Jump to content

Search the Community

Showing results for tags 'Powershell'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
    • 3rd Party Hardware/Software Knowledge Forum
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 7.x
    • General Support
    • Known Issues

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Google Plus Account







Found 8 results

  1. If you need to import all of your data from KeePass into Passwordstate, this is the preferred process due to the below Powershell script keeping the correct format of your KeePass database. We'd like to thank one of our customers Fabian Näf from Switzerland for writing this script for us. He did a great job and it's helped out many of our customers. This import process will create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass structure beneath this. For customers not familiar with Passwordstate, the equivalent of a "Group" in KeePass is a "Password List" in Passwordstate. We also have the concept of "Folders" which allow you to logically group Password Lists together. If you follow the process below, it should create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass group structure beneath this. Process Start: In Passwordstate, identify and note down your System Wide API key from Administration-> System Settings -> API and you will find it under “Anonymous API Settings & Key”. Ensure you save this page after you generate the new key. Create a Password List Template under the Passwords Menu -> Password List Templates. On this template please set the following options and then save the template: Disable the option to prevent the saving of password records if they are found to be a “Bad Password” (screenshot 1 below) Uncheck the option so the Password field is not required, and enable the URL field (screenshot 2 below) Identify and note down the TemplateID by toggling the column visibility (screenshot 3 below) In KeePass, open your database and export the contents to a XML file. This can be executed from File -> Export -> KeePass XML (2.x) Download the script from: https://www.clickstudios.com.au/downloads/import-keepass-xml.zip Extract this zip file and open with Powershell ISE or the straight Powershell shell, if you prefer You will be prompted to answer 5 pieces of information: The username of an existing Passwordstate user you wish to give Admin rights to all Passwords imported during this process. Generally you would just enter your own Passwordstate UserID here as you can modify permissions later and and example format for this is halox\lsand Your Passwordstate URL Your System Wide API key The FolderID you wish to create your KeePass structure under. Enter '0' to create this in the root of Passwords Home, otherwise find the Folder ID of any Folder you like and use this when running the script Your PasswordList Template ID It will ask you to browse to your Exported XML file That’s it, the script will now run through and automatically read all of the information out of the XML file, and import it into Passwordstate. From here, there are a few other things you might want to consider doing after the script has run successfully: You may want to rearrange your folder structure. Ie possibly you might want to create some new folders for each of your teams, and then drag and drop existing Password Lists/Folders inside of them Once you are happy with your Folder structure, you should start applying permissions to either Password Lists or Folders using the following video as a guide: https://www.youtube.com/watch?v=QBJE_xD185U Best practices are to use Security Groups to apply permissions, instead of individual users, if possible Screenshot 1: Screenshot 2: Screenshot 3: Regards, Support
  2. Hi again. As you have seen in today's other thread, I'm working on getting the password resetting for Windows to work without using local admin privileges. Whilst doing so, I've stumbled upon an error in the Windows local account password reset script "Set-WindowsPassword.ps1". I'm working with build 8180. After reducing the Powershell code to its bare essentials and running it on one of my test boxen, I've found that the relevant ScriptBlock contains a Write-Output that it really shouldn't, or that the test is written badly. Its current state leads to false positives. REPRODUCTION: Expire a local admin account's password on a Windows box. A few minutes later, the reset status lights up green as does the heartbeat. However, running another heartbeat attempt sets the HB status to red. Upon closer inspection I also find that the password has NOT been changed. No errors are reported by the reset script, which is recorded as successful in the audit log. DEBUGGING: I've reduced the relevant Powershell code to the bare minimum. I'm running it in Powershell ISE on the target host, with the privileged user account. Running things manually clearly shows an "access denied" message which is not getting caught by the test. EXAMPLE CODE: $HostName = "myhost" $TargetUser = "administrator" $NewPassword = "supersecrettotallynotit-1234" function ScriptBlock () { $account = [ADSI]"WinNT://$HostName/$TargetUser,user" $account.psbase.invoke("SetPassword", $NewPassword) $account.psbase.CommitChanges() Write-Output "Success" # THIS IS YOUR SMOKING GUN } $resultsarray = scriptblock 2>&1 if ($resultsarray -eq "Success") { Write-Output "Success" } else { Write-Output "Failboat" } PROOF: Run the code above ultimately leads to the output "Success", even if the psbase commands fail. In my case, I'm given an "access denied". Taking out the Write-Output from the function makes it exit with "Failboat". Now, if I swap the final IF-THEN-ELSE test with the actual code from the original PS1 (which includes the Switch statement for various error messages), then we see the same pattern. Making ScriptBlock output "Success" always leads to an exit of the script with "Success". Taking out that Write-Output line however, will correctly display the "access denied" error message. FIX: You'll need some error handling in your codeblock, to verify if there's any failures on the remote end and to indicate at which step. function ScriptBlock () { $account = [ADSI]"WinNT://$HostName/$TargetUser,user" $account.psbase.invoke("SetPassword", $NewPassword) if ($?) { $account.psbase.CommitChanges() if ($?) { Write-Output "Success" } else { Write-Output "Failure on commit"} } else { Write-Output "Failure on invoke" } }
  3. Hi just wanted to share my powershell script for importing passwords from Passwordmanager XP. We have a lot of passwords so we wanted to create different password lists depending on the folder structure in Passwordmanager XP. Make sure the first line is mapping the values to this line, you can change the Notes to Description if you prefer that. Title;Username;Account;URL;Password;Modified;Created;Expire on;Notes;Modified by But the only values we import is actually Title;UserName;Password;Description;URL;Notes they don't need to be in any particular order. Enjoy... # Powershell script to import passwords from Passwordmanager XP # Written By Ulf in 2017-11-27 # # I take no responsibility for what you do with this script. Use at your own risk! but it worked for me ;-) $FolderID = "xxxx" # FolderID of the folder that we will use for our imported data $PasswordlistTemplate = "xxxx" # PasswordList ID for a Normal password list we will copy all settings and permissions from $APIKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # your APIKey needs to be the global key. $Passwordlisttrigger = "\[" # Trigger to know if this is a new Section in the list and this will generate a new passwordlist to put passwords in $filetoimport = "C:\temp\Old Passwd to import.txt" # Path to the file that you want to import $Logtofile = "c:\temp\passwordstate-importlog.txt" # Logfile you want to create and log to $yourserverURL = "servername.local" # The server who is hosting the Passwordstate API try { $Imported = Import-Csv -Delimiter (";") -Path $filetoimport # <-------------- Modify your Delimiter if this is different } catch { "Error Can't find file $filetoimport" > $Logtofile Break } $PasswordListID = $null "Starting Bulk import of $($Imported.count) objects" > $Logtofile foreach($i in $Imported) { if($($i.Title) -Match $Passwordlisttrigger ) #This means it shuld be a new passwordlist { $PasswordlistName = $i.Title.trim('[]') $PasswordlistName = $PasswordlistName.replace('\',' ') "Search for Passwordlist $PasswordlistName" >> $Logtofile $Testpasswordlist = $null try { $Testpasswordlist = Invoke-Restmethod -Method Get -Uri "https://$yourserverURL/api/searchpasswordlists/?PasswordList=$PasswordlistName" -Header @{ "APIKey" = "$APIKey" } } Catch { "Can't find $PasswordlistName in the database" >> $Logtofile } $PasswordList = $Testpasswordlist | Where-Object -property PasswordList -eq $PasswordlistName #if we found more than one passwordlist choose the right one if ( $PasswordList.PasswordList -eq $PasswordlistName ) #If there is a passwordlist already { "Searched for Passwordlist $PasswordlistName and found Passwordlist $($PasswordList.PasswordList) with ID $($PasswordList.PasswordListID) " >> $Logtofile $PasswordListID = $PasswordList.PasswordListID } else { "Create Passwordlist $PasswordlistName" >> $Logtofile $PSData = @{ PasswordList=$PasswordlistName Description=$PasswordlistName CopySettingsFromPasswordListID=$PasswordlistTemplate CopyPermissionsFromPasswordListID=$PasswordlistTemplate NestUnderFolderID=$FolderID APIKey=$APIKey } $jsonData = $PSData | ConvertTo-Json $PasswordstateUrl = "https://$yourserverURL/api/passwordlists" try { $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body ([System.Text.Encoding]::UTF8.GetBytes($jsonData)) } catch { # Dig into the exception to get the Response details. # Note that value__ is not a typo. "StatusCode: $($_.Exception.Response.StatusCode.value__) " >> $Logtofile "StatusDescription: $($_.Exception.Response.StatusDescription) " >> $Logtofile $jsonData >> $Logtofile $result >> $Logtofile $_ >> $Logtofile } $PasswordListID = $result.PasswordListID "Passwordlist $PasswordlistName Created Successfully with ID $PasswordListID" >> $Logtofile } } else { "$($i.Title) is a Password so create new password record" >> $Logtofile #JSON data for the object $PSData = @{ PasswordListID=$PasswordListID Title=$($i.Title) UserName=$($i.UserName) Password=$($i.Password) Description=$($i.Description) URL=$($i.URL) Notes=$($i.Notes) APIKey=$APIKey } $jsondata = $PSData | ConvertTo-Json $PasswordstateUrl = "https://$yourserverURL/api/passwords" try { $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body ([System.Text.Encoding]::UTF8.GetBytes($jsonData)) } catch { # Dig into the exception to get the Response details. # Note that value__ is not a typo. "StatusCode: $($_.Exception.Response.StatusCode.value__) " >> $Logtofile "StatusDescription: $($_.Exception.Response.StatusDescription) " >> $Logtofile $jsonData >> $Logtofile $_ >> $Logtofile } } }
  4. This post describes how to set up an Active Directory account in Passwordstate, configured for Automatic Resets: Powershell Script: $PasswordstateAPIURL = "https://fabrikam.com/api/passwords" $jsonString = ' { "PasswordListID":"9914", "Title":"SCCM Service Account", "Username":"sccm_admin", "GeneratePassword":"False", "Password":"Welcome01", "APIKey":"63fca2537db89e4fb329546d7e83cab6", "ValidatewithPrivAccount":"False", "AllowExport":"True", "PasswordResetEnabled":"True", "EnablePasswordResetSchedule":"True", "PasswordResetSchedule":"23:00", "AccountTypeID":"82", "ADDomainNetBIOS":"fabrikam", "PrivilegedAccountID":"2", "HeartbeatEnabled":"True", "ValidationScriptID":"9", "HeartbeatSchedule":"10:00" } ' Invoke-Restmethod -Method POST -Uri $PasswordstateAPIURL -ContentType "application/json" -Body $jsonString Pre-Requisites to get this script working: An API key needs to be set on a Password List. This can be achieved when adding or editing a Password List: You'll need to find the PasswordListID value, by toggling the Visibility of the Web API IDs: Next you'll need to find the AccountTypeID for Active Directory under Administration -> Images and Account Types: Next find the Validation ScriptID for Active Directory Accounts under Administration -> Powershell Scripts -> Password Validation: And the ID of your Privileged account, which has permissions in AD to reset Accounts: If you insert these values into your script, along with any other string values like the Title or username, it will add a record in to the system as expected.
  5. Purpose: Updates to the Chrome browser in the first half of 2017 has generated security warnings, if using the Self Signed certificate supplied with your original install of Passwordstate. This process generates and binds a new Self-Signed certificate that overcomes these new security warnings. Prerequisites: - Windows 8.1 or higher, Server 2012 or higher - Powershell 4.0 must be installed on your web server, preferably Powershell 5.0. To check which version you are running, open Powershell and type in $host. If you need to upgrade Powershell, you can do so via these links: Powershell 4.0 - https://www.microsoft.com/en-au/download/details.aspx?id=40855 Powershell 5.0 - https://www.microsoft.com/en-us/download/details.aspx?id=50395 Step 1: On your Passwordstate web server, download and extract the CreateCertificate.zip file from https://www.clickstudios.com.au/downloads/CreateCertificate.zip to a folder of your choice Step 2: On your Passwordstate web server, open Powershell ISE "as Administrator" and load the CreateCertificate.ps1 file you extracted in Step 1 Step 3: On lines 2 and 3 of the script, change the $PortNumber and $URL variables as appropriate. These values can be found in IIS on your web server. You should now be able to execute the script and then check your Passwordstate website is now functioning correctly. if you have any issues, please email Click Studios on support@clickstudios.com.au
  6. Hello all. We have recently been reviewing our PowerShell scripts and decided to come up with a function our support staff can use when they want/need a password to be retrieved from Passwordstate. Now the below assumes you have the appropriate IP/Subnets defined and an appropriate API key to retrieve records. This is nothing special, but thought it may help others who are unaware the ease of retrieving records via Passwordstate. This requires PowerShell v3 to leverage 'Invoke-RestMethod' cmdlet. function Get-Password { <# Requires PowerShell v3 for Invoke-RestMethod support Retrieves password record from Passwordstate #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] $Id, [Parameter(Mandatory = $true, Position = 1)] $APIKey ) Invoke-RestMethod -Uri https://pstate.domain.org/api/passwords/$($Id)?apikey=$($APIKey) -Method Get } You can then retrieve a record in this manner: $ID = "1234" $APIKey = "12345678900987654321" $Creds = Get-Password -Id $ID -APIKey $APIKey Once you have retrieved the record, you can convert it to a PowerShell credential object for later use: $User = $Creds.Username $Pswd = ConvertTo-SecureString -String $Creds.Password -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($User, $Pswd) At this point you can specify the $Credential for cmdlets that support it and no longer store credentials in plain text (or even via "secure string"): Get-Service -ComputerName SRV01 -Name "BITS" -Credential $Credential
  7. Hi, I've been working with passwordstate and powershell to create an automated password management script. I've so far been able to create, retrieve, and delete passwords from our server, but am unable to update an existing password. I've been using the following code: $JSONSTRING = @{ "PasswordID"=$PWD_ID "PasswordListID"=$PWD_LIST_ID "GenericField2"="Active" } Invoke-Restmethod -Uri "$PASSWORDSTATE_SERVER/api/passwords" -Method PUT -ContentType "application/json" -Header @{"APIKey"=$APIKEY} -Body $JSONSTRING This syntax works for all the other password methods, but for this method gives me the following error: "Invalid API call - No compatible API route found, "Please check for valid request URLS, parameters, and http verbs." To my knowledge, this code should work, as I'm following the tutorial set in the passwordstate api documentation, and again it works for other methods. Does anyone see something I'm missing? Thanks!
  8. Hi, I'm wondering if the get-resources.ps1 discovery script is run from the database or from the c:\inetpup\passwordstate\setup\scripts folder. Reason I ask is because I want to change it by adding IncludePortInSPN parameter to the script, like this: $PSSessionOption = New-PSSessionOption -OpenTimeOut 3000 -IncludePortInSPN Only reason is because some applications need to have spn for http and when a remote powershell session is trying to open a connection to those computer it fails because the SPN points to port 80 for http instead of 5985. I've verified this by registering spn for those computers with this: SetSPN.exe -s HTTP/$($env:COMPUTERNAME):5985 $env:COMPUTERNAME SetSPN.exe -s HTTP/$($env:COMPUTERNAME).$($env:USERDNSDOMAIN):5985 $env:COMPUTERNAME And then running the script manually. So how can I change the discovery script do this by default, or is it enough for me to change the script in the folder?
  • Create New...