Jump to content

Sarge

Members
  • Posts

    196
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by Sarge

  1. +1 Would be great to have far more flexibility in Email Templates & Reports so that they can adhere to the organisations standard email template for things such as notifications, outages etc. Being able to use HTML in the templates so we can embed images.
  2. A couple of suggestions: 1) Require users to select a password list template Use case: Your organisation requires all Password Lists created to require "provide a reason" (or some other setting) additionally, you have multiple templates users can use because naturally, they aren't one size fits all. A UAP can enforce users to use one specific template for settings and one specific template for permissions; however this doesn't work when users have multiple templates to choose from. There is nothing to stop users from not selecting a template to use for settings/permissions - thus bypassing the organisations requirement of all password lists configured to "require a reason". Perhaps an additional UAP setting "Users must choose a template they have permission to when creating a Shared Password List" and "Users must choose a template when creating a Private Password List". Setting D3 should still work as expected with the above suggestion. 2) Categories for Password List Templates: When copying settings from a template, only allow users to select a template marked as "Private Password List Template". Currently users can select any template they have access to, to copy settings from (Shared or Private). Thus the drop down for template selection can be needlessly cluttered. Current best solution for this is making sure templates are named appropriately. 3) Additionally, an option to prevent users using self-destruct messages on Private Password Lists, and exporting their passwords.
  3. # PowerShell Request $PasswordstateUrl = 'https://passwordstate/api/passwords/<PasswordID>' Invoke-Restmethod -Method GET -Uri $PasswordstateUrl -Header @{ "APIKey" = "<apikey>" } By default this will return all data associated with the password record. You can do this instead to select only the password. $GetPassword = Invoke-Restmethod -Method GET -Uri $PasswordstateUrl -Header @{ "APIKey" = "<apikey>" } $Password = $GetPassword.Password.ToString()
  4. Hi Support, Thanks for implementing this feature. I've noticed a potential bug when testing it. I set the Web Site Allowed IP Ranges to *.*.*.* and hit save, the application stopped the entry from being saved as it should but an auditing event was still recorded for the attempted save. It would also be great in a future build if the previous value and new value can be captured in the auditing data.
  5. Limited use cases this one, but in some circumstances, there are requirements to have passwords synchronised across hosts for a specific user. We can achieve this through a custom script, but it'd be a lot easier if it was possible to associate multiple hosts with the same password item - so when it comes time for Password Resets & Validation the one password is used on multiple hosts/validated.
  6. Supporting this. Important feature to have in secure environments.
  7. Same for the Google Auth 2FA. The Microsoft Authenticator app supports push notifications, just needs to be implemented on Passwordstate end.
  8. No worries. I'm probably showing my ignorance but I'd have thought it'd be a kin to showing the difference of a database value for the system setting prior to change and then after the change; while prepending the users unique identifier.
  9. It would be nice to have an audit log for all additions or modifications made via the application administration section; including what setting was changed to what. Example: "User XX changed XX setting from XX to XX". "User XX added Active Directory security group XX from the domain XX" "User XX granted Active Directory security group XX modify rights to the template XX" In a multi-administrator environment being able to know these changes and revert them if required would be hugely beneficial; especially when many modifications are made but may not be captured in the work notes the user maintains.
  10. I'm not bothered by the banner, but it can certainly have its uses. However I'd like to see the ability to schedule Outage Notifications and schedule maintenance mode (both separately). This would make handling RFCs much easier.
  11. Possibly. But I wouldn't suggest it in a production environment yet. Powershell Core is GA on Linux and MacOS. https://blogs.msdn.microsoft.com/powershell/2018/01/10/powershell-core-6-0-generally-available-ga-and-supported/
  12. Technically no, web.config and the database contain half of the encryption keys - put the halves together and you can decrypt the content of the database. The ZIP contains everything in /inetpub/passwordstate The Bak, as you pointed out, is the database. So with these two things you have everything you need. We rotate then export our encryption keys every third upgrade and send them off site in a vault to be stored - but this isn't required. We also ship our passwordstate generated backups to a different physical server at a different site, as well as sending to tapes which get stored at an offsite vault. At anyone one time we have some 365 copies we can restore from (on tapes, one for each day), and then 30 copies on the passwordstate server we can restore from, as well as those same ones on the second physical server in the second site.
  13. Thanks guys. This helped me resolve the issue I had setting up a quick demo site for a collegue.
×
×
  • Create New...