Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Reputation Activity

  1. Like
    Buckit got a reaction from support in Feature request: OpenAPI documentation for the API   
    I'd love to pitch in and help figure this stuff out, but right now my workload's a bit too much. Studying for my next exam, which is where I learned about Swagger and OpenAPI
  2. Like
    Buckit reacted to support in Feature request: OpenAPI documentation for the API   
    Thanks Buckit - looks like we've also got a lot more learning to do
  3. Like
    Buckit reacted to support in LDAP over SSL   
    Hi Everyone,
    We've released Build 8256 today, which now supports LDAP over SSL (LDAPS) for communicating with Active Directory. This can be enabled/disabled per domain, on the screen Administration -> Active Directory Domains.

    Click Studios
  4. Like
    Buckit reacted to support in Feature request: buffering of syslog output   
    Hello All,
    We've released Build 8256 today, which allows you to now specify TCP for sending Auditing data to Syslog servers. This can be enabled on the screen Administration -> System Settings -> Proxy & Syslog Servers.

    Click Studios
  5. Like
    Buckit reacted to support in Feature request: buffering of syslog output   
    It shouldn't be too hard hopefully. We might need to put in an option for this, as possibly some customers are using Syslog servers which doesn't support TCP.
    Click Studios
  6. Like
    Buckit reacted to Barbara in Error during upgrade   
    To be more specific the application is Solarwinds Orion.  We use it to monitor the service and when it stops Orion will restart it. To resolve it we disabled the monitor and did a manual install of the upgrade which worked great.  Thank you.  
  7. Like
    Buckit reacted to support in Copy / Move multiple passwords from one list to another   
    Hi Achim,
    We already have a feature for this, and you can find it on the screen Administration -> Password Lists, and then from the 'Perform Bulk Processing' dropdown list you can select 'Bulk Copy/Move Passwords'.

    Click Studios
  8. Haha
    Buckit reacted to support in Bug report: Linux password reset script   
    Thanks Buckit
    And Sarge and us are from Australia, so I can guarantee you that we have more "colorful analogies' than you do
  9. Like
    Buckit reacted to support in Feature request: security groups by MemberOf   
    Hi Guys,
    If needed, we can always assist in recovering your password for the Emergency Access login account as well - even if everyone in your organisation has forgotten it. Obviously we cannot do this without your help, but the option is there.

    Click Studios
  10. Like
    Buckit reacted to Azkabahn in Feature request: database content protection   
    I will jump ahead and drop this one 
    I have been looking around into this topic for some time already. In our organization, we use ELK stack to a quite a significant extent. I do have a free version of Splunk, but I haven't tried to point the logs there. The problem of using syslog protocol is that the data is not structured therefore difficult to write filters for it. Best option, for now, is to use something like that https://qbox.io/blog/migrating-mysql-data-into-elasticsearch-using-logstash
  11. Like
    Buckit reacted to support in Change Screen Options for all users   
    Hi Damian,
    Unfortunately most of these customisation are per user, and we have no way currently of changing them globally.
    For item 3 and 4, we might be able to make a change to make this work in your scenario, but we'd need to do some testing and get back to you - basically we may need to somehow change the sort order for UAP's returned for a user, so that one can take precedence over the other.
    We'll let you know if we can successfully make a change for this.

    Click Studios
  12. Like
    Buckit reacted to support in Feature request: HSM support   
    Hi Buckit,
    Yes, we do plan on HSM support at some stage - just working though many feature requests at them moment.
    We also have other protections in place to mitigate against what you've suggested, and we generally don't recommend keeping an export of your encryption keys. As long as you have a backup of your Passwordstate folder, and database, this is all you need to recover. And you can encrypt the web.config file settings, have your database on a different server, and then you would need two elevated breaches to get access. And there is also other controls in place as well.

    Click Studios
  13. Like
    Buckit reacted to Azkabahn in More verbose access log   
    What Buckit is saying is very true as well in some cases. This kind of logging would make life a bit easier for security admins to do an investigation. In some cases, the users complain that something is wrong after quite some time and it's really difficult to trace back and figure it out what has been changed. The only option is to restore the backup to test instance and do the comparison :)
  14. Like
    Buckit reacted to support in Backup account: use a managed account   
    Hi Guys,
    Just letting you know that we've released Build 8204 today which includes this feature request - thanks for the suggestion

    Click Studios
  15. Like
    Buckit reacted to Azkabahn in More verbose access log   
    we have faced with some troubles trying to understand what exact changes were made in the password list properties. Would it be possible to get a bit verbose output of what has changed in the properties of password list? As an example:
    if users updates IP whitelisting it would be great that this would be indicated If the user has renamed the list the line could include something like "password list X renamed to Y". If user enabled/disabled some of the options in the password list properties that would be good to know as well.  
    All of this info can be retrieved from the user, but it takes time to question the user and sometimes they don't even remember what changes they have done
  16. Like
    Buckit reacted to support in Temporary access   
    Hi Kinglsulgard,
    Thanks for your interest in our software and we do have a couple of options that you can try to resolve this problem:
    First solution:
    I don't think this is what you are after but we have a feature called remote session launcher.  This allows you to remote into machines on your network without the need to enter a username and password.  You could give your contractors access to this feature, and they do not even need to know the password.  This means they will connect to the machine using a username and password that you have pre-configured, and they can then perform their work.  As long as they don't need to know the password to do their work, this might be a good option for you.  
    Here's how to set up the Remote Session Launcher:  https://www.clickstudios.com.au/community/index.php?/topic/2110-how-to-set-up-the-remote-session-launcher-passwordstate-8/
    Here's how to use the remote session launcher without even knowing the password:  https://www.clickstudios.com.au/community/index.php?/topic/2112-remote-sessions-without-access-to-password-credentials/
    Second Solution:
    Give the user Time Based access to the individual password, and force the password to be changed once that access runs out. To do this, go to the permissions on the password from the Actions Menu:

    And then choose the user to grant access to on the access permissions tab, and then on the time based access tab do something like this:

    If you take this one staep further, and set up the account for automatic password resets, passwordstate will also reset the password on the remote system.  An example of this is if you are giving your contractor access to a privileged Active Directory Account, when their time based access runs out, it will reset the password in Passwordstate, and also it will reset it in Active Directory, keeping them in Sync.  Please see this forum on how to set up automatic password resets for remote systems, and the Active Directory link is down the bottom:  https://www.clickstudios.com.au/community/index.php?/forum/31-password-resets/
    Third Solution:
    This may also be suitable for you, our Password Check Out/Check In feature:  https://www.clickstudios.com.au/community/index.php?/topic/1687-using-the-password-check-out-feature/&tab=comments#comment-3368
    Hope this helps!
  17. Like
    Buckit reacted to support in Backup account: use a managed account   
    Hello HA4g3n,
    We cannot really use a gMSA account here, because we need to 'Impersonate' the account in code when performing backups and upgrades, and when impersonating you need to specify the password for the account - which is not possible for gMSA accounts.

    We did finish this feature request yesterday, and it will be available in the next release.

    Click Studios
  18. Like
    Buckit reacted to support in Backup account: use a managed account   
    Hi Buckit,
    Yep good point and we'll take a look at how we can link the account on this screen, to another account in a password record so it can be managed.  The tracking ID is PS-2344 and we'll report back here when we include it in a future build.
    Thanks for the suggestion,
  19. Like
    Buckit got a reaction from Haagen IT Partner in Backup account: use a managed account   
    Hi again,
    Poking around the Administration-section of the web interface I decided to set up automated backups for Passwordstate. I was quite surprised to find that we need to hard-code the password for the backup account. I mean, the whole point of Passwordstate is to have managed accounts
    Could you possibly update the automated backups in such a way that they can use a known username+password object from the Passwordstate database? That way, if the password gets changed, we won't have to manually edit the backup settings.

  20. Like
    Buckit reacted to support in Windows privileged user: least privileges needed   
    Yes, that's correct - admin rights on the server.
    Click Studios
  21. Like
    Buckit reacted to support in Line up "disable" options in "System Settings"   
    Oh I see - we'll at at least that's an easy fix
  • Create New...