Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by support

  1. Great news, thanks for letting us know.
  2. Hey Sarge, I think 8760: regards, Support
  3. Below is a guide from Click Studios on how to Move Passwordstate to Azure. Please refer to Official Microsoft documentation if this guide isn't comprehensive enough. If you intend to move to the cloud, please ensure you keep your current on premise version running, and only shut that down once you have confirmed that you can successfully access your new instance in Azure. The first thing you’ll need to do is determine which kind of database you’ll be using in Azure. You can either install SQL on an Azure virtual Windows Server (just as you would on an On-Premise server), and move your database to it following this document: https://www.clickstudios.com.au/documentation/move-new-database-server.aspx. If you prefer to use an Azure SQL Database, the latest build of SQL Server Management Studio Tools (SMSS) can help with this migration from your On-Prem database to the Azure SQL database. First you should create an empty Azure SQL database and then in SMSS you can use this option to push data to this empty database: After migrating your data up to the SQL Azure database, you will need to run these SQL commands when connected to your Azure SQL database, using SMSS. This will create the "Passwordstate_User" account in the database and assign it the appropriate permissions. Azure does not allow for the USE statement, so we need to right click Master Database and select New Query. Execute the following script: CREATE LOGIN passwordstate_user WITH password='Welcome01' GO CREATE USER passwordstate_user FOR LOGIN passwordstate_user WITH DEFAULT_SCHEMA=[dbo] GO Next right click your Passwordstate database, select New Query and run this script: CREATE USER passwordstate_user FOR LOGIN passwordstate_user WITH DEFAULT_SCHEMA=[dbo] GO EXEC sp_addrolemember 'db_owner', 'passwordstate_user'; GO Once you database is moved, you can then use this document to move your Passwordstate install to your Azure Windows server: https://www.clickstudios.com.au/documentation/move-new-web-server.aspx Please note you’ll need to have an external DNS entry which directs all internet traffic to your Azure web server, and you’ll also need to open a port on your Azure web server firewall to all access for all users. The port that needs to be open is the port you set in your IIS Bindings, but generally 443 is the best port to use. We hope this helps, Support.
  4. Hey Rene, Thanks for your post and we think this might be able to be prevented by using our propagating permissions model. Here is a video which shows a bit more about this: https://www.youtube.com/watch?v=QBJE_xD185U Here's an email that we send to customers occasionally, which may help, happy to work with you on this to make sure you can get something working for your business: Setting up the structure of the navigation tree is difficult to advise for, as every business is different, but below I've given an example of how you could build yours assuming you have different departments, like “IT Department” or “HR Department”. The top level Folder is set to Manual Permissions (blue padlock), and you would give everyone in the IT Department view access to it. Then each folder nested beneath it is for each team in the department, and these permissions are set to propagate down (green arrow on the folder) and only that team should have access to it. This just means the Linux team will only see "IT Department -> Linux Team", and the Service Desk will only see "IT Department -> Service Desk" etc. You could use this example below and possibly duplicate it for each department in your business, HR, Finance, Marketing etc. Permissions: Always use Security Groups if possible. In the above example for the IT Department structure, you could get away with having 4 Security Groups: · IT Department – Add all users to this from the department and give this group View access to the top level IT Department folder · Linux Team – Apply this group to only the Linux Folder · Service Desk – Apply this group to only the Service Desk Folder · Windows Team – Apply this group to only the Windows Folder Possibly you could have 2 Security Groups per Team, which gives different permissions: · Linux Team Read Only · Linux Team Modify · Service Desk Read Only · Service Desk Modify · Windows Team Read Only · Windows Team Modify Setting up permissions like this means all you have to do is add a new user to the relevant AD Security Group. This will sync to Passwordstate automatically and give users appropriate permissions easily. Also, Adding a Private Password List, or a Shared Password List inside a folder that is propagating permissions down from the top level will not change the permissions. Another tip to help, consider setting this System Setting option under Administration -> System Settings -> Password List Options to allow user with Modify rights the ability to Add Password Lists: You could also consider locking down the ability to create folders completely, so to keep your folder structure standard. This can be done under Administration -> Feature Access-> Menu Access. I hope that's enough to get you started, but please let me know if you have any questions at all about any of this? Regards, Support
  5. Hi Sarge, You could possibly run report #36 which will return all passwords that are set up for resets, and it should give you the host it is active on. Reporting documentation is at the bottom of the API documentation you are looking at. I hope this helps? Regards, Support
  6. Do you see it saying "Backing Up Database" when performing a manual backup? Could you possibly follow this forum post to provide some informaiton about your Passwordstate web server, and send the resulting output to suppotr@clickstudios.com.au? https://www.clickstudios.com.au/community/index.php?/topic/2518-passwordstate-support-information-script/ Regards, Support
  7. Hi OB999, That's interesting, do you get any kind of errors when clicking the Test Permissions button on the Backups and Settings page? You may need to grant the account you have set for your backups access to your SQL Server Services, as per this video: https://www.youtube.com/watch?v=4iCvCYLwSL4 Does this help at all? Regards, Support
  8. Hi Jan, If you are using our Browser extensions to autofill web page logins, then this should do this for you automatically. Unfortunately we do not have auto-filling of physically installed applications in our software. Regards, Support
  9. Hi Sus, When installing it on a separate site, it will completely disregard that built in Application, so it's safe to leave it as is. Regards, Support
  10. We are exploring this option in Passwordstate 9. We can't promise anything yet, but just wanted to let you know we are listening to you and we'll do our best to make this happen. Having said that, our initial designs are the App will need to pull information from your Passwordstate API, so the end users will still need to enter a URL upon initial launch of the App. We don't see a way around this unfortunately. We are hoping to store all data offline in the App/local encrypted database too. Regards, Support
  11. Hello Pongsatorn, What we found with this is that all sessions on IIS no longer existing when returning from the SAML provider, and they previously did - so we needed to query the database a second time and set the session variables. So we're not exactly sure what Microsoft did to cause this, but it did kill your session in IIS - possibly killing/clearing the ASP.NET session cookies as well. I hope this helps. Regards Click Studios
  12. Hi Mike, I was able to replicate this. I will need to submit this to our browser extension developers to take a look at, as I don't believe it should be updating the field IDs in this manner. I'll get back to you as soon as I have more information on this. Regards, Support.
  13. Excellent PaulCA, glad that helped. One thing I forgot to mention is that by default, there is a setting on the Password List where you will be discovering these accounts into to say reset the Password after 90 days. You should change this to 30 days in your scenario: I hope this helps:) Regards, Support
  14. Hi Sus, Unfortunately at this stage the Global Admin Address book needs to be updated manually in the UI, or if you want to automate this you could use our API. If you look under Help -> Web API Documentation, there is a section about adding/deleting and maintaining contacts using a script. Potentially you could write a script to read any new users that are added to active directory, and then use our API POST commands to add that user into the global address book. For the issue where the Self Destruct message cannot be found, having the High Availability node set up will definitely explain this. I'd recommend installing the Self Destruct Site separately to any of your two Passwordstate servers, by following this video: https://www.youtube.com/watch?v=BikrIJCy1lg This way, you will have only one Self Destruct site, and both all Self Destruct messages will be hosted here. I hope this helps! Regards, Support.
  15. Hi Steve, That's correct - the feature is only available to users under the Passwords tab. If you would like a feature request for this, could you please post it under the Feature Requests section of our forum? Thanks very much. Regards Click Studios
  16. HI Craig, Sorry, but we have not made any progress on this request, due to the lack of interest from other customers. We would love to work on each individual requests for all customers, but unfortunately it's just not practical for us. If this request does get some interest in the future, we will definitely look into it for you - we hope you understand. Regards Click Studios
  17. Hi Frank, Possibly you could set up a scheduled report for the Expiring Password, which can be found here: One the actual password itself, what kind of things are you hoping to configure other than the expiry date? You could force the use of a strong password to be set? Or there are other options you could consider which are on the Password List Edit page: Or perhaps you could add in some extra fields if you need to store more information about the password, rather than just the standard fields like username and Password? Does this help at all? regards, Support
  18. Hi Pongsatorn, I can request this information from our lead developer and will post back here when I know more. he is on holidays at the moment, (quietest time of the year for us), so it may take a bit of time before I can get hold of him. I can confirm that there definitely were some code changes though, I just don't know what they were. regards, Support
  19. Hi PaulCa, The two options I could suggest would be to either use an Active Directory Discovery job, which will find the accounts in an AD container and automatically import them into the Password List with the appropriate domain selected. Or You could use a script to loop through a csv file that has the account details, and add them into the Password List which will be using the API. The Discovery job would be easiest if you the accounts were all in one OU, or one Security Group, or if they all had the same name. I hope this helps but please let me know if you had any questions about this? Regards, Support
  20. Hi Mike, I'm going to have to try to replicate this, and then pass it on to our developers of the extension to see if they can fix it. I'm fairly certain we have one of these devices I can test on. What format do you have the URl stored as? is it a base URL like https://name.com or do you have something appended to the end of the url like https://name.com/login.aspx ? Regards, Support
  21. Hi Sus, When searching for a user to send an Self Destruct message to, by default it will look through any users that you have listed under Administration -> User Accounts. If the users on that page do not have a email address associated with their username, then they will not show when searching for them in a Self Destruct Message. When sending a Self Destruct message, it's possible to time bomb the message so it gets deleted after a specific amount of time. I'm wondering if it's possible your user is not reading the message quick enough? Under Auditing, can you check these two auditing events and see if they help understand if the message was sent and if it was read? Regards, Support
  22. We understand Jeff and it's very disappointing for us also. We've invested a lot of money in Safari only for Apple to completely make our years of development redundant. If we get more interest in the future we'll certainly consider this again. Regards, Support
  23. Hi Jeff, We've taken a look at the whole process that Apple recommended for us to convert our extension over. What they made sound like an easy convert is actually a complete rewrite of our extension so it is an App on the desktop. We've installed the LastPass app from the extensions store and can confirm that this doesn't even autofill anymore, without downloading a separate version directly from the LastPass servers. For the amount of work this will be and combining that with little interest in using the Safari extension, unfortunately we will not be looking into developing an App for this at this point in time. We will be removing reference to the Safari extension in our next build of Passwordstate that we release. When installing the LastPass app, it highly recommends installing their extension for Chrome, so users get a seamless and easy experience. I'm hoping that this will be a good work around for you and your users too. We are sorry for any inconvenience this has caused, but we just can't justify developing a brand new app for this, at this stage. Regards, Support.
  24. If you do not intend on accessing Passwordstate from outside your network, the best type of free certificate you can use is one that is generated from an internal Certificate Authority. A Certificate Authority is easy to set up, and is just another "Role" that your Domain Controller provides. Below are some instructions on how to set up a Certificate Authority on your Domain, if you do not already have one: All steps below are performed on your domain controller. Open Server Manager, and Add a new Role: Click Next Click Next Click Next Select Active Directory Certificate Services Click Add Features and then click Next Click Next Click Next Select Certificate Authority and click Next Click Install When Feature Installation finishes, click Close Click Notifications and select Click Configure Active Directory Certificate Services Ensure the user you are logged in with is an Enterprise Admin and click Next Select Certificate Authority and click Next Select Enterprise CA and click Next Select Root CA and click Next Select Create New Private Key and click Next Select SHA256, Key Length of 2048 bits, and click Next Leave all the fields as default, and click Next Choose 5 years for the validity period, or what’s relevant for your organization, and click Next Leave defaults and click Next Click Configure Click Close Now reboot your domain controller, and your Certificate Authority is now configured. You can now create a wildcard certificate that can be used for your Passwordstate website, which will mean any computer joined to your domain will automatically trust the certificate making for a nicer end user experience. You can also use this certificate for your Browser Based Gateway, if you intend on using that feature inside Passwordstate. For detailed instructions on how generate a certificate from your Certificate Authority, see this forum post: https://www.clickstudios.com.au/community/index.php?/topic/1952-generate-a-new-certificate-from-active-directory-certificate-authority/ If you are changing the certificate, you may need to also change the URL of your Passwordstate website. To be completely trusted, the certificate name needs to match the bindings in IIS, which also needs to match the DNS record you have for your site. This forum post describes how to change your URL: https://www.clickstudios.com.au/community/index.php?/topic/1465-changing-the-passwordstate-url/ Regards, Support
  25. Hi Everyone, Today we have release build 8850, which includes 5 new updates, and 1 bug fix. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  • Create New...