Jump to content

Search the Community

Showing results for tags 'powershell'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Essentials
    • Announcements
  • Passwordstate 8.x
    • General Support
    • Feature Requests
    • Feature Requests - Completed
    • Known Issues
    • Installing Passwordstate
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • Mobile Client
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 7.x
    • General Support
    • Known Issues

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Google Plus Account







Found 8 results

  1. If you need to import all of your data from KeePass into Passwordstate, this is the preferred process due to the below Powershell script keeping the correct format of your KeePass database. We'd like to thank one of our customers Fabian Näf from Switzerland for writing this script for us. He did a great job and it's helped out many of our customers. This import process will create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass structure beneath this. For customers not familiar with Passwordstate, the equivalent of a "Group" in KeePass is a "Password List" in Passwordstate. We also have the concept of "Folders" which allow you to logically group Password Lists together. If you follow the process below, it should create a Folder with the same name as the XML file you export from KeePass, and it will then replicate the KeePass group structure beneath this. Process Start: In Passwordstate, identify and note down your System Wide API key from Administration-> System Settings -> API and you will find it under “Anonymous API Settings & Key”. Ensure you save this page after you generate the new key. Create a Password List Template under the Passwords Menu -> Password List Templates. On this template please set the following options and then save the template: Disable the option to prevent the saving of password records if they are found to be a “Bad Password” (screenshot 1 below) Uncheck the option so the Password field is not required, and enable the URL field (screenshot 2 below) Identify and note down the TemplateID by toggling the column visibility (screenshot 3 below) In KeePass, open your database and export the contents to a XML file. This can be executed from File -> Export -> KeePass XML (2.x) Download the script from: https://www.clickstudios.com.au/downloads/import-keepass-xml.zip Extract this zip file and open with Powershell ISE or the straight Powershell shell, if you prefer You will be prompted to answer 5 pieces of information: The username of an existing Passwordstate user you wish to give Admin rights to all Passwords imported during this process. Generally you would just enter your own Passwordstate UserID here as you can modify permissions later and and example format for this is halox\lsand Your Passwordstate URL Your System Wide API key The FolderID you wish to create your KeePass structure under. Enter '0' to create this in the root of Passwords Home, otherwise find the Folder ID of any Folder you like and use this when running the script Your PasswordList Template ID It will ask you to browse to your Exported XML file That’s it, the script will now run through and automatically read all of the information out of the XML file, and import it into Passwordstate. From here, there are a few other things you might want to consider doing after the script has run successfully: You may want to rearrange your folder structure. Ie possibly you might want to create some new folders for each of your teams, and then drag and drop existing Password Lists/Folders inside of them Once you are happy with your Folder structure, you should start applying permissions to either Password Lists or Folders using the following video as a guide: https://www.youtube.com/watch?v=QBJE_xD185U Best practices are to use Security Groups to apply permissions, instead of individual users, if possible Screenshot 1: Screenshot 2: Screenshot 3: Regards, Support
  2. 3 Questions 1. Is it possible to setup PasswordState DB connection in Windows Authentication mode only? If not, why not? 2. Is it possible to script the first steps? (Welcome to Setup Complete) 3. Install on to a SQL Always On Group (SQL Express), is this supported? Edit: Added a question
  3. Hello, I am unable to create password lists using passwordlists resource via webapi. I am using Powershell: $jsonData = ' { "PasswordList":"TEST LIST", "Description":"TEST" } ' $PasswordstateUrl = 'https://*passwordstate url*/winapi/passwordlists' $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials $PasswordListID = $result.PasswordListID Obviously I am replacing *passwordstate url* with the correct URL for my environment. Here is the exception I am getting: Invoke-Restmethod : [{"errors":[{"message":"Invalid API Call"},{"phrase":"Error = Object reference not set to an instance of an object."}]}] At line:2 char:15 + ... $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -Co ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand Outputting $error[0].Exception yields: The remote server returned an error: (500) Internal Server Error. My Passwordstate Build is 8501.
  4. Hi again. As you have seen in today's other thread, I'm working on getting the password resetting for Windows to work without using local admin privileges. Whilst doing so, I've stumbled upon an error in the Windows local account password reset script "Set-WindowsPassword.ps1". I'm working with build 8180. After reducing the Powershell code to its bare essentials and running it on one of my test boxen, I've found that the relevant ScriptBlock contains a Write-Output that it really shouldn't, or that the test is written badly. Its current state leads to false positives. REPRODUCTION: Expire a local admin account's password on a Windows box. A few minutes later, the reset status lights up green as does the heartbeat. However, running another heartbeat attempt sets the HB status to red. Upon closer inspection I also find that the password has NOT been changed. No errors are reported by the reset script, which is recorded as successful in the audit log. DEBUGGING: I've reduced the relevant Powershell code to the bare minimum. I'm running it in Powershell ISE on the target host, with the privileged user account. Running things manually clearly shows an "access denied" message which is not getting caught by the test. EXAMPLE CODE: $HostName = "myhost" $TargetUser = "administrator" $NewPassword = "supersecrettotallynotit-1234" function ScriptBlock () { $account = [ADSI]"WinNT://$HostName/$TargetUser,user" $account.psbase.invoke("SetPassword", $NewPassword) $account.psbase.CommitChanges() Write-Output "Success" # THIS IS YOUR SMOKING GUN } $resultsarray = scriptblock 2>&1 if ($resultsarray -eq "Success") { Write-Output "Success" } else { Write-Output "Failboat" } PROOF: Run the code above ultimately leads to the output "Success", even if the psbase commands fail. In my case, I'm given an "access denied". Taking out the Write-Output from the function makes it exit with "Failboat". Now, if I swap the final IF-THEN-ELSE test with the actual code from the original PS1 (which includes the Switch statement for various error messages), then we see the same pattern. Making ScriptBlock output "Success" always leads to an exit of the script with "Success". Taking out that Write-Output line however, will correctly display the "access denied" error message. FIX: You'll need some error handling in your codeblock, to verify if there's any failures on the remote end and to indicate at which step. function ScriptBlock () { $account = [ADSI]"WinNT://$HostName/$TargetUser,user" $account.psbase.invoke("SetPassword", $NewPassword) if ($?) { $account.psbase.CommitChanges() if ($?) { Write-Output "Success" } else { Write-Output "Failure on commit"} } else { Write-Output "Failure on invoke" } }
  5. Hi just wanted to share my powershell script for importing passwords from Passwordmanager XP. We have a lot of passwords so we wanted to create different password lists depending on the folder structure in Passwordmanager XP. Make sure the first line is mapping the values to this line, you can change the Notes to Description if you prefer that. Title;Username;Account;URL;Password;Modified;Created;Expire on;Notes;Modified by But the only values we import is actually Title;UserName;Password;Description;URL;Notes they don't need to be in any particular order. Enjoy... # Powershell script to import passwords from Passwordmanager XP # Written By Ulf in 2017-11-27 # # I take no responsibility for what you do with this script. Use at your own risk! but it worked for me ;-) $FolderID = "xxxx" # FolderID of the folder that we will use for our imported data $PasswordlistTemplate = "xxxx" # PasswordList ID for a Normal password list we will copy all settings and permissions from $APIKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # your APIKey needs to be the global key. $Passwordlisttrigger = "\[" # Trigger to know if this is a new Section in the list and this will generate a new passwordlist to put passwords in $filetoimport = "C:\temp\Old Passwd to import.txt" # Path to the file that you want to import $Logtofile = "c:\temp\passwordstate-importlog.txt" # Logfile you want to create and log to $yourserverURL = "servername.local" # The server who is hosting the Passwordstate API try { $Imported = Import-Csv -Delimiter (";") -Path $filetoimport # <-------------- Modify your Delimiter if this is different } catch { "Error Can't find file $filetoimport" > $Logtofile Break } $PasswordListID = $null "Starting Bulk import of $($Imported.count) objects" > $Logtofile foreach($i in $Imported) { if($($i.Title) -Match $Passwordlisttrigger ) #This means it shuld be a new passwordlist { $PasswordlistName = $i.Title.trim('[]') $PasswordlistName = $PasswordlistName.replace('\',' ') "Search for Passwordlist $PasswordlistName" >> $Logtofile $Testpasswordlist = $null try { $Testpasswordlist = Invoke-Restmethod -Method Get -Uri "https://$yourserverURL/api/searchpasswordlists/?PasswordList=$PasswordlistName" -Header @{ "APIKey" = "$APIKey" } } Catch { "Can't find $PasswordlistName in the database" >> $Logtofile } $PasswordList = $Testpasswordlist | Where-Object -property PasswordList -eq $PasswordlistName #if we found more than one passwordlist choose the right one if ( $PasswordList.PasswordList -eq $PasswordlistName ) #If there is a passwordlist already { "Searched for Passwordlist $PasswordlistName and found Passwordlist $($PasswordList.PasswordList) with ID $($PasswordList.PasswordListID) " >> $Logtofile $PasswordListID = $PasswordList.PasswordListID } else { "Create Passwordlist $PasswordlistName" >> $Logtofile $PSData = @{ PasswordList=$PasswordlistName Description=$PasswordlistName CopySettingsFromPasswordListID=$PasswordlistTemplate CopyPermissionsFromPasswordListID=$PasswordlistTemplate NestUnderFolderID=$FolderID APIKey=$APIKey } $jsonData = $PSData | ConvertTo-Json $PasswordstateUrl = "https://$yourserverURL/api/passwordlists" try { $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body ([System.Text.Encoding]::UTF8.GetBytes($jsonData)) } catch { # Dig into the exception to get the Response details. # Note that value__ is not a typo. "StatusCode: $($_.Exception.Response.StatusCode.value__) " >> $Logtofile "StatusDescription: $($_.Exception.Response.StatusDescription) " >> $Logtofile $jsonData >> $Logtofile $result >> $Logtofile $_ >> $Logtofile } $PasswordListID = $result.PasswordListID "Passwordlist $PasswordlistName Created Successfully with ID $PasswordListID" >> $Logtofile } } else { "$($i.Title) is a Password so create new password record" >> $Logtofile #JSON data for the object $PSData = @{ PasswordListID=$PasswordListID Title=$($i.Title) UserName=$($i.UserName) Password=$($i.Password) Description=$($i.Description) URL=$($i.URL) Notes=$($i.Notes) APIKey=$APIKey } $jsondata = $PSData | ConvertTo-Json $PasswordstateUrl = "https://$yourserverURL/api/passwords" try { $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body ([System.Text.Encoding]::UTF8.GetBytes($jsonData)) } catch { # Dig into the exception to get the Response details. # Note that value__ is not a typo. "StatusCode: $($_.Exception.Response.StatusCode.value__) " >> $Logtofile "StatusDescription: $($_.Exception.Response.StatusDescription) " >> $Logtofile $jsonData >> $Logtofile $_ >> $Logtofile } } }
  6. This post describes how to set up an Active Directory account in Passwordstate, configured for Automatic Resets: Powershell Script: $PasswordstateAPIURL = "https://fabrikam.com/api/passwords" $jsonString = ' { "PasswordListID":"9914", "Title":"SCCM Service Account", "Username":"sccm_admin", "GeneratePassword":"False", "Password":"Welcome01", "APIKey":"63fca2537db89e4fb329546d7e83cab6", "ValidatewithPrivAccount":"False", "AllowExport":"True", "PasswordResetEnabled":"True", "EnablePasswordResetSchedule":"True", "PasswordResetSchedule":"23:00", "AccountTypeID":"82", "ADDomainNetBIOS":"fabrikam", "PrivilegedAccountID":"2", "HeartbeatEnabled":"True", "ValidationScriptID":"9", "HeartbeatSchedule":"10:00" } ' Invoke-Restmethod -Method POST -Uri $PasswordstateAPIURL -ContentType "application/json" -Body $jsonString Pre-Requisites to get this script working: An API key needs to be set on a Password List. This can be achieved when adding or editing a Password List: You'll need to find the PasswordListID value, by toggling the Visibility of the Web API IDs: Next you'll need to find the AccountTypeID for Active Directory under Administration -> Images and Account Types: Next find the Validation ScriptID for Active Directory Accounts under Administration -> Powershell Scripts -> Password Validation: And the ID of your Privileged account, which has permissions in AD to reset Accounts: If you insert these values into your script, along with any other string values like the Title or username, it will add a record in to the system as expected.
  7. Hello all. We have recently been reviewing our PowerShell scripts and decided to come up with a function our support staff can use when they want/need a password to be retrieved from Passwordstate. Now the below assumes you have the appropriate IP/Subnets defined and an appropriate API key to retrieve records. This is nothing special, but thought it may help others who are unaware the ease of retrieving records via Passwordstate. This requires PowerShell v3 to leverage 'Invoke-RestMethod' cmdlet. function Get-Password { <# Requires PowerShell v3 for Invoke-RestMethod support Retrieves password record from Passwordstate #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] $Id, [Parameter(Mandatory = $true, Position = 1)] $APIKey ) Invoke-RestMethod -Uri https://pstate.domain.org/api/passwords/$($Id)?apikey=$($APIKey) -Method Get } You can then retrieve a record in this manner: $ID = "1234" $APIKey = "12345678900987654321" $Creds = Get-Password -Id $ID -APIKey $APIKey Once you have retrieved the record, you can convert it to a PowerShell credential object for later use: $User = $Creds.Username $Pswd = ConvertTo-SecureString -String $Creds.Password -AsPlainText -Force $Credential = New-Object System.Management.Automation.PSCredential ($User, $Pswd) At this point you can specify the $Credential for cmdlets that support it and no longer store credentials in plain text (or even via "secure string"): Get-Service -ComputerName SRV01 -Name "BITS" -Credential $Credential
  8. Hi, I've been working with passwordstate and powershell to create an automated password management script. I've so far been able to create, retrieve, and delete passwords from our server, but am unable to update an existing password. I've been using the following code: $JSONSTRING = @{ "PasswordID"=$PWD_ID "PasswordListID"=$PWD_LIST_ID "GenericField2"="Active" } Invoke-Restmethod -Uri "$PASSWORDSTATE_SERVER/api/passwords" -Method PUT -ContentType "application/json" -Header @{"APIKey"=$APIKEY} -Body $JSONSTRING This syntax works for all the other password methods, but for this method gives me the following error: "Invalid API call - No compatible API route found, "Please check for valid request URLS, parameters, and http verbs." To my knowledge, this code should work, as I'm following the tutorial set in the passwordstate api documentation, and again it works for other methods. Does anyone see something I'm missing? Thanks!