Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Azkabahn

  1. Hm, well at the moment it is V7.7 (Build 7798), but it happened with the previous version. Unfortunately, do not remember which one was it. I will keep an eye on this, in case similar situation happens.
  2. Thanks for the answer. These options are know for me, I was thinking that perhaps it's possible to change the SID back to previous, but apparently no. At least from what i've read. Another issues that happens is that if the name of the group in AD is changed it looses access in PasswordState password lists. Is it possible to add a feature in the next version so that when you rename group in AD it doesn't loose the permissions?
  3. Hi, our PasswordState instance is synced with AD. After the Security Group is deleted that group is removed from all the password lists. Would it revert back the changes if I create the same Security Group in AD? Or I need to manually go through the logs and see which password lists were shared with that group?
  4. Hi, I have PSS V7.7 (Build 7798). The issues I am having is the following, I have a parent folder underneath there are several other folders and many passwords lists. All folders have the same configuration options set as seen in the attached image. Now, I need to grant a Security Group admin permissions to whatever is under the parent folder without any impact to other security groups etc.
  5. I see, no there is no problems on my end, I was just curious to know. It looked that it wasn;t very serious problem. Since we have PasswordState in DEV environment such cases as corrupt web.config file or interrupting installation is what we try to do to have mitigation plan if such things will happen.
  6. Hi, I am trying to perform this scenario, but it doesn't work well. I have enabled "Allow users to create password records when they only have View permissions to the Password List:" Grant Test01 user view permissions to the password list Test01 user creates a new password record inside the list Unfortunately, the user is not able to modify the record he recently created. No modify permissions are granted to the password I am using V7.6 (Build 7619)
  7. Hello, would it be possible to get some details on this issue, how it was resolved etc.? would be useful for future reference.
  8. Sorry if I was not clear with my post. I forgot to mention that the import would be happening by exporting CSV file from other vendor and then importing into PasswordState. The problem is that each vendor has different formatting of CSV output. Different naming of the columns, using different separators etc. All this can be adjusted within excel sheet, but the for simple users it's a bit tedious job, do it on their own.
  9. Hello, I was wondering do you have this in your plans to try to have some sort of integration with other password management tools? I mean to have an easy Import functionality. At the moment current Import function doesn't really do the job. You have to type manually in the excel sheet and then import back to PasswordState.
  10. Hi, i want to inform, that the update solved the issue for the user with that Chrome version
  11. I have noticed that it doesn't work with Chrome 46.0.2490.80m version. We currently have V7.3 (Build 7393) of Passwordstate. Can it be the problem of PasswordState version?
  12. That what i was thinking, that it probably works with the hosts connected to a domain. Unfortunately, we have some hosts that are not connected to the domain (don't know the reason), but do think this is something you might improve? I haven't tried with Linux reset scripts, but I hope that they don't have to be connected via LDAP if this is the case as with windows hosts, then it would be really useful to have ability to run reset scripts to the hosts that are outside the domain.
  13. Hi, that is actually how I was testing the whole time. I have attached two screenshots. In the first one. You see two accounts. Both exist on the machine with the administrator privileges. The "administrator" account is set in the "privileged account" section and it is also added in the password list. Both are connected. The password list has the reset functionality enabled as well. see http://pasteboard.co/YKXNF23.png It says that the account might be locked, but the host is not connected to the domain. Therefore the users are not connected to AD as well. So the option to unlock the user account is not present. And I think this is not the case. see http://pasteboard.co/YKQsBXT.png If you don't see what is wrong with my tests I guess I will just tell my colleague to try and set it up, it could be that I overlook something
  14. Powershell Remoting is enabled with the "Force" flag. Firewall is disabled (just for testing purposes). Unfortunately, the password reset script doesn't work. Can the problem be that instead of hostname I put IP address of the machine? The PasswordState version I am using is - V7.3 (Build 7393) What I have done different from what was posted above is: Created additional administrator account. Now the host has two admin accounts: administrator and test1 The password list has a password record for the test1 account. "Privileged Account Credentials" left as it was. It contains administrator account and the password. The password is the same as for the "administrator" account on the host. Which as it should be (?) If I run account Heartbeat check it returns "A manual Account Heartbeat check successfully validated the password for account administrator (\SecUnit\Servers) of Account Type 'Windows' on Host". The host is not connected to domain as well as users on that machine - can this be a problem? Is there a requirement that all the hosts must belong to domain? I follow the tips and the instructions, but I end up with the problems anyhow.
  15. Hi, I am having some hard time understanding the password reset scripts procedure. The instructions are doesn't go too much into details. As to try this, I have setup a demo dummy host machine. I will try to list all the info into bullet points, so here it is: I have created a private password list. With all the necessary options checked according to the manual. List contains a password of the host machine (windows). Machine has only one account - administrator In the "Privileged Account Credentials" section I have created a new credential with the same name as above and the same password. If I run "Password Validation Scripts" it goes fine. The problem occurs when I try to run "Reset Windows Password" script. I get the following error: Error = Failed to reset the local password for account 'administrator' on Host ''.Error = [] Connecting to remote server failed with the following error message : The WinRM client cannot process the request. Default authentication may be used with an IP address under the following conditions: the transport is HTTPS or the destination is in the TrustedHosts list, and explicit credentials are provided. Use winrm.cmd to configure TrustedHosts. Note that computers in the TrustedHosts list might not be authenticated even adding the passwordstate IP address to the remote host machine I still get the same error. Maybe I am missing something? The idea behind this is to add around 20 machines and execute the password changing script in order to change form default one into something more random.
  16. Wouldn't it be possible to do it only programmatically? Introduce some global class which upon user's upcoming requests runs the logoff script. There is a drawback, because the user might just be sitting on the site and doing nothing. Although, usually if you are on the website you probably do some activity etc. so with a new request coming from the user, perhaps it's possible to trigger an logoff script which logs user off and doesn't allow him to connect back for certain time amount (specified by admins)
  17. Hello, recently we had to update the Passwordstate. We faced an issue with the active users. In order to update Passwordstate there should be no active users logged in. I couldn't find any option or setting where it could kick the users out. I know there is some workaround like killing all the connections from the server perspective, but it's too much of a hastle. So, if this is something that I have missed or this could be considered as a feature request?
  18. Yes that clarifies a bit. Although, do you plan to have this functionality in the future?
  19. Hello, one issue come up in our organization while using the PasswordState. The scenario is the following: lets, say we have several machines which initiates code deployment to other machines. Code deployment machines are within .1-.126 IP range and they belong to two different teams (i.e.: 3 machines per team). These machines has separate API keys generated to access different password lists. The API key is stored within the configuration files in those machines. That being said, in UI application you can set permission who has the right to view particular password (not the list), but how do you grant/restrict permission of such functionality for API calls? Does that makes sense?
  20. Thank you! I think this feature will be useful to other clients as well, because it adds more flexibility trying to match hosts. Is there any estimate time for this to be available?
  21. Hello, I see one issue with this "Host Name Match:" field. Is there an option to have wildcards within the name. We have many servers which has the following structure "ServerName001Win" is it possible to put willdcard to match all the numbers "ServerName*Win"?
  • Create New...