Passwordstate Documentation

Hosts

Within the Hosts Menu, there are two primary functions which can be used:

  • Adding Hosts records into the system so that accounts on them can be managed (account discoveries, password resets and account heartbeats)

  • Use the Remote Session Launcher utility. With the Remote Session Launcher utility, there are two different types available:

Browser Based Remote Session Launcher

  • Runs from within your Browser - can be used on all Operating Systems

  • RDP & SSH Sessions

  • All sessions are initiated (proxied) from the Passwordstate web server

  • Session Recording and Playback

Client Based Remote Session Launcher

  • Requires Client Install - Windows Operating Systems only

  • RDP, SSH, Telnet, VNC, SQL and Teamviewer Sessions

  • All sessions are initiated from the user's PC

  • No Session Recording

Note 1: By default, all users have access to all features under this Hosts tab. It is recommended a Security Administrator of Passwordstate visit the page Administration -> Passwordstate Administration -> Feature Access -> Hosts tab and Remote Sessions tab, and review each of the varying levels of access, and modify permissions as appropriate.

Note 2: Microsoft have removed the ability to pass a SQL Server account password value to SQL Server Management Studio via the command line, in Management Studio 2018. Authenticating with Active Directory accounts works with Management Studio 2018, but if you wish to use SQL Accounts you will instead need to use Management Studio 2017.

Hosts Home Screen

When you click on the Hosts Home icon, you will be presented with a screen where you can see some statistics regarding the number of Host records which have been added to Passwordstate, as well as any Remote Session Credentials your account has access to.

From this screen you can:

  • Click on View All Host Records to see all Host records, and manage them

  • Click on View Host Discovery Jobs to manage Discovery Jobs for querying Active Directory for Host records - and import them into Passwordstate

  • Manage Remote Session Credentials which can be used with the Remote Session Launcher Utility.

view host records

View All Host Records

On the View All Host Records screen, you can Add/Import/Edit hosts into Passwordstate, so they can be used to perform Password Resets for accounts on the Hosts, or so they can be used for the Remote Session Launcher feature.

On this screen there are various features available to you, in particular:

  • Adding Hosts manually

  • Importing Hosts via a CSV file

  • Exporting Hosts to a CSV file

  • Setting a Host to 'Unmanaged' status - setting a Host to unmanaged means no Password Resets occur for accounts on the Host.

  • Send a Heartbeat request to the Host to see if it is available on the network. You can also set the time frame in which regular scheduled Heartbeats occur for different operating systems, on the screen Administration -> Host Types & Operating Systems

  • Deleting a Host

Note: It is also possible to import Hosts via the Passwordstate API, or use a Discovery Job to import them from Active Directory.

Hosts-home

Adding New Hosts Manually

When adding in new Hosts there are a few things to consider:

  • Specifying the FQDN for the host name results in improved performance when resetting passwords, and launching Remote Sessions. It also offers greater flexibility for non-trusted Active Directory Domains, as you can apply Password Reset Scripts, Password Validation Scripts, or Remote Session Credentials, based on the domain name the host is joined to.

  • The Tag field can be any value you like, and is included in the search results when searching for the 'Host Name'. If using a Discovery Job for searching Hosts in Active Directory, there's an option to include the Host's OU in the Tag field.

  • If the Host is a MS SQL, MySQL Server or Oracle Server, you can specify Instance details and port numbers if needed, so Passwordstate can connect to it to execute Password Reset Scripts.

  • If using the Remote Session Launcher utility, you can specify various properties for launching remote sessions i.e. Connection Type, Port Number, and possibly any other Remote Session Parameters needed for the Remote Session client program you're using.

Note: As Telnet traffic is unencrypted, it is recommended you avoid using Telnet for connectivity if possible.

Add-New-Host

View Host Discovery Jobs

Discovering Windows & Linux Hosts on your network is simply a query of your Active Directory domain - Passwordstate does not "go out" into your network discovering host using things like route tables at all. Because of this, no specific system requirements are necessary, except for a domain account with privileges to query Active Directory.

Host-Discovery-Jobs

When discovering new Windows & Linux Hosts, you have the following options available to you:

  • Which Active Directory domain to query.
  • To query specific AD OUs, you can click on the 'Active Directory OUs' tab and specify them here.
  • Which type of Hosts you want to discover, based on the Operating System Level.
  • Only discover Hosts which have been logged into based on a set date i.e. only machines logged into since July 2014.
  • You can also set the Tag field for a Host to be the value of the Active Directory OU it belongs to.
  • As users in Passwordstate need to be given permissions to Hosts in order to use them for various features, you can set permissions on the 'Permissions' tab.
  • You also need to specify the 'Privileged Account' identity which will be used to query your Active Directory Domain. These Privileged Account Credentials can be added/edited/updated on the screen Administration -> Privileged Account Credentials.
  • Finally the schedule for how often you want the Discovery Job to be executed.

When applying permissions to the Job after it is created, whoever is given access can then administer the job, as well receive any emails with the results of the job execution.

Note: When query Active Directory for Hosts, it is the value of the OperatingSystem AD Attribute which is queried. If you go to the screen Administration -> Passwordstate Administration -> Host Types & Operating Systems, you can see what attribute is currently set for each different operating system.

edit-host-discovery-job

Discovery Job History

In addition to the emails you will receive for results of Discovery Jobs, a History of all changes to the database are also recorded and can be viewed anytime - as per the screenshot below. If your Discovery Job does not actually find any Hosts, then it will not record any data i.e. You may have a Host filter set on the Discovery Job that does not find any Host records in Active Directory, or possibly you have specified an OU to query which does not have any computer objects in it.

discovery-job-history

Remote Session Management

For full instructions of how to install/configure and use either of the two Remote Session Launchers available in Passwordstate, please refer to the 'Remote Session Management' menu under the Help Menu in Passwordstate, or download the Remote Session Management Manual