Jump to content

support

Administrators
  • Posts

    5,076
  • Joined

  • Last visited

  • Days Won

    317

Everything posted by support

  1. Today we released a new version of Passwordstate (Build 9811) which includes your feature improvement suggestion below. Thanks again for your suggestion – we really appreciate it. To upgrade, please follow the upgrade process which can be found in this document: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf The full Change Log for this build can be viewed here: https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards, Support
  2. Hello Everyone, Today we have released build 9811, which includes security updates. As always, we recommend customers upgrade to the latest build. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios
  3. Hi Tore, Unfortunately we do not have a time frame for the release of version 10 yet. We'll let all customers know, once we do. Regards Click Studios
  4. Hello Valentijn, This feature will be coming in version 10. Regards Click Studios
  5. Some additional information from one of our customers about this, may help some users (Thanks Patrick R) Hey, I would like to update you on this, I still had issues using multi subnet AG listener. I found the following so the cluster only publishes the active (single) IP for the Listener (see below), downside is that there is some downtime when the db switches because of the DNS TTL (Default 20 minutes), but that can be lowered as well. #Fill the variables below: $ClusterName = "ClusterName" # Get-Cluster $ClusterResourceName = "ClusterResourceName" # Get-clusterResource | ? { $_.resourcetype -eq 'SQL Server Availability Group' } $AGListener = "AGListener" # Get-clusterResource | ? { $_.resourcetype -eq 'Network Name' } Get-ClusterResource $ClusterResourceName -Cluster $ClusterName | set-clusterparameter RegisterAllProvidersIP 0 -Cluster $ClusterName Get-ClusterResource $ClusterResourceName -Cluster $ClusterName | set-clusterparameter HostRecordTTL 10 -Cluster $ClusterName # You'll get a warning, all changes will take effect until ClusterResourceName is taken offline and then online again. Stop-clusterresource $ClusterResourceName -Cluster $ClusterName # Take Offline Start-clusterresource $ClusterResourceName -Cluster $ClusterName # Right Back Online Start-clusterresource $AGListener -Cluster $ClusterName # This step is important. The Listener is offline, must bring the Listener Back online This sets the HostRecordTTL to 10 seconds, so downtime is max 10 seconds, this might put extra strain on the DNS so depending on the environment this setting could be set higher. Hope this helps if anyone else attempts this with multisubnet availability group listeners
  6. Before you upgrade Passwordstate, it's always best practice to have a backup of your system before you start, so you can roll back in the event of a disaster. What Needs to be Backed Up? At very minimum, a copy of your entire database and a copy of your c:\inetpub\passwordstate\web.config file. The web.config file has two critical secrets in it which join to 2 more secrets in your database when you launch your Passwordstate website. If these secrets do not join, then your Passwordstate website will not load. Where are these secrets in the web.config file? You should see Secret1 and Secret2 in the web.config file as per this screenshot below. If you do not see them, this means your web.config file is encrypted and this forum post explains how to decrypt the web.config file if needed: https://forums.clickstudios.com.au/topic/2699-encrypting-and-decrypting-the-webconfig-file/ How do I backup my data? There are a few options you can consider to backup your data: 1. You can manually take a backup of your install files and SQL database by following this guide: https://forums.clickstudios.com.au/topic/13911-manual-backup-using-sql-management-studio-tools/ 2. If you are hosting the Passwordstate website and SQL database on the same Virtual Machine, you can take snapshots of your server. 3. Passwordstate has built in Backup feature that you can configure. Once set up this will take a backup of everything you need to restore your environment. We have two separate guides for to configure the backups which can be found below: Domain Account With Network Share: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Domain_Account.pdf Video of this: https://www.youtube.com/watch?v=U7f850rqD7s Local Account with Local Folder: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Local_Account.pdf Video of this: https://www.youtube.com/watch?v=hWDbSenX-8E How do I restore my system in the event of a failed upgrade? If you are using snapshot technology, simply revert your snapshot. Assuming your database is on the same server then in the event of a failed upgrade you can quickly revert the snapshot and your system will be working as it was prior to the upgrade attempt. If your database is located on a different server to where Passwordstate is installed, you'll need to restore the database if you revert your snapshot. If you do not restore the database in this scenario, this will cause issues with your website going forward. If you have want to restore from a manual backup or the built in Passwordstate backups, please see section "Passwordstate Disaster Recovery" starting on page 206 of the Security Administrators guide: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf Regards, Click Studios Support.
  7. If you are trying to add a new Password list but find that the option is greyed out, there are a few settings that may cause this. Option #1: Permissions have been removed for the user from this page below: Option #2 Permissions have been removed from this area which means they cannot create Password Lists in the root of Passwords Home: Option #3: The user does not have a high enough level of permissions to the Folder where they are creating the Password List. By default only someone with Administrator permissions can create Password Lists, but this can be adjusted with these System Settings Options below Regards, Support
  8. Hello Everyone, Today we have released build 9795, which includes security updates. As always, we recommend customers upgrade to the latest build. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios
  9. Hello, We have not heard back from you via emails, or this forum, so we assume you have resolved this now? Please let us know. Regards Click Studios
  10. Hello, Have you been receiving our emails - we've provided a fix for you? The upgrade has failed, as someone in your team has removed NTFS permissions from the Passwordstate folder. Regards Click Studios
  11. A customer had noticed some unusual timeout issues after he introduced an Azure App Proxy in front of this Passwordstate website. The actual support call read as follows: "We have migrated PasswordState to Azure to a Windows 2022 VM and put it behind an Azure application proxy. It seems to be working fine, but there are some weird timeout issues. If you leave the site for a while and come back, then copying passwords of searching stops working and you first must reload the page before it starts working again. Do you know about this issue, and do you know a solution or point me in the right direction?" Click Studios hadn't seen this before so was unable to help, but our customer found the fix himself, which was to extend the access lifetime token on the proxy. This is the guide he followed to fix this issue: https://learn.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes Regards, Support.
  12. In 2023 Click Studios updated our Browser Extensions to use a Master password. Below is some information about why we introduced this new security feature, and some hints on how you can adjust the settings to suit your environment: Reason for the Change We've been maintaining legacy code in the browser extension since 11th September 2019. This legacy code base can no longer be supported from both development and functionality perspectives Access and Refresh tokens are now used to more securely facilitate communication between the browser extensions and Passwordstate (the API in Passwordstate) Security Administrators can now also revoke Access Tokens for users if required The per user Master Password, forms the basis of encryption for the tokens **EDIT** Updated March 2024 - As of build 9823, the requirement for the Master Password can be disabled if required. Please read FAQ below which explains how it works, and then make an assessment if you want to disable the Master Password. Frequently Asked Questions Question: Why is a Master Password required? Answer: With the encryption of the tokens mentioned above, a static known value is required for perform this end-to-end encryption. The user authenticates with their Master Password, and this is validated against what's stored in the database Question: What options are available for Browser Extension timeout settings, and locking/unlocking of the extensions? Answer: In the following Security Administrator's manual https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf, please refer to Section "2.8 Browser Extension Settings" - Page 27 to Page 30. Question: Can we disable the use of the Master Password? Answer: No, you cannot, because of the encryption requirement mentioned above. You can however assess whether you want to use the "Auto Unlock" feature, which will significantly reduce the number of times users will need to enter their Master Password. Again, refer to Security Administrators manual above **EDIT** As of build 9823, due to feedback from our community, we have introduced an option to disable the Master Password. Please consider the risk in disabling the Master password before making the decision to turn it off, and this this Restricted Feature can be found on the screen Administration -> Feature Access -> Restricted Features tab. Please submit an unlock code to Click Studios Support as a once off process to remove the Master Password requirement. Question: Can we set a common Master Password for all users? Answer: No, you cannot. This goes against best practice of sharing passwords, and each user must set their own on the screen Preferences -> Browser Extension tab Question: What if our users forgets their Master Password? Answer: They can log back into Passwordstate and reset it under their own personal preferences. Question: I'm running build 9786 of Passwordstate and the maximum timeout session settings for the browser extension is 3 days. Can we set this to a larger value? Answer: Build 9795 includes more options to set for this value, 7, 14 and 30 days. Question: I'm required to enter my Master Password for the browser extension every time I open a new browser. Can I prevent this? Answer: You can set the Auto-Unlock feature under Administration -> Browser Extension Settings page. The user will not be required to enter their Master Password again unless their session expires. Question: What is the Sliding Token for this Master Password and how does it affect how I authenticate to the extension? I have the Auto Unlock feature enabled with the Session Timeout set to 30 days and want to make this as simple as possible for me end users to use the extension. Answer: 1. The user enters their Master Password into the extension and this creates a session token on for 30 days. 2. This session token is known as a “sliding token” which means every time the browser extension connects back to your Passwordstate website for any reason, the token time gets reset back to 30 days. This means the Auto Unlock feature is valid for another 30 days and the Master password will not be required for that time frame. Question: What conditions does the Browser Extension connect back to your Passwordstate website? Answer: 1. If the user opens their browser. It will immediately connect back and sync any data. Sliding Token is refreshed and reset back to default session timeout. 2. Whilst the browser is open, it will automatically sync on a 60 minute schedule to check if there is any new data. Sliding Token is refreshed and reset back to default session timeout. 3. If your user visits a third party website such as Facebook for example, and they either save, autofill or update credentials for that page, it sends data back to your Passwordstate website, refreshing the Sliding Token to the default timeout. 4. You can manually trigger an immediate data sync within the Browser Extension which refreshed the Sliding Token. Question: Have you got any guides I can forward onto my end users on how to use this new extension? Answer: We have produced a blog article which outlines the changes in functionality, how to create the Master Password and unlock the Browser Extension https://blog.clickstudios.com.au/important-changes-to-browser-extensions. Question: When is the cut off date to upgrade Passwordstate Answer: Effective week commencing Monday 31st October, Click Studios will be releasing updated versions of our Browser Extensions for Chrome, Edge, Firefox and Brave web browsers. Click Studios has no control over the timing of deployment to customers systems once the updated Browser Extensions have been released to the relevant application stores. Question: Can any of the two factor logins into Passwordstate work in place of the Master Password? Answer: No, logging into Passwordstate with a 2FA such as SAML or DUO does not replace the need for the Master password. A Master password must be set as the unique value of that password forms the encryption on the user device. Question: Do users still need to set an initial master password if we use the Auto Unlock feature? Answer: Yes, the Master Password must still be set and used to log in the first time. Question: Can I test this out ahead of time, so I can see how this works and document any changes I need for my environment? Answer: Your license agreement with Click Studios states that you can use your production license keys on a dev\test instance, so we encourage you to set on up, possibly with production data so you can test upgrades and new feature in Passwordstate. Please see this blog post for more information o how to do this: https://blog.clickstudios.com.au/can-you-setup-a-test-instance-with-production-data/ Regards, Support
  13. Issue: You have set up backups in Passwordstate and can confirm that the Scheduled backups are running ok, but when you try to trigger a manual backup through the Passwordstate user Interface, it appears to get stuck and never fished. Cause: If you are using a Nginx reverse proxy, the following settings in the Nginx config can help prevent this: proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 300; send_timeout 300; Regards, Support.
  14. Issue: After upgrading to Passwordstate 9786, you may have reports of users saying that the browser extension is auto filling the username into their third party website, but not the password. Cause: Click Studios release new builds of the extensions on the 3rd of August 2023 to fix a performance issue. Chrome and Firefox were immediately approved and available in their store, but Microsoft can unfortunately take up to 7 days to approve publish an extension release. Fix: We anticipate that this new Edge extension will be approved on the 10th or 11th August. This should automatically update in your browser, and should automatically fix the issue. The version that the extension should be running is version 9786. If the extension is 9785, it still hasn't been updated. Work Around: You can load up the Chrome extension in the Edge browser if you like: https://chrome.google.com/webstore/detail/passwordstate/appojfilknpkghkebigcdkmopdfcjhim If that doesn’t help, please log a support call with Click Studios. Regards, Click Studios
  15. This script in Powershell will retrieve all shared password record, then loop through them and get any changes made to each record. It will then export the data to a csv file for easy sorting/reading. You only need to modify the first three lines in the script. Line 2 is your Passwordstate URL Line 3 is your System Wide API key which can be found/generated under Administration -> System Settings -> API tab Line 4 is the full path to a csv file on your system. The script will create the csv file for you, you don't need to create it before hand. You just need to set a valid path. # Start Script $PasswordstateUrl = "https://passwordstate.clickdemo.com" $APIKey = "6ab8dc9437f532eeb36d2f54c38a7948" $CSVFile = "C:\Data\Local Temp\History.csv" #Don't modify anything beneath this line $RecordUrl = "$PasswordstateURL/api/passwords/?QueryAll&PreventAuditing=true" $Records = Invoke-Restmethod -Method GET -Uri $RecordUrl -Header @{ "APIKey" = $APIKey } foreach ($Record in $Records) { $ID = $Record.PasswordID $HistoryUrl = "$PasswordstateURL/api/passwordhistory/$ID" $results = Invoke-Restmethod -Method GET -Uri $HistoryUrl -Header @{ "APIKey" = $APIKey } $results | export-csv -Path $CSVFile -append } # End Script
  16. Hello Everyone, Today we have released build 9786. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios
  17. Issue: If you are need to replace the certificate on your AppServer URL, you will need to re-query the SSL public Key. This shows how to do this: Now you'll need to log out of your App on your mobile device if you aren't already, and repair the App by scanning in the QR code under your own personal preferences. This process is required as the new SSL Public Key for your new certificate is embedded within that QR code, so this loads up the new certificate on your phone. Regards, Support
  18. Hi Carlo, The Browser Extension is designed purely for web site logins, and no records related to hosts for remote sessions are accessible in there. Trying to integrate this into the browser extensions would be quite difficult, from a security perspective, and also from a functional perspective - because of the other features which can be used with our Launchers i.e. Provide a Reason feature, multiple logins, etc. We appreciate the suggestion though. Regards Click Studios
  19. No worries - thanks. How about the "Toggle All Password List Visibility" menu - would this help at all? Regards Click Studios
  20. Hi Guys, We've released build 9875 today, which includes this export functionality. Regards Click Studios
  21. Hello KrisR, We've just release build 9875, and have extended the size of this field for you. Please upgrade as soon as you can. Regards Click Studios
  22. Hello Everyone, Today we have released build 9785. In this build, there has been changes to the browser extensions, which requires users to set a Master password on their Preferences screen, before they can log into the extensions and use them. Please instruct your users to go to the screen Preferences -> Browser Extension, to set this password. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studio
  23. Hello Segvp, Can you have a look at the menu Passwords -> Request Access to Passwords? Would this help at all? Regards Click Studios
  24. Hello cgray, If we wish to guarantee the form fill is accurate, can you please look at this field mapping blog post - https://blog.clickstudios.com.au/example-mapping-field-ids/ You can also ignore certain URLs, by going to the screen Administration -> Browser Extensions, and add URLs here - this would be global for all users. Or you can also do it on your own Preferences screen. Regards Click Studios
×
×
  • Create New...