Jump to content

Sarge

Members
  • Posts

    196
  • Joined

  • Last visited

  • Days Won

    8

Everything posted by Sarge

  1. +1 In our instance we have about 1000 passwords we'd like to reset on the same day. Currently you can only schedule X days or X months - which means over time 'drift' occurs. Being able to say reset on the 1st of every month, would stop the drift from occurring; along with an option to 'reset on the next scheduled reset' in the event of a failed reset. (IE: Rather than try again the following day, wait until the next schedule occurs).
  2. +1 For change control, we have to document everything within the administration tab. Currently we have a custom spreadsheet with screenshots of every setting (and their sub settings such as permissions applied to list templates!) massive time sink. A way to compile this information either by report or API calls or database queries would be amazing.
  3. +1 Need this. Also a way to manage host folders from administration tab.
  4. +1; but this probably makes more sense as both a password list template option and user account policy option.
  5. What we do is run the script as a service account (Passwordstate automatically updates the password every XX days); with the Sys Wide API key being a user environment variable in the service account context. the script sets and API variable to that of the environment variable. Doesn’t get captured in logging, doesn’t get committed to Git. no one knows the key except security administrator(s) with the required security role, no one can see the key without knowing the service account password.
  6. +1 We’re also encountering a situation where we need the API to return nested object IDs. folders to return password list ids password lists to return password ids With nested object IDs being returned we could then use loops to process those returned objects. Having to maintain a list of specific password IDs to target with a script is time consuming.
  7. Configure the API on the affected password list to return a blank value instead of the actual password. List Administrator Actions > Edit Password List Properties > API Key & Settings > (tick) Return blank Password value
  8. This may not be required. There is documentation (section 7) of the "Passwordstate_Upgrade_Instructions.pdf" which covers this already. Specifically, UPDATE SystemSettings SET MaintenanceModeUserID = ''
  9. There is a STIG requirement to reset KRBTGT password every 180 days: The password for the krbtgt account on a domain must be reset at least every 180 days. (stigviewer.com) It would be nice to be able to have Passwordstate handle this in the recommended manner; which is to reset the password twice with at least a 10 hour pause between each reset. AD Forest Recovery - Resetting the krbtgt password | Microsoft Learn We're currently doing this through a custom script and the API; but native support would be appreciated.
  10. List administrator actions. There is a checkbox to not allow passwords to be exported in password list properties. In the list administration actions drop down there is also an option to export.
  11. Someone else has requested custom reporting:
  12. You can already export all passwords and individual password lists as required. You can also mark password lists as not exportable.
  13. Just copy the whole web.config, and update connection strings as required. If you don't need production data why are you trying to migrate the database as well? Just install a new, clean instance?
  14. +1, however it needs to be optional. In our environment lockouts have to be handled manually.
  15. Folders per team Password list templates per team UAP per team AD Groups per team, applied to templates/UAPs Team leads are admins of lists Passwords that need to be shared across departments can have that teams AD group applied to the password list or the individual password item.
  16. It would be fantastic to be able to customise what fields are included in the reports that can be scheduled. For example a Password List used to store SSL certificates with a number of custom fields; currently the report only shows the title and expiry date as we don't use any of the other default fields - we'd love to be able to select which fields to show on the report (exclude empty fields and include custom fields). If they could be scheduled from the administration area as well rather than in a specific users context that would be great as well so all administrators can see/modify the reports easily. If the wording of the report email could be customised in the same manner other email templates are. Ability to allow users to run reports without giving them the reporting security administrator role. (We have separate accounts for security administrator roles).
  17. The above was caused by Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. (stigviewer.com) The IIS errors are a red herring in this case.
  18. These errors "It appears the user's session in IIS has been prematurely ended, causing the following error" also occur during the Out of Box setup wizard as you click "Next" to apply the "System Settings" if you've got the STIG for Windows Server 2019 applied. We're still trying to find exactly what setting within the STIG is causing the issue. @support is there any guidance you can provide of what is occurring after clicking Next on the System Settings setup wizard screen?
×
×
  • Create New...