Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by support

  1. Hi Jack, As a Security Administrator, you can go to the screen Administration -> User Accounts, edit the user's account, and clear their Yubikey settings. When they next attempt to authenticate, it will prompt them to create new Yubikey settings. We hope this helps. Regards Click Studios
  2. Hi Greg, If you create a new Password List based off the SSL Certificates template, this allows you to store information about your certificate with an expiry date that you can set. You can also upload the certificate as an attachment to your password record if you like: Now if you set up a scheduled report based on the "What Passwords Are Expiring Soon" report, you will be alerted in advance on a number of days of your choice. Regards, Support
  3. Purpose: Your company may have some very sensitive passwords that you want to be alerted of when they have been used. This forum post will show you how to set up a scheduled report for this, so you will be alerted within 5 minutes of the password being accessed. Password Record Example: See screenshot below for a password record we have set up, but in particular, look for the value in the Description field Setting up the Report: What we'll do now is set up a Scheduled Report, which runs once every 5 minutes. This report will not send off an email if the password has not been viewed, so you will only get an email when needed. You can change the schedule to any time you like, if you don't need to know the password has been viewed within 5 minutes First create a new Scheduled report: When creating the report, give it a Title and a Description if you wish, but importantly make sure you CC in a user or a mailbox of your choice. The report will be sent to yourself but it will also CC in this mailbox. Also ensure you tick the option to not send the report if no results are produced, and choose the report type as "Custom Auditing Report": Now on the Schedule tab, select the report to generate once every 5 minutes And then on the Auditing Settings tab, select the Password List where the password is located, the Activity Type as Password Viewed, query the previous 5 minutes of auditing activity, and finally put in the unique value you set in the Description field on the Password record. That's it! Save the Report, and you'll now be alerted if the password gets viewed within 5 minutes. Regards, Support
  4. Hi Steve, We do not intentionally try and confuse people. We will work in this feature if the community deems it important enough. Regards Click Studios
  5. Thanks Steve. For anyone else reading this request, please refer to the examples API calls for where the API Key can be specified, and we will endevour to be more specific in our documentation. Also, removing API Keys from the querystrings may be problematic, as it will break calls for customers using this method - which is why we provide options if required. Regards Click Studios
  6. Hi Steve, We have no validation for this in the API, and this is by design - we naturally assume customers would not add the same Security Group in more than once, like many other calls in the API. If you need any changes to the API, can we please ask you log a feature request for this. Thanks very muchh. Regards Click Studios
  7. Hi Paul, By default, the entire Passwordstate folder should have Modify NTFS permissions for the NETWORK SERVICE account - this is what we set it to during the install. If you have modified the Application Pools in IIS at all, to use a Managed Service Account, then this account would need access. Regards Click Studios
  8. Hello Paul, It sounds like the encryption key has not been written corrctly to a file, possible due to NTFS permission issues. Can you take the encryption key you see in the screenshot below, and add/edit it in the file C:\inetpub\Passwordstate\selfdestruct\web.config in the "key" section within AppSettings - does this help? Regards Click Studios
  9. Hi Everyone, Today we have release build 8884, which includes 3 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  10. Hi Steve, Just letting you know we've released build 8884, which fixes the issue identified above, and please follow one of the recommended upgrade methods outlined in the following document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf Thanks again for working with us in resolving this issue - we appreciate it. Regards Click Studios
  11. Hi Steve, Thanks for finding this, and we did not consider blanking the Hosts API Key during our testing. When adding a host, we have a check for a blank key, but we need to add the same check for GET and DELETE. We'll do that for the next release, and also double check all other method calls as well. Thanks for your patience whilst we tried to figure this out. Regards Click Studios
  12. Sometimes, deleting a Password list is made by mistake and once it is gone from the system, there's no way to restore it without restoring a backed up version of your database. If you find yourself in this position, there are two way to get that password list back, both require you to have a backup of your Passwordstate SQL database. 1. Restore a copy of your database to your production server using the restore process on page 255 of this document: https://www.clickstudios.com.au/downloads/version8/Passwordstate_User_Manual.pdf (Warning: This will remove any data and activity in Passwordstate since the date of your last database backup) 2. Restore a copy of your database to a test server, and then manually export the Password List contents from that test server to a csv, and import it back into your Production server. Below is a process on how to do this: Install another copy of Passwordstate on a test server: https://www.clickstudios.com.au/documentation/move-new-web-server.aspx Restore the most recent backup of your Passwordstate database to another SQL server if you have one, otherwise you might need to install SQL Express on your new test server and restore it there: https://www.clickstudios.com.au/documentation/move-new-database-server.aspx Log in to this new website. You will need to enter your Emergency Password as a once off process, which you can get out of your production system (Administration -> Emergency Access) Export the passwords from your Password List to a CSV file. This is performed under the “List Administrator Actions” menu on the Password List, and you should select “All Passwords Report”. (If you are trying to recover another user's Private Password List, please ask them to log in and perform this process) Back in your Production system, import their passwords back in: https://www.youtube.com/watch?v=BeNhem9NFCw If you have any questions about this, please contact Click Studios on support@clickstudios.com.au Regards, Support.
  13. Hi Steve, Can you email at our support address, and we'll organise a remote session if that's ok. Regards, Support
  14. Hi Steve, We've found another editor which doesn't do caching, Passwordstate:) If you go to Administration -> Powershell Scripts -> Validation Scripts, and then add in a new 'blank' script and save it. Now click on the new script to open it up, and paste your code in there, and save it once again. Next use the actions menu of that new script to "Test Script Manually" and upon first execution with the API key set correctly, you will get results as expected. Then clear the results. If you then change the APIKey variable to be $null and rerun the script without shutting the Window down at all, you will get an appropriate error. Can you try this and confirm if you see the same behavior? We've seen Powershell caching variable data previously, and the only way was to close the session and reopen it. Not even clear-variable removed the value from memory. I have also read on forums that it's not ISE or the Powershell console that is the issue, but it's the engine which caches the variable data. Only a tool like Powershell Studio or Passwordstate 100% clear that data each time you run the script. I'm sure there's other tools out there but these are two that we know of, and it's the main reason why we stopped developing in ISE. If you could let us know the results of your tests it would be much appreciated, we don't want other user thinking there is an issue with our API. Regards, Support.
  15. Hi Steve, We demonstrated the caching in the video I.e. change the api key to null, and it still returned results, until we restarted ISE. This is a known issue in ISE, and other editors like Visual Studio code, so please try PowerShell Studio, and let us know if that helps? Regards Click Studios
  16. Passwordstate has a feature called "User Account Policies", which are similar to Windows Group Policies. The idea being you create a series of rules or settings, and apply those to a group of users. For most settings applied via a User Account Policy, the end user cannot override them in the User Interface. To create a User Account Policy, go to Administration -> User Account Policies and click Add: Give your policy a relevant name, and description: Now choose the relevant setting you wish to impose on your users, and click Save. In this example, I'll be changing the authentication option to Manual AD: Now you should apply the User Account Policy to one or more users. You can either choose individual users, or a security sroup. In this example, I'll be selecting "All Users & Security Groups", and the next time anyone in Passwordstate logs in, they will be forced to use Manual AD Authentication. When you have multiple User Account Policies, you may come across a situation where the policies clash. For example, you may have one policy which has Manual AD Authentication enabled for all users, and another policy that has Google authentication as the log in authentication type for a smaller group of users. If both of these policies apply to the same user, then you can prioritize which policy takes precedence by dragging it lower in the "Order" column on the User Account Policy page. In this example below, the Manual AD Authentication policy will take priority over the Google policy: We hope this helps and please explore all the differenet options within the User Account Policies. There are many settings a that you can quickly apply to a group of users of your choice. Regards, Support
  17. Hi Steve, We've done further testing, and believe what you are seeing is still caching in ISE. Please see video below showing how we can replicate that in ISE, but not PowerShell Studio. Can you please restart ISE between each call to the API, and if you see the same issue, then can you also please provide an equivalant video like ours? Thanks very much. API.mp4
  18. Passwordstate has a over 50 different types of live email notifications that are used to alert users of a specific event happening within the software. This can range from a simple event like a user has copied a password tot heir clipboard, to a License warning being sent to all Security Administrators. You will need to have configured your email server settings under Administration -> System Settings -> Email Alerts and Options for this feature to work. All emails notifications are enabled by default, which can cause email clutter for your users. For this reason, you have the ability to control which emails you receive, or as a Security Administrator you can control what emails other users in the system receive. Below are some instructions on how to configure this. Control your own emails: Under your Preferences menu, select Email Notifications: Now disable the emails that you no longer wish to receive: Control which emails are sent to specific users in the system: As a Security Administrator, go to Administration tab, and then select Email Notification Groups and click the Add button: Give your Notification Group a relevant name and description and click Save: Now from the Actions Menu, select "View Notifications" and disable the templates of your choice. In this example, I'll be disabling the Copy to Clipboard Notification only: We then need to apply this to users of your choice. In this instance I've created a group which holds all of my Passwordstate users, and this group will be assigned to this notification group: With this Notification Group now active, all users will no longer receive the Copy to Clipboard emails. Note 1: If a user has specified their own Email Notification Settings as part of their Preferences, any permissions you apply here for the user will override their personal settings. Note 2: If you have more than one Notification Group created for a user, any disabled email categories will over-ride any enabled ones (be careful applying duplicates for a user). Disable emails globally: As a Security Administrator, it's possible to disable emails, so they cannot be used at all in the system. This will disable the emails no matter if a user has them enabled under their own preferences, or if they are enabled in a Email Notification Group. You can disable this under Administration -> Email Templates from the Actions menu. If you disable the email from here, under no circumstances will the email be sent to your users. Regards, Support.
  19. Hello, We just responded to your email regading this. This is actually a new bug, which another customer informed us of yesterday. We will work on a fix for this in the next release, and we will email you again once that new build is available. Sorry for the inconvenience in the mean time. Regards Click Studios
  20. Hi Steve, We've just tested this new scenario, where the API Key Variable is not initialised, and we get the same message about the API Key not being valid. Below is a simple test I was performing: $SearchUri = 'https://passwordstate.domain.com/hosts/?DatabaseServerType=SQL Server,MySQL' $result = Invoke-Restmethod -Method GET -Uri $SearchUri -Header @{ "APIKey" = "$MyAPIKey" } Write-Output $result Can you please confirm: 1. Are you using any Load Balancers or Proxy Servers which might be caching something here 2. Are you using PowerShell ISE, as we've seen many issues with ISE caching previous results, which is why we now use PowerShell Studio for all development Regards Click Studios
  21. Hi Steve, We've just tested this in two different environments, and every time we use the System Wide API Key, the API returns "An error has occurred trying to validate the Hosts API Key", with no further processing. To troubleshoot this further, can you tell us: 1. What Build of Passwordstate are you using? 2. Are you specifying the API Key in the header request, or the URL? It shouldn't matter which, but we tested in the header request and just want to double check 3. Are you using any Load Balancers or Proxy Servers which might be caching something here 4. Are you using PowerShell ISE, as we've seen many issues with ISE caching previous results, which is why we now use PowerShell Studio for all development If you are using PowerShell ISE, try restarting ISE after every call to see if that makes any difference with the caching. Thanks Click Studios
  22. Fantastic, glad that worked:) Regards, Support.
  23. Hi Tom, We've just thought possibly you could use the API to achieve this. I have pasted in a script below which will create a Private Password List for one single user called halox\lkels. Possibly what you could do is get a list of names that you need to create Private Lists for, and loop through those names, putting this script below in a foreach loop. If you have any questions about this, please let me know: $PasswordstateUrl = "https://sandbox.halox.net" $APIKey = "4ca37695823bdfe9285afe3bc3463453" # Define values for the Password List in below array $Body = @{ PasswordList = "A Test Password List" Description = "This short description is for my Test Password List" NestUnderFolderID = "0" APIKey = $APIKey Guide = "This is some test text to be inserted into the guide for this Password List" ImageFileName = "activedirectory.png" AllowExport = "True" PrivatePasswordList = "true" PreventBadPasswordUse = "true" ApplyPermissionsForUserID = "halox\lkels" Permission = "A" } # Convert Array to Json $jsonData = $Body | ConvertTo-Json # Execute the command $FullUrl = "$PasswordstateUrl/api/passwordlists" $result = Invoke-Restmethod -Method Post -Uri $FullUrl -ContentType "application/json; charset=utf-8" -Body $jsonData Regards, Support.
  24. Hi Tom, Sorry, we do not have a feature for that, and you will just need to instruct these users to create their own Private Password Lists in this instance. Regards Click Studios
  25. Hi Everyone, Today we have release build 8876, which includes 6 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  • Create New...