Jump to content

Sarge

Members
  • Content count

    65
  • Joined

  • Last visited

  • Days Won

    2

Sarge last won the day on February 8

Sarge had the most liked content!

About Sarge

  • Rank
    Advanced Member

Recent Profile Visitors

235 profile views
  1. Funky monkeys! That's great!
  2. Resend Authenticator QR via API

    Certainly an option, but that would require an RFC and the associated paperwork/waiting time - just to log back in.
  3. Resend Authenticator QR via API

    Yeah I know. I could have logged in as our primary security administrator account as well, but both those methods require the CIO - who was on leave at the time as well. (since it was Christmas and all).
  4. Bulk Move/Copy

    I've had a quick search of the user manual but wasn't able to find this option. Is there a method to bulk move/copy/copy & link passwords? I've deployed an instance for my own personal use and have about 200+ passwords to move from my the list containing my imported passwords to another list - and one by one it's taking me forever lol
  5. Resend Authenticator QR via API

    In this vein, it would be nice for users to send themselves their QR code through some kind of password reset process. It's not a huge deal, however it's recently occured to us (before Christmas) that I had to reset my phone, and the other security admin was on holidays - meaning I had no access to passwordstate during this time. If there was a method on the 2FA screen to say "Don't have access" and then carry out some other form of verification (Security question combined with SMS codes or email codes comes to the top of my head) it would be a huge help. I agree with support that doing this programmatically via the API doesn't seem to be all that useful unless you are dealing with 10s of resets a day. But perhaps a reset option like my suggestion above takes it out of the hands of administrators and into the hands of the users. (I maybe going crazy, but I got deja-vu typing this. So if I've previously requested this ignore it lol)
  6. This can be done from System Settings. There are 3 places password generator policies take effect - one is the password lists which is set using a template or otherwise upon list creation, the other two places are managed in system settings as seen in this image. You can choose any password generator policy as the default, I've selected my "Test" policy in the example image.
  7. The code you've posted doesn't contain any underscore (_) characters; so I assume the underscore (_) character is in your $PasswordstateUrl variable which you've modified here for privacy? If that's the case, try wrapping the URL in quotation marks instead. $PasswordStateURL = "https://passwordstate/winapi/passwords"
  8. Yes, but the password will need to be reset by Passwordstate first. Since AD passwords aren't decryptable Passwordstate has no way to determine what the password is without it being reset. As Support said, there's a line break in your code causing the argument to be interpreted as a cmdlet. This is what we use... #GET REQUIRED PASSWORDS FROM PASSWORDSTATE API $PwdStateURL = 'https://passwordstate.domain.com.au/api/passwords/777' $ExecutePwdStateCall = Invoke-Restmethod -Method GET -Uri $PwdStateURL -Header @{ "APIKey" = "abc123abc123abc123abc123abc123" } [string]$script:user = $ExecutePwdStateCall.Username [string]$script:pass = $ExecutePwdStateCall.Password
  9. Sure is. Refer to page 213 of the user manual. https://www.clickstudios.com.au/downloads/version8/Passwordstate_User_Manual.pdf You can also do it via PowerShell using Passwordstates REST API. Outdated documentation, but still relevant: https://clickstudios.com.au/downloads/version6/API/
  10. Whos that? I'm sarge lol.
  11. I'll second this, it prevents us moving it into production. I didn't even realize it was UDP only - but I've only just started testing the rsyslog capabilities to graylog.
  12. Hiya, Not sure if this is possible, I believe it maybe possible already but my WebAPI-fu is too limited, but it would be nice to pass a "reason" through the WebAPI headers. EG: $ExecutePwdStateIPACall = Invoke-Restmethod -Method GET -Uri $PwdStateIPAURL -Header @{ "APIKey" = "abcdefg1234567hijklm89101112" , "Reason" = "Script Name: List of VMs"} The 'reason' would then be added to the auditing data description of WebAPI connections. Making it easier to see at a glance why a connection was made and if it was expected. In the below screenshot I have a few entries, all of which are from the same IP address for the same password, I expect to see this - but I'd like to be able to tell which script it was that made the connection - as this host runs about a dozen scripts per day all with repeating schedules every few hours (in one case, every 5 minutes...which is how I came across this enhancement request because it appears to not running anymore lol)
  13. For now, impersonate their account to resolve the problem, then slap them with a tuna when they are off holidays. Nice idea though!
  14. Agreed, it’s something I’ve requested before. The ability to manually link passwords to a host would be good as well. Currently we just use a free text field to add “tags” (server name, application etc) into to assist in finding passwords by host.
×