Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by support

  1. Passwordstate has a feature called "User Account Policies", which are similar to Windows Group Policies. The idea being you create a series of rules or settings, and apply those to a group of users. For most settings applied via a User Account Policy, the end user cannot override them in the User Interface. To create a User Account Policy, go to Administration -> User Account Policies and click Add: Give your policy a relevant name, and description: Now choose the relevant setting you wish to impose on your users, and click Save. In this example, I'll be changing the authentication option to Manual AD: Now you should apply the User Account Policy to one or more users. You can either choose individual users, or a security sroup. In this example, I'll be selecting "All Users & Security Groups", and the next time anyone in Passwordstate logs in, they will be forced to use Manual AD Authentication. When you have multiple User Account Policies, you may come across a situation where the policies clash. For example, you may have one policy which has Manual AD Authentication enabled for all users, and another policy that has Google authentication as the log in authentication type for a smaller group of users. If both of these policies apply to the same user, then you can prioritize which policy takes precedence by dragging it lower in the "Order" column on the User Account Policy page. In this example below, the Manual AD Authentication policy will take priority over the Google policy: We hope this helps and please explore all the differenet options within the User Account Policies. There are many settings a that you can quickly apply to a group of users of your choice. Regards, Support
  2. Hi Steve, We've done further testing, and believe what you are seeing is still caching in ISE. Please see video below showing how we can replicate that in ISE, but not PowerShell Studio. Can you please restart ISE between each call to the API, and if you see the same issue, then can you also please provide an equivalant video like ours? Thanks very much. API.mp4
  3. Passwordstate has a over 50 different types of live email notifications that are used to alert users of a specific event happening within the software. This can range from a simple event like a user has copied a password to their clipboard, to a License warning being sent to all Security Administrators. You will need to have configured your email server settings under Administration -> System Settings -> Email Alerts and Options for this feature to work. All emails notifications are enabled by default, which can cause email clutter for your users. For this reason, you have the ability to control which emails you receive, or as a Security Administrator you can control what emails other users in the system receive. Below are some instructions on how to configure this. Control your own emails: Under your Preferences menu, select Email Notifications: Now disable the emails that you no longer wish to receive: Control which emails are sent to specific users in the system: As a Security Administrator, go to Administration tab, and then select Email Notification Groups and click the Add button: Give your Notification Group a relevant name and description and click Save: Now from the Actions Menu, select "View Notifications" and disable the templates of your choice. In this example, I'll be disabling the Copy to Clipboard Notification only: We then need to apply this to users of your choice. In this instance I've created a group which holds all of my Passwordstate users, and this group will be assigned to this notification group: With this Notification Group now active, all users will no longer receive the Copy to Clipboard emails. Note 1: If a user has specified their own Email Notification Settings as part of their Preferences, any permissions you apply here for the user will override their personal settings. Note 2: If you have more than one Notification Group created for a user, any disabled email categories will over-ride any enabled ones (be careful applying duplicates for a user). Disable emails globally: As a Security Administrator, it's possible to disable emails, so they cannot be used at all in the system. This will disable the emails no matter if a user has them enabled under their own preferences, or if they are enabled in a Email Notification Group. You can disable this under Administration -> Email Templates from the Actions menu. If you disable the email from here, under no circumstances will the email be sent to your users. Regards, Support.
  4. Hello, We just responded to your email regading this. This is actually a new bug, which another customer informed us of yesterday. We will work on a fix for this in the next release, and we will email you again once that new build is available. Sorry for the inconvenience in the mean time. Regards Click Studios
  5. Hi Steve, We've just tested this new scenario, where the API Key Variable is not initialised, and we get the same message about the API Key not being valid. Below is a simple test I was performing: $SearchUri = 'https://passwordstate.domain.com/hosts/?DatabaseServerType=SQL Server,MySQL' $result = Invoke-Restmethod -Method GET -Uri $SearchUri -Header @{ "APIKey" = "$MyAPIKey" } Write-Output $result Can you please confirm: 1. Are you using any Load Balancers or Proxy Servers which might be caching something here 2. Are you using PowerShell ISE, as we've seen many issues with ISE caching previous results, which is why we now use PowerShell Studio for all development Regards Click Studios
  6. Hi Steve, We've just tested this in two different environments, and every time we use the System Wide API Key, the API returns "An error has occurred trying to validate the Hosts API Key", with no further processing. To troubleshoot this further, can you tell us: 1. What Build of Passwordstate are you using? 2. Are you specifying the API Key in the header request, or the URL? It shouldn't matter which, but we tested in the header request and just want to double check 3. Are you using any Load Balancers or Proxy Servers which might be caching something here 4. Are you using PowerShell ISE, as we've seen many issues with ISE caching previous results, which is why we now use PowerShell Studio for all development If you are using PowerShell ISE, try restarting ISE after every call to see if that makes any difference with the caching. Thanks Click Studios
  7. Fantastic, glad that worked:) Regards, Support.
  8. Hi Tom, We've just thought possibly you could use the API to achieve this. I have pasted in a script below which will create a Private Password List for one single user called halox\lkels. Possibly what you could do is get a list of names that you need to create Private Lists for, and loop through those names, putting this script below in a foreach loop. If you have any questions about this, please let me know: $PasswordstateUrl = "https://sandbox.halox.net" $APIKey = "4ca37695823bdfe9285afe3bc3463453" # Define values for the Password List in below array $Body = @{ PasswordList = "A Test Password List" Description = "This short description is for my Test Password List" NestUnderFolderID = "0" APIKey = $APIKey Guide = "This is some test text to be inserted into the guide for this Password List" ImageFileName = "activedirectory.png" AllowExport = "True" PrivatePasswordList = "true" PreventBadPasswordUse = "true" ApplyPermissionsForUserID = "halox\lkels" Permission = "A" } # Convert Array to Json $jsonData = $Body | ConvertTo-Json # Execute the command $FullUrl = "$PasswordstateUrl/api/passwordlists" $result = Invoke-Restmethod -Method Post -Uri $FullUrl -ContentType "application/json; charset=utf-8" -Body $jsonData Regards, Support.
  9. Hi Tom, Sorry, we do not have a feature for that, and you will just need to instruct these users to create their own Private Password Lists in this instance. Regards Click Studios
  10. Hi Everyone, Today we have release build 8876, which includes 6 new updates, and 5 bug fixes. Full changelog can be found here - https://www.clickstudios.com.au/passwordstate-changelog.aspx. Regards Click Studios
  11. Hi Steve, We've just finished testing in two different environments - one set to 15 mins, and the other 5 mins, and we were logged out in both instances. Let us know how you go with the further testing. Regards Click Studios
  12. Hi Steve, Thanks, and I think that makes sense now - when we did our testing, the new folder was receiving its permissions from the nested Password Lists. Regardless of whether or not you are a Security Administrator, it seems you permissions where removed from the Password List in this instance (at the time you were accessing the Password List, or refreshing the screen), as you were redirected to the screen informing you of this. Every time a Password List is clicked on, we check if the user still has permissions or not. Regards Click Studios
  13. Hi Steve, I'm just doing another test now, on another environment running 8865, but setting the value to 15 minutes. I'll let you know how this goes when test is complete. I'll also leave the API page open too. Could you also try another test where you log out of Passwordstate, log back in and then go do some other browsing again, and let me know if this helps. I'm wondering if you clicking around in Passwordstate prior to leaving the tab unattended is causing this issue. Regards, Support
  14. For anyone reading this, we worked with Michal over email and discovered that the Cisco Validation script was using a different library to a majority of our SSH scripts. We've now migrated this script using the Chilkat library, and this natively supports DH2048 or better. You'll need to upgrade Passwordstate to take advantage of this change to at least 8876 or newer. Regards, Support.
  15. Hi Steve, Can I ask which build of Passwordstate you are running? Were you doing any sort of activity under the Hosts tab prior to this happening, as there was a fix for this in a later build where the main web page would not log out if doing RDP or SSH sessions from under the Hosts tab. When you say you are doing other activity in other tabs, do you mean on other websites, or do you have a second instance of Passwordstate open and are doing work within that? I've just tested this myself setting the activity timeout to 1 minutes, and then I left my Passwordstate session logged in when having the Administration tab open, and after about 2 minutes of web browsing in other tabs I can back and it was logged out. Regards, Support
  16. Hi Steve, A couple of us just tried to test your scenario above, but did not see that same issue you were - maybe we did not have the same permission model as you, and by that, maybe you had folders propagating permissions, or something different. For us to look into this further, could you provide steps for us to reproduce it? Thanks Click Studios
  17. Hi Paul, Unfortunately you require Administrator rights to Password Lists in order to export the passwords, so you will need to do this for them when required. Regards Click Studios
  18. Hello, This should not affect Passwordstate at all - we do not record SIDs of the host objects or accounts. Regards Click Studios
  19. support

    Search All

    Hi tburke, I think the best thing to do when you get asked this question is to export all passwords from Administration -> Export All Passwords, and then search through that list of credentials. Maybe deselect this option as it will quickly fill your auditing table: Regards, Support
  20. Thanks for letting us know. Regards Click Studios
  21. Hello, I've finished a code review of the software, and the only way this can happen is if the build number stored in the database, is greater than the build number of the software. Do you know how this happened - possibly you've done a restore of all your web files, or maybe you're doing a move of the install and and installed older code? To fix this, can you please follow section '5. Manual Upgrade Instructions' in the following document - https://www.clickstudios.com.au/downloads/version8/Upgrade_Instructions.pdf Regards Click Studios
  22. Hi Karen, Sorry for the confusion, as I thought you mentioned folders above initially. And no, if you change permissions on a linked template, it will not change permissions on any permissions on the linked Password Lists - that feature is only used when the Password Lists are initially created. So you need to modify permissions on each Password List as required, and that will propagate up to any folders above it. For that disabled checkbox, please look for the setting "When creating a new Password List, and the settings are being Linked to a Template, allow users to uncheck the option for linking it to the Template" on the screen Administration -> System Settings -> Password List Options tab. I hope this helps. Regards Click Studios
  23. Hi Karen, I can see it embedded in my forum post - can you try a different browser if you don't see it? Thanks Click Studios
  24. Hi Karen, If you have configured a Folder to propagate permissions down, then you can grant additional permissions to the folder. But you cannot modify permissions on any nested Password Lists or Folders, as they are inheriting from above - so we do not have the concept of blocking inheritance, if that is what you are needing? Here is a training video for you as well, as it might help explain it better - https://www.youtube.com/watch?v=QBJE_xD185U Regards Click Studios
  25. Hi Karen, You cannot clone folders from within the Administration area - please have a look at the screenshot I provided you, as this shows where this can be done i.e. under the Passwords tab. Regards Click Studios
  • Create New...