support

Hi Everyone, No update in this certificate issue yet with Edge, but we are going to move this feature request into the closed feature requests forum, as the original scope has been completed. We have, however created a Bug fix for this internally, and we'll report back to this forum post once we find a solution to this certificate issue. The tracking ID for this bug fix is PS-2654 and if you need to you are welcome to contact us on support at clicktudios.com.au for updates on this. Regards, Support

Excellent, also from us, thanks for sharing too:) We have quite a few people using this script now and it's making it very easy for users to come across from Keepass to us. We appreciate it. Support, Click Studios.

If you need to import all of your data from KeePass into Passwordstate, this is the preferred process due to the below Powershell script keeping the correct format of your KeePass database. We'd like to thank one of our customers Fabian Näf from Switzerland for writing this script for us. He did a great job and it's helped out many of our customers. This import process will create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass structure beneath this. For customers not familiar with Passwordstate, the equivalent of a "Group" in KeePass is a "Password List" in Passwordstate. We also have the concept of "Folders" which allow you to logically group Password Lists together. If you follow the process below, it should create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass group structure beneath this. Process Start: In Passwordstate, identify and note down your System Wide API key from Administration-> System Settings -> API and you will find it under “Anonymous API Settings & Key”. Ensure you save this page after you generate the new key. Create a Password List Template under the Passwords Menu -> Password List Templates. On this template please set the following options and then save the template: Disable the option to prevent the saving of password records if they are found to be a “Bad Password” (screenshot 1 below) Uncheck the option so the Password field is not required, and enable the URL field (screenshot 2 below) Identify and note down the TemplateID by toggling the column visibility (screenshot 3 below) In KeePass, open your database and export the contents to a XML file. This can be executed from File -> Export -> KeePass XML (2.x) Download the script from: https://www.clickstudios.com.au/downloads/import-keepass-xml.zip Extract this zip file and open with Powershell ISE or the straight Powershell shell, if you prefer You will be prompted to answer 5 pieces of information: The username of an existing Passwordstate user you wish to give Admin rights to all Passwords imported during this process. Generally you would just enter your own Passwordstate UserID here as you can modify permissions later and and example format for this is halox\lsand Your Passwordstate URL Your System Wide API key The FolderID you wish to create your KeePass structure under. Enter '0' to create this in the root of Passwords Home, otherwise find the Folder ID of any Folder you like and use this when running the script Your PasswordList Template ID It will ask you to browse to your Exported XML file That’s it, the script will now run through and automatically read all of the information out of the XML file, and import it into Passwordstate. From here, there are a few other things you might want to consider doing after the script has run successfully: You may want to rearrange your folder structure. Ie possibly you might want to create some new folders for each of your teams, and then drag and drop existing Password Lists/Folders inside of them Once you are happy with your Folder structure, you should start applying permissions to either Password Lists or Folders using the following video as a guide: https://www.youtube.com/watch?v=QBJE_xD185U Best practices are to use Security Groups to apply permissions, instead of individual users, if possible Screenshot 1: Screenshot 2: Screenshot 3: Regards, Support

Hello Pjc, Thanks for your request, and yes our software can do what you've suggested above. You would need to use our Browser Extensions for this, and save the web site logins into a Shared Password List. Here is a quick video of this feature - https://www.youtube.com/watch?v=1hmjnrrt2Pg and there are also many other videos on our channel as well for you. In terms of Passwordstate cs Cyberark, we have the following feature comparison for other products - https://www.clickstudios.com.au/compare-password-managers.aspx. We don't have a comparison for Cyberak though, as we are unable to test it ourselves - they won't let us The have similar features to Secret Server, but are significantly more expensive than them. Regards Click Studios

Hi Frank, There is the Auditing activity of 'User Account Added to Security Group', but you're correct in that you cannot specify a reason when doing this. Regards Click Studios

Hi Guys, Yes, this will be available in the next release - due in about a week or two. Screenshots below. Regards Click Studios

Thanks

Thanks Parrishk. During imports, we do recommend turning off the 'Bad Passwords' option on the Password List, as this will allow you to import without any issues. Regards Click Studios

Hello, Thanks for your request. As a work around, you could run the SQL Query below. Any Password Lists with a TotalPermissions of 0, means there is no Admin on the list. USE Passwordstate SELECT PasswordLists.PasswordListID, PasswordLists.PasswordList, PasswordLists.Description, PasswordLists.TreePath, (SELECT COUNT(PasswordListID) FROM [PasswordListsACL] PSSWD WHERE (PSSWD.PasswordListID = PasswordLists.PasswordListID) AND (PSSWD.Permissions = 'A')) As TotalPermissions FROM [PasswordLists] WHERE (PasswordLists.PrivatePasswordList = 0) AND (PasswordLists.Folder <> 1) GROUP BY PasswordLists.PasswordListID, PasswordLists.PasswordList, PasswordLists.Description, PasswordLists.TreePath ORDER BY PasswordLists.PasswordList Regards Click Studios

Hello, We can confirm that a Folder or Password List will not be selected in the Navigation Tree, if you have Load On Demand enabled - this is by design, because nested items do not exist in the Tree until you expand the parent nodes. Load On Demand is only generally recommended if you have 1000+ nodes in the tree - how many do you have? Regards Click Studios

Purpose: Permalinks are short cuts to specific places in your Passwordstate web session. You can supply Permalinks to other users to point them to the exact location you require. This is also handy for documentation, as you can embed Permalinks to a Password Record or Password List, instead of inserting this sensitive information in the documentation. Please note whoever is accessing the Permalink will need permissions to view it in Passwordstate, otherwise it will error. How Do I Do This? Folder Permalinks: Click a Folder from your Passwords Home, and click the Folder Options button Copy the Permalink from here: Password List Permalinks: Click a Password List and select the Permalink link Password Record Permalinks: Click the Action Menu for an individual Password Record, and select Copy or Email Password Permalink For Password Lists or Password Records, you have the option to email it directly to people, or you can copy and paste the Permalink and distribute as required:

Thanks for the suggestions Ulf - we appreciate it.

Thanks Florian

Hi Rob, We're really sorry, as we didn't pick up initially that you are using forms-based authentication, and we were testing with AD Authentication. So we've been able to reproduce the same issue as you now, and have also fixed it for the next release. We'll post back here again when the new build is available, in about a week or two's time. Regards Click Studios

Hello Florian, At the moment, any user who has Modify or Admin rights to a Password List can empty the Recycle Bin. Instead of storing credentials in the recycle bin when they may be needed later, would it be better to move these accounts to some type of "Archive" Password List, and then you can control who has access there? Regards Click Studios

Hello, With this type of discovery job, it does not reset the password upon discovery - as this would be very disruptive to services. This option is for initially setting the value of the password in Passwordstate, which will obviously be incorrect until the first reset occurs. We hope this clarifies. Regards Click Studios

Hi Guys, This was also our concern about implementing this feature, but several customer's reassured us that it wouldn't be a problem We're not really sure what to suggest here if you want to use this feature. You could uncheck the option which prevents saving if a bad password is detected, but that sort of defeats the purpose of having this feature in the first place. We could look at the warning as you've suggested, but we're pretty sure users would just ignore this and continue to use these "bad" passwords. Regards Click Studios

Hi Frank, Thanks for your request. Are you aware there is full auditing for this as well? You can report on this auditing in real-time, or create scheduled reports based off this Auditing activity reports. Regards Click Studios

Thanks

Hi Yes, This is only an email notification. You can also ensure no users login by enabling maintenance mode, and that will give them a page explaining they cannot use Passwordstate at the moment. Certainly not what you've asked for though. Regards Click Studios

Hello, Thanks for your request. Whilst not automated like you would like, you can send 'Outage Notifications' to all users from the screen Administration -> Backups and Upgrades. Just click on the 'Send Outage Notification' button, and adjust the details as appropriate. Regards Click Studios

Hi Luke, With your Security Groups in AD, can you also check if there are any nested security groups? Thanks Click Studios

Hi Luke, We don't think it's related, as restarting the Passwordstate Windows Service would free memory from this executable, but we're going to be doing some testing this weekend, to see if there are some issues with memory not being released after the AD sync process - possibly this is the cause. Can you tell us how may users and security groups you would be synchronizing? Thanks Click Studios

Hello, We have a little information in our User Manual for this, under the Help Menu. If you have a look in the KB Articles section, you will find the detail below. With our scripts, the majority of them are error capturing, where we try and consider all possible scenarios when a reset might fail. What I would suggest is having a look at all our scripts in the folder C:\inetpub\Passwordstate\setup\scripts, and take a copy of one in which you can test this outside of Passwordstate. If AWS cmdlets return some sort of success message, and hopefully they should, the in the script you return Write-Output "Success" And for failures, you simply return something like Write-Output "Failed to execute script correctly against , which you will see in all our scripts. If you have any further questions about this, please let us know as it would be great if you could get a script working for this - we'll do whatever we can do to help. Regards Click Studios

Just thought of something for this Sarge. Let's say one Password List is configured where 'Reason' is mandatory, and we are searching across all Password Lists without a reason being specified. Do you think we should raise an exception, and break the API Call, or simply not return any records from that one Password List. Not returning records may cause some confusion for customers, but these are the only two possibilities I can think of. Thoughts? Regards Click Studios