company using Passwordstate V8.3 (one of latest builds) was asking me - When are the accounts in the Recycle Bin deleted permanently? So I went to the System Settings Tab and tried to find out any option to set here but I found nothing about it. It would be nice to get such a feature to enable the auto delete for Recycle Bin's in order to delete accounts older (with regards to the deletion date) than e.g. 90 days. In addition to that it would be nice if a deletion date could be displayed in the "Recycle Bin view". Thanks Best Regards Philipp
  2. 2 points
    Thanks Christopher. We finished this work yesterday, and it will be available in the next build. The supported Hash types will be HMAC HMACMD5 HMACSHA1 HMACSHA256 HMACSHA384 HMACSHA512 MACTripleDES MD5 RIPEMD160 SHA1 SHA256 SHA384 SHA512 Regards Click Studios
  3. 2 points
    I've developed a script, which uses PowerCLI/API (VMwares powershell-modules), instead of SSH. SSH is by default disabled on ESXi-hosts for security-reasons, and I want to keep it that way As mentioned needs PowerCLI installed on the server (Guide can be found here https://blogs.vmware.com/PowerCLI/2017/08/updating-powercli-powershell-gallery.html). No privileged account needed. Function Set-ESXiPassword { [CmdletBinding()] param ( [String]$HostName, [String]$UserName, [String]$OldPassword, [String]$NewPassword ) try{ $conn=Connect-VIServer $HostName -User $UserName -Password $OldPassword } catch { switch -wildcard ($error[0].Exception.ToString().ToLower()) { "*incorrect user*" { Write-Output "Incorrect username or password on host '$HostName'"; break} "*" {write-output $error[0].Exception.ToString().ToLower();break} } } try{ $change=Set-VMHostAccount -UserAccount $UserName -Password $NewPassword Disconnect-Viserver * -confirm:$false } catch { switch -wildcard ($error[0].Exception.ToString().ToLower()) { "*not currently connected*" {Write-Output "It wasn't possible to connect to '$HostName'";break} "*weak password*" { Write-Output "Failed to execute script correctly against Host '$HostName' for the account '$UserName'. It appears the new password did not meet the password complexity requirements on the host."; break } "*" {write-output $error[0].Exception.ToString().ToLower();break} #Add other wildcard matches here as required default { Write-Output "Success" } } } } Set-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -OldPassword '[OldPassword]' -NewPassword '[NewPassword]' Regards Stefan
  4. 2 points
    As stated by support, Copy & Link is available between as many lists as desired. Add a custom field, add your 'tags'. Make sure the field isn't encrypted so that it is searchable. We've done this to make it easy to find passwords related to applications or services; and another custom field so we can search by server name. It'd be wonderful to link security items through to hosts that exist in the system rather than using a custom field for it, but it's not a big deal. A drop down field with a simply 'True' 'False' or 'Yes' 'No' values would achieve this. The first value you set in the field is the default value when creating new security items. Radio buttons would also achieve this - you can only select one radio button at a time, so its either true or false.
  5. 2 points

    Temporary access

    Hi Kinglsulgard, Thanks for your interest in our software and we do have a couple of options that you can try to resolve this problem: First solution: I don't think this is what you are after but we have a feature called remote session launcher. This allows you to remote into machines on your network without the need to enter a username and password. You could give your contractors access to this feature, and they do not even need to know the password. This means they will connect to the machine using a username and password that you have pre-configured, and they can then perform their work. As long as they don't need to know the password to do their work, this might be a good option for you. Here's how to set up the Remote Session Launcher: https://www.clickstudios.com.au/community/index.php?/topic/2110-how-to-set-up-the-remote-session-launcher-passwordstate-8/ Here's how to use the remote session launcher without even knowing the password: https://www.clickstudios.com.au/community/index.php?/topic/2112-remote-sessions-without-access-to-password-credentials/ Second Solution: Give the user Time Based access to the individual password, and force the password to be changed once that access runs out. To do this, go to the permissions on the password from the Actions Menu: And then choose the user to grant access to on the access permissions tab, and then on the time based access tab do something like this: If you take this one staep further, and set up the account for automatic password resets, passwordstate will also reset the password on the remote system. An example of this is if you are giving your contractor access to a privileged Active Directory Account, when their time based access runs out, it will reset the password in Passwordstate, and also it will reset it in Active Directory, keeping them in Sync. Please see this forum on how to set up automatic password resets for remote systems, and the Active Directory link is down the bottom: https://www.clickstudios.com.au/community/index.php?/forum/31-password-resets/ Third Solution: This may also be suitable for you, our Password Check Out/Check In feature: https://www.clickstudios.com.au/community/index.php?/topic/1687-using-the-password-check-out-feature/&tab=comments#comment-3368 Hope this helps! Support
  6. 2 points
    Hello HA4g3n, We cannot really use a gMSA account here, because we need to 'Impersonate' the account in code when performing backups and upgrades, and when impersonating you need to specify the password for the account - which is not possible for gMSA accounts. We did finish this feature request yesterday, and it will be available in the next release. Regards Click Studios
  7. 2 points

    New phone when using Google Auth

    Hi Greg, If you go to the screen Administration -> User Accounts, you can email the user a copy of their QR Code - basically it will be a link which takes them back to the Passwordstate web site, where they can scan the QR code in. You will find this option on the Authentication tab for the user's account. Regards Click Studios
  8. 2 points
    Hi Greg, We'll need to consider your request in a future release - maybe we could extend the feature where you can copy and link passwords, but allow you to have unique values on certain fields, instead of exact copies. Regards Click Studios
  9. 1 point
    Hi Emad You can archieve this by using the REST API of Passwordstate. In the manual of the REST API you can see a lot of examples how to do this by using Powershell. Just navigate to /api or /winapi to see the manual (or open it through the help menu). Best regards, Fabian
  10. 1 point
    Mario Härdi

    Azure MFA Authentication

    Dear Clickstudios, actually we are Installing Passwordstate for our internal Services and also one of our Customer. For both Installation we would be able to add Azure MFA as an additional Authentication Option. Actually there are some multi-factor provider available, but we would like to Implement it with our Existing Azure MFA instead of Implementing another third-party authentication. Is it Possible to Implement this feature? Hope someone else is also missing this feature. Thanks in Advance and Best regards, Mario
  11. 1 point
    Hi Sarge, There's a few things we need to think about with this redesign, and any input you have would be greatly appreciated. Here are some thoughts: We're considering making this a workflow approval via email, so the approvers only need to click a link in an email to approve/deny. How would we choose who the approvers are? Do we: Pick any two Admins on the Password List and email then Have somewhere to specify who the two Admins should be Do we need to allow for an approver who does not have Admin rights to the Password List If there are no Administrators for a Password List, who do we send the requests to And we'd need an option to specify if the request goes to one Admin, or two, or more - not all customers would want "dual" approval Just some thoughts off the top of my head Regards Click Studios
  12. 1 point
    Hey Buckit, We we take a look and see if this will be a simple change. If it is we'll include it in a future build. Regards, Support
  13. 1 point

    Adding host via api and account discovery

    Simple solution, add a custom field to your password list and populate it with the hostname via API. Your script could easily perform a reverse lookup on the IP of the host record, then populate the custom field with your hostname. However you should be doing everything via FQDNs anyway. Having poorly functioning DNS in an environment is not good, regardless of OS platform. I'd be looking to fix DNS.
  14. 1 point

    Bug report: password dependencies

    Hi Buckit, I've made some changes to this Windows Service Reset Script today: It will only try and stop the service if it's currently running It will only try and restart the Service, if the Startup Type is set to one of the 'Auto' options I've just emailed you a copy of this new script, and this version will be included in the next release - due later this week. Regards Click Studios
  15. 1 point
    I'd love to pitch in and help figure this stuff out, but right now my workload's a bit too much. Studying for my next exam, which is where I learned about Swagger and OpenAPI
  16. 1 point
    Hello All, We've released Build 8256 today, which allows you to now specify TCP for sending Auditing data to Syslog servers. This can be enabled on the screen Administration -> System Settings -> Proxy & Syslog Servers. Regards Click Studios
  17. 1 point
    Yes, that's correct - admin rights on the server. Regards Click Studios
  18. 1 point
    Oh I see - we'll at at least that's an easy fix
  19. 1 point
    Fabian Näf

    API Create Password with $ in it

    Hi All I'm not sure if this helps (I had no time to test it). I usually create the JSON as following: Create a Powershell Object, then convert it to JSON. If you do it like this, then you dont have to struggle with the string-creation. $Body = @{ PasswordList = $Name Description = $Description ApplyPermissionsForUserID = $global:UserToPermit CopySettingsFromTemplateID = $global:PasswordstateTemplateID LinkToTemplate = "False" Permission = "A" PrivatePasswordList = "false" NestUnderFolderID = $ParentFolderID APIKey = $global:PasswordStateSystemWideAPIKey } $jsonBody = $Body | ConvertTo-Json (just an example, it doesn't fit to your requirement) Best regards, Fabian
  20. 1 point

    API Create Password with $ in it

    Hi Njordur, Unfortunately we don't think we can change the API to accomodate for this, but we do have a fix for you to update your scripts. I've given an exact example below which works, and an explanation below that of what you need to change: # Begin Script param( $username, $password, $description ) $jsonString = ' { "PasswordListID":9914, "Title":"company\\' + $username + '", "Description":"' + $description + '", "AccountTypeID":82, "UserName":"' + $username + '", "password":"' + $password + '", "APIKey":"63fca2537db89e4fb32954234532455", "PasswordResetEnabled":true, "PrivilegedAccountID":2044, "HeartbeatEnabled":true, "ValidationScriptID":9, "ADDomainNetBIOS":"halox" } " ' Invoke-RestMethod -Uri https://alien.halox.net/api/passwords/ -Method Post -ContentType "application/json" -Body $jsonString # End Script Things I changed: 1. The opening brackets of the JSON string $jsonString = @" to $jsonString = ' 2. the variables inside the jsons string are now enclosed with a single quote and + symbol. So we went from "UserName":"$username" to "UserName":"' + $username + '" 3. the closing brackets of the JSON went from }"@ to }' I hope this is not too much trouble to change your scripts, and we hope this helps! Regards, Support.
  21. 1 point

    Localisation for the product?

    Hi TheBlackMini, As over 70% of our customers come from the US, this is why we have some US spelling in our software. Regards Click Studios
  22. 1 point

    Auditing Use of Remote Session Launcher

    Hello, Yes, if you go to the Auditing screen in the Administration area, there is an Activity Type called 'Remote Session Connection' - this will give you what you need. Regards Click Studios
  23. 1 point
    Hi Fabian, Thanks for confirming, and we're going to need to fix this in the next release - and allow you to copy from a template if specified. For now, you will need to ask your users to manually select the URL field after the Private List has been created, and we should have a new build about before the start of next week. Regards Click Studios
  24. 1 point

    Where to find PasswordList ID

    Hi Greg, We did remove the hover function for this a while back, purely to increase performance. Good news is there's another way to find this easily, by toggling the visibility of the Web API ID from the List Administrator Menu on the Password List, as per below screenshot. I hope this helps! Regards, Click Studios
  25. 1 point

    Problems with creation of private lists

    Hi Soren, For question 1), the only place you can specify a Template for Private Password Lists is in the User Account Policy area. When you made this change of setting it to ignored, did you logout of Passwordstate and then back in? This is needed to re-read the policy. If you did this, and I know it's unlikely, but would there be additional User Account Policies where this is set? For question 2), when returning the Password Lists which you can save web site logins into, we perform the following: The Password List must have the URL field selected The user must have Modify or Admin rights to the Password List Do you think any of the above two checks would be the cause of your issue? Regards Click Studios