support Posted August 1, 2016 Share Posted August 1, 2016 Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process) Step 2: Add new Password Record configured as follows: Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account. If you configure an Expiry Date it will automatically change the password in Passwordstate and on the Host when that date is reached. Screen 2: Ensure you select the appropriate Privileged Account and the Reset Windows Password reset script. Also confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs Screen 3: Confirm the Validate Password for Windows Account validation script is selected Link to comment Share on other sites More sharing options...
mhelmers Posted February 14, 2020 Share Posted February 14, 2020 What happens if a computer is removed from our domain and later added back with the same Hostname? Link to comment Share on other sites More sharing options...
support Posted February 15, 2020 Author Share Posted February 15, 2020 Hello, This should not affect Passwordstate at all - we do not record SIDs of the host objects or accounts. Regards Click Studios Link to comment Share on other sites More sharing options...
Juan Posted November 3, 2020 Share Posted November 3, 2020 Hi, we are currently evaluating using this to reset the Local Admin account password of our Windows laptops, versus using LAPS. I just have a few questions that I am hoping I could get some clarity on: What happens if a laptop is off the network for an extended period of time? (e.g. after the password reset time). This is very common in our environment, especially now with the amount of people that we have WFH. Does the reset script only run at the specified time? How often does it retry to reset a pwd? As per the previous question, we have a lot of users coming and going. In the screenshot above it looks like the password reset is being set for 1 host. Is there an easy way to do this for all of our hosts? (over 7000). Are there any drawbacks of using this instead of LAPS? Thanks! Link to comment Share on other sites More sharing options...
support Posted November 3, 2020 Author Share Posted November 3, 2020 Hello Juan, Thanks for your post, and please see answers below: What happens if a laptop is off the network for an extended period of time? (e.g. after the password reset time). This is very common in our environment, especially now with the amount of people that we have WFH. If a device is not contactable, the reset engine will reschedule the reset for the same time the following day. If the device is no longer trusted on the domain, due to being offline for a long period, then you will most likely get an error when trying to perform the next reset Does the reset script only run at the specified time? How often does it retry to reset a pwd? As per the previous question, we have a lot of users coming and going. Yes, it only runs at the specific time, and it will keep trying daily at the same time In the screenshot above it looks like the password reset is being set for 1 host. Is there an easy way to do this for all of our hosts? (over 7000). We recommend using our Discovery Jobs for this - found under the Tools Menu. Under the Hosts Menu, you can also create a Hist Discovery Job, which monitors AD and can automatically import your host records. Used in conjuction with each other, you do not need to manually create any records. If possible, it might pay to see if you can split the discovery job results between multiple Password Lists, and 7000 records in one List might slow down the UI a bit - it won't be too bad though if you have paging set for 10 records on the grid Are there any drawbacks of using this instead of LAPS? No that we are aware of. By default LAPS stores the passwords in unencrypted format in AD, so our solution is more secure as well. Regards Click Studios Link to comment Share on other sites More sharing options...
support Posted November 3, 2020 Author Share Posted November 3, 2020 Hello Juan, I also forgot to mention some improvements coming in V9 for discovery jobs and resets: Multi-threading for the discovery jobs - making the process a lot quicker And when accounts are discovered and added into a Password List, you can randomize the schedule for resets to be between two time-slots - so that you won't have all 7000 accounts trying to be reset at the same time We expect a beta of V9 available later this month, and official release during January next year. Regards Click Studios Link to comment Share on other sites More sharing options...
Juan Posted November 6, 2020 Share Posted November 6, 2020 Thanks for your response, that was really helpful. Link to comment Share on other sites More sharing options...
support Posted November 6, 2020 Author Share Posted November 6, 2020 Link to comment Share on other sites More sharing options...
Kyle Posted November 24, 2020 Share Posted November 24, 2020 Hi, We have also started to use discovery jobs. I have 2 host discovery jobs scanning 2 different sites in Active Directory. Site 1 computers Site 2 computers The problem i have is when i create a Windows local admin discovery job, it is taking hosts found on BOTH host discovery jobs. How can I ensure they remain separate and keep them within their respective password lists? I was looking at host tag filters but couldn't find anything for use of wildcards for example. Any help appreciated. Link to comment Share on other sites More sharing options...
support Posted November 25, 2020 Author Share Posted November 25, 2020 Hi Kyle, Our Tag field is the only real option to filter based on the Host Discovery Job. Are you specifying multiple OU's with your Host Discovery Job, and that's why you need Wildcard matching on the Account Discovery Jobs? If you are using multiple OU's, is there any part of the OU's that would be unique to each of your jobs? Regards Click Studios Link to comment Share on other sites More sharing options...
Kyle Posted November 25, 2020 Share Posted November 25, 2020 There are several sites, but we can use 2 for the sake of example. I have 2 discovery jobs Site1 with sub Ou Computers Site2 with sub Ou Computers Each site has its own computer naming convention: Site 1 workstation S1W00001 S1W00002 site 2 workstation S2W00001 S2W00002 Right now with this setup the password discovery job is adding all hosts discovered from both jobs. What would work as a wildcard for me is S1W* Or S1W????? * Anything that contains S1W of any length ? Specific amount of potential characters Link to comment Share on other sites More sharing options...
support Posted November 25, 2020 Author Share Posted November 25, 2020 Hi Kyle, Have you tried putting S1W or S2W into the "Host Name Filter" field? There is also the 'Hosts to be Queried' tab where you can test what Hosts the discovery job will execute against. Does this help at all? Regards Click Studios Link to comment Share on other sites More sharing options...
KingIsulgard Posted July 29, 2022 Share Posted July 29, 2022 I'm currently getting a large list of failed password resets. The passwords are correct, the heartbeat confirms them as correct (green light) but the resets keep failing for no particular reason. It worked fine before. The error message I'm getting is the following: The Passwordstate Windows Service failed to process the Password Reset Script 'Reset Windows Password' against Host 'vvcbpsageobn1.belfla.be' for the account 'Administrator' (\Shared Lists\Servers\DWH + GEO + GIS + QV + MIV\Windows Users). As a result, no changes have been made to this record in Passwordstate. Error = Failed to reset the local password for account 'Administrator' on Host 'vvcbpsageobn1.belfla.be'.Error = Method invocation failed because [System.Net.NetworkCredential] doesn't contain a method named 'new'. = Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number.". Link to comment Share on other sites More sharing options...
support Posted August 1, 2022 Author Share Posted August 1, 2022 Hello Kinglsulgard, Can you please try upgrading to build 9583, as we did provide a fix in this build for the error you are seeing - which was only hapenning on older operating systems. Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now