Search the Community
Showing results for tags 'workgroup'.
Found 2 results
If you have your Passwordstate web server installed on a non-domain machine, or if you are using our Password Reset Portal module, it is possible the LDAPS connections are getting blocked. To help troubleshoot the connection status, Microsoft provide a tool. To use this tool, please download first from https://www.microsoft.com/en-us/download/details.aspx?id=15326 On your web server, install this tool you downloaded from the above link and the run the ldp.exe file as per below screenshot - Change the port to be 636, enter your primary domain controller and tick the SSL option: If you get a successful connection, it will show a message similar to my screenshot below. Otherwise it may give you some information as to why the error is occuring: Another test you can do is a Powershell port test from your web server to your domain controller (substitute in your domain controller name) test-netconnection domaincontroller.halox.net -port 636 Or directory to your domain: test-netconnection halox.net -port 636 Last but not least, you may have to use our process to install your domain certificate on your Passwordstate web server. We have a process for this in the Password Reset Portal Installation Guide which can be found in Section 6 of this document: WIP We hope this helps Regards, Support
support posted a topic in Password ResetsThis forum post will describe how to set up a Password Record to automatically reset a Local Windows Admin account on a remote server that is in a Workgroup, and not joined to your domain. Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process) Step 2: Add new Password Record configured as follows Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account. If you configure an Expiry Date it will automatically change the password in Passwordstate and on the Host when that date is reached. Please note if you do not have functioning DNS to your Workgroup server, you may need to add it into the system as an IP Address instead. Please see this forum post on how to configure this: https://www.clickstudios.com.au/community/index.php?/topic/2127-adding-in-a-host-that-does-not-have-functioning-dns/ Screen 2: Ensure the "Reset Windows Password" script is selected under the Reset Options tab, and in this case you do not need to select a privileged Account. Instead when a password reset process is executed, it will connect to the machine using it's own credentials, and it will then perform the reset for itself. There are a couple of prerequisites to allow this to happen, which is mentioned at the bottom of this post: Screen 3: Ensure the "Validate Password for Windows Account" script is selected under the Heartbeat Options tab: Prerequisites for WorkGroup machines to allow for password resets and heartbeats: On your Passwordstate webserver, execute the following Powershell command to trust all hosts: Set-Item WSMAN:\localhost\Client\TrustedHosts -value * (It's possible to specify your workgroup server instead of the wildcard * if you prefer) Ensure you have enabled Powershell Remoting on the Workgroup machine. To do this open Powershell "As Administrator" and execute enable psremoting -force On the same Workgourp machine, you must enable remote connections to the server for your Administrator account. To do this, open Powershell "As Administrator" and execute the command below, which adds a registry key to your system. This is a Microsoft requirement and you can read more about it in this link: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-5.1 New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` -PropertyType DWord -Value 1