support

Hello Everyone, Today we have released build 9727. With this release, we have a new Windows Credential Provider for our Password Reset Portal module, which no longer requires Internet Explorer. It also does not rely on other browsers like Chrome or Firefox. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx

Hi Sarge, Thanks. For the values, there could be sensitive data for certain fields, and this is the reason we do not record the values. If possible, we generally recommend change control documents the changes, so that the changes are also well understood. Regards Click Studios

Okay thanks.

Hi Jon, Does the report "What passwords have not been used lately?" and the field "Last Updated" help at all? Or maybe the report "What passwords have recently been reset?" and for the duration, specify "Report All Data"? Regards Click Studios

Hello, Would the Search for Password Lists method in the API work here i.e. by TreePath field? If not, thanks for your request. Regards Click Studios

Hi Sarge, Thanks for your request. We understand this is a limited use case, but we can't really be working on new features that goes against best practice - we hope you understand. This would also be requiring a large architectural change for object relationships within our software. Regards Click Studios

Hello Marpheus, Your recent question does not seem to relate to your original question, but to answer it, no - you cannot do this. We have other protections in place. We also encourage customers to ensure unauthorized users do not have administrator access to the web server and database server. This recommendation is no different to any other software. Regards Click Studios

Sometimes issues can arise when disabling communication Protocols or Ciphers on your Passwordstate server, and normally these are disabled for security reasons. To help Click Studios Support understand what is and isn't enabled on your server, we may ask you to run IIS Crypto. IIS Crypto is a tool that can read which protocols and Ciphers are enabled/disabled on your system, and it does this by reading the registry. IIS Crypto does not need to be installed, rather it is just an executable you download and run. When you simply open the software, it will read the registry and shows what is currently enabled. Example screenshot below for this. As long as you do not make any changes on this screen, your registry will not be altered. Please send Click Studios support a screenshot like this one below if requested in your Support call. If you have any concerns about running this executable on your server, you are more than welcome to deny this request from Click Studios, and we'll find some other way to help troubleshoot the issue you are seeing. Alternatively, you can upload the executable to Virus Total for a scan to confirm it has no malicious content: https://www.virustotal.com/gui/home/upload IIS Crypto Can be downloaded from here: https://www.nartac.com/Products/IISCrypto/Download Regards, Click Studios Support

Hello marpheus, We can confirm that Click Studios has no access to your Passwordstate environment in any way. We also no longer support that method of converting Private Password Lists to shared ones. Instead, please see feedback below: As of the release of Passwordstate V9 Build 9455 Click Studios no longer supports the Restricted Feature enabling Security Administrators to convert Private Password Lists to Shared Password Lists. This applies in the following cases; In V9 Build 9455 the Generate Request code functionality for converting Private Password Lists has deprecated For all Versions and Builds prior to 9455 we will no longer supply the corresponding unlock code for this conversion We have made this change for security and compliance reasons, and, the change has been requested by many Enterprise customers globally. There are still two valid approaches to convert Private Password Lists to Shared Password Lists, those being: You request your user perform this action themselves as per the menu in the screenshot below, or, You liaise with your Human Resources or equivalent department to have the user account password reset. Then log in as them and perform the conversion mentioned above. How to Convert a Private Password List: Regards Click Studios

Issue: If running Passwordstate in High Availability mode, where you have two webservers both communicating to 2 x SQL servers replicating data in real time, some customers have had issues testing an automatic failover in SQL to the second database. This only happens when the second database server is located on a different subnet to where the Primary Passwordstate website is hosted. Potential Fixes: Three are a few things you can try to fix this issue: Fix 1: In the connection string sections of your web.config files, add in the following code: MultiSubnetFailover=True This tells the Passwordstate website that it can communicate to a database on a different subnet Connect Timeout=30 This setting can be expanded to 60, or 90 and this is how long the website stays alive for whilst it’s trying to establish a connection to the new database. Persist Security Info=True This means the SQL password is stored in cache when failing over - Use this at own risk and please see Microsoft Explanation for this below. Perhaps only do this for testing purposes: Microsoft Explanation of Persist Security Info: The default value for Persist Security Info is false; we recommend using this default in all connection strings. Setting Persist Security Info to true or yes allows security-sensitive information, including the user ID and password, to be obtained from a connection after it has been opened. When Persist Security Info is set to false or no, security information is discarded after it is used to open the connection, ensuring that an untrusted source does not have access to security-sensitive information. Example of web.config file: <connectionStrings> <add name="PasswordstateConnectionString" connectionString="Data Source=xxxxxxxxx; Initial Catalog=passwordstate; User ID=passwordstate_user; Password=xxxxxxxxx; Persist Security Info=True; MultiSubnetFailover=True; Connect Timeout=30" providerName="System.Data.SqlClient” /> </connectionStrings> Fix 2: Instead of MultiSubnetFailover=True set this to Yes like this example: MultiSubnetFailover=Yes We're not 100% sure why, but possibly different versions of SQL accept the different values and we've had some customers report that one works, but the other doesn't. Fix 3: You'll be using an Active Directory Listener as part of your SQL fail over. A Listener is just a virtual computer object in AD with functioning DNS like any physical server. Typically you would set the Netbios name of Listener object in your connection string as the Data Source. Instead of setting the Netbios name for this Listener, set the IP Address of the Listener in the Connection String. The only other thing we can recommend is logging a support call with Microsoft if none of the above suggestions help. There's no code inside Passwordstate that can be changed to get this to work, and the issue lies between IIS and the SQL Technology. Microsoft should be able to assist with this. Regards, Click Studios Support

Hello, You should be able to change top level folders - maybe you don't have access to the top level folder, which is why this setting is disabled. We'll need to see some data to troubleshoot this further, so please log your support ticket here https://www.clickstudios.com.au/support.aspx Could you then please provide a copy of the data in the PasswordLists table, by following this article https://www.clickstudios.com.au/documentation/query-data.aspx Thanks Click Studios

Hi Ian, As we perform direct queries of SQL Server here, you need to query the specific Generic Field names, as specified in the DB i.e. GenericField1, GenericField2, etc. Regards Click Studios

Issue: When importing a Keepass XML file you may see one of the following error messages and no data is imported into the system: Fix: Both of these errors are related to an incorrect Base URL in Passwordstate being set. Go to Administration -> System Settings -> Miscellaneous and confirm that the URL starts with HTTPS (not HTTP), and also that the URL is the exact URL you use to access Passwordstate and there are no spelling errors etc. If the URL you have set on this page is the URL of a Load balancer, this should still work, but we have seen some customers run into this issue if the Load Balancer does not pass the request on to the Primary Passwordstate website API. The import process is doing a simple POST command to insert the data through the API, so if the API is not reachable through the Load Balancer you will see this issue. A possible work around for this is to change the URL to not use the Load Balancer URL temporarily, just until you get the data imported correctly into the system. If you still have an issue importing, please log a support call with Click Studios from this page: https://www.clickstudios.com.au/support.aspx Regards, Support.

Hello, Is this a nested folder, as you can only change the permission model on the top level folder you see in the Tree. Regards Click Studios

Thanks Mackov83 - we will look into this issue for the next build. Regards Click Studios

Hello Everyone, Today we have released build 9715. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

System Requirements: This guide is actually applicable if upgrading from version 7 of Passwordstate too, and we recommend checking you meet the system requirements which can be found here before you upgrade: https://www.clickstudios.com.au/passwordstate-system-requirements.aspx Expected Time Frame to Complete Upgrade: The time of the upgrade will vary, depending on how much data you have in the system. With an environment with 5000 passwords in 1000 Password lists, the database upgrade will take approximately 3 minutes. With an environment with 250,000 passwords in 20,000 Password Lists, it can take up to 20 minutes. Whilst the database upgrade is in progress, please do not refresh your page or close it down. This will break the upgrade and you'll have to restore the system. If you are using the High Availability version of Passwordstate, please factor in extra time to upgrade the second server, and potentially administer SQL replication, depending on what type of replication you are using. Pre-Upgrade Database Check: Also, in one of the later version 9 builds, we support Unicode characters, and this can grow your database in size by 300 – 400 %. Please see this Forum Post which helps with database management before you attempt to upgrade: https://forums.clickstudios.com.au/topic/15057-build-9493-database-management/ This database management recommendation by us is only applicable to this upgrade attempt, and any future upgrades do not require this process to be followed. Pre-Upgrade Backup: Before attempting any upgrade of Passwordstate, it highly recommended to take a backup of your system. Theer are multiple ways to achieve this but in order to restore your environment, you will need at least a copy of your Passwordstate install folder and your Database. Passwordstate has built in Backups that you may already be using, a Virtual Machine snapshot may be suitable, or you can take a manual backup by following this guide: https://forums.clickstudios.com.au/topic/13911-manual-backup-using-sql-management-studio-tools/ Upgrade Process: Please see this upgrade guide which shows the complete process to upgrade from version 8 to version 9: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf Upgrading from Passwordstate 8 to 9, being a major version update, is a two part process: Part 1: Download version 8995 source files on your web server and install them Log into Passwordstate to complete the database portion of the 8995 upgrade At this point you will have a fully functional instance of Passwordstate running build 8995 Part 2: Download the latest version 9 source files on your web server and install them Log into Passwordstate again to complete this version 9 database upgrade Process complete All source files are linked in the above document, and any future upgrades will only require you to download the latest Version 9 source files and run those. Post Upgrade Tasks: After upgrading to Version 9, we have a new Backup process that is slightly different to the backup feature in Version 8. If you are currently using the backup feature, you’ll need to revisit the settings and configure accordingly. Version 9 can be backed up to a local folder with a local Windows account, or to a network share with a domain account. We have two separate guides for this and following one of these should help you get set up: Domain Account With Network Share: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups.pdf Local Account with Local Folder: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Automatic_Backups_Local_Account.pdf Additional Module Upgrades: If you are using any additional modules such as the Password Reset Portal, or Self Destruct website, you will need to upgrade these too. All Upgrade instructions for these can be found in the Upgrade Guide: https://www.clickstudios.com.au/downloads/version9/Upgrade_Instructions.pdf How do you tell if you are using any additional Modules? Please see this blog post: https://blog.clickstudios.com.au/what-passwordstate-options-are-installed-and-where/ and this Blog post: https://blog.clickstudios.com.au/wheres-my-password-reset-portal/ Please note, if you were using the Mobile Website in Passwordstate 8, we have replaced this with iOS and Android Apps for your phone. You will need to install the new "App Server" module to take advantage of these new mobile Apps: https://www.clickstudios.com.au/downloads/version9/Passwordstate_App_Server_Install_And_Administration_Guide.pdf Restoring in the Event of a Failed Upgrade: Please see the Disaster Recovery section starting on page 199 of this manual to help restore your environment: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Security_Administrators_Manual.pdf Additional Support: You are welcome to log a support call with Click Studios at any stage for more advice: https://www.clickstudios.com.au/support.aspx Regards, Click Studios Support

Issue: Passwordstate's Keepass import process will set up and create shared Password Lists, and then import passwords into them according on how you have your Groups set up within Keepass. If you need to import a user's Keepass data into a Private Password List, this is a slightly different process listed below. Process: Export your KeePass data to a CSV file: Create a new Private Password List, and possibly select the "Web Site Logins" template, this way it enables the URL field on the Password List, which will allow you to import Entries from KeePass that have a URL set. Next, go to Import Passwords, and choose the CSV File into Single Password List type: Search for, and select your Private List, and Generate a new CSV Template: Copy all data from the KeePass Exported CSV across to your Passwordstate CSV Template, and save these changes: On the Import Data tab, select the CSV Template that contains all the new data, and choose Import: You should see a successful result: And all Passwords are now added into your List: Regards, Support

Hello Everyone, Today we have released build 9708. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Thanks TJ. If we ever get into the full document/wiki management space, we'll consider your request. Regards Click Studios

Hello Sexy-trousers, Thanks for your request. I've sure you're aware, but you can securely upload documents into Passwordstate i.e. associate with Password records, Lists, Folders, Hosts, Host Folders, etc. Regards Click Studios

Hello mackov83, Yes, unfortunately technical support only comes with the paid version of Passwordstate. We wish we were resourced to provide support for the free version, but we do have thousands of customers using the free version. We will look into your points above for the next build though. Regards Click Studios

Hello, Thanks for the information. As per the instructions on our forums, if you require some technical assistance from Click Studios, we ask for you to log your support tickets here - https://www.clickstudios.com.au/support.aspx The forums are designed to allow the community to help each other out. Thanks Click Studios

Issue: You are hosting Passwordstate on a workgroup computer, or possibly on a domain in a different forest with no trust, and you cannot login to the web interface. The error you receive is "Username or Password is incorrect" Potential Fix: Confirm that the settings for your domain under Administration -> Active Directory Domains are correct in the first instance, including the LDAP Query string, netbios and FQDN. To confirm the settings are correct, open a command prompt on a computer joined to the domain you wish to log into, and follow these instructions: Open a command prompt on your computer and type set userdomain, and then set userdnsdomain The NetBIOS Name for your Active Directory settings should match the result of set userdomain FQDN should match the result of set userdnsdomain The LDAP Query String for your Active Directory settings should match the result of set userdnsdomain. e.g. dc=clickstudios,dc=com,dc=au for the domain clickstudios.com.au Next, try changing the connection protocol on your domain under Administration -> Active Directory Domains to LDAPS, and ensure your remote domain is configured to accept LDAPS connections. If this does not work, you can try changing the Protocol to Kerberos. Ports that need to be open between your Passwordstate webserver and the remote domain are as follows: LDAP: 389 LDAPS: 389, 636 Kerberos, 88, 389 464 If needed, try running Wireshark or something similar to track traffic from your webserver to the domain, and check domain event logs for any errors with authentication attempts coming from your Passwordstate webserver. Regards, Support

Hello Everyone, Today we have released build 9700. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios