support

Hello Everyone, Today we have released build 9381. For full details, please refer to our changelog here https://www.clickstudios.com.au/passwordstate-changelog.aspx Regards Click Studios

Title says it all really, just need an automated way to purge the recycle bins on a scheduled. Maybe something like 3 months, 6 months etc.

We've had a request for the following for the Self Destruct Message web site: Add auditing for failed PassPhrase login attempts Track failed Passphrase login attempts by IP, and lock the user out when they reach the Brute Force login threshhold. The Admin would then need to unblock this IP Address, just like in the main UI. These changes would provide an additional layer of security, on top of: Brute Force Lockouts via Session tracking Guessing the URL of the Self Destruct Message web site Guessing the randomly generated 32 character Self Destruct ID, needed to view the message Regards Click Studios

Hi Fabio, As mentioned in the email we sent you, you need to disable Anonymous authentication for your site in IIS, and then this is possible. Regards Click Studios

Hi Fabio, If we've understood your requirements properly, what we suggested should work. Hopefully someone in the community has some other guidance for you. Regards Click Studios

Issue: Some functionality may not be working in Passwordstate, and to rule out an issue with your production HTTPS Binding, you need to bypass it. Procedure: Open IIS on your Passwordstate webserver, and create a new HTTPS binding called "localhost". Set the Port to 443 and assign any certificate you have available to this new binding: Whilst still logged into your web server, open your browser and brose to https://localhost. You may receive a warning from the browser that the certificate is not trusted. Click the Advanced button and then Proceed to the website: Temporarily change the Base URL under Administration -> System Settings Miscellaneous to be https://localhost. You should now be able to log into your Passwordstate website with your normal credentials. Please perform the appropriate test as directed via Click Studios support and report back results. Once the test is complete, don't forget to change your Base URL back to the correct URL. Regards, Support

Hello Fabio, We've already responded to your email for this request - did you receive that email? Regards Click Studios

Hi Simon, Thanks for bringing this to our attention, as our documentation is incorrect for these GET Methods. Please use the URL format below, and we will update this for the next release: Active Directory Security Groups $PasswordstateUrl = 'https://passwordstate/api/securitygroup/getsecuritygroups/' Local Security Groups $PasswordstateUrl = 'https://passwordstate/api/securitygrouplocal/getsecuritygroups/' Thanks again. Regards Click Studios

It would be great if the RDP Linked Credentials would show not only your remote session credentials (if created and linked via hostname match) but also the passwords associated with the host in the dropdown. We have multiple local accounts on our servers and additional domain accounts. Unfortunately, you can only choose either the local accounts or the domain accounts (Via Remote Session Credentials). The colleagues can take the detour via the function on the passwords, but this is quite inconvenient for most.

Hello, Unfortunately there is not. Each Password List can have differnet columns/fields associated with it, so the layout of each grid needs to be unique - I hope that makes sense. Regards Click Studios

Hello, Underneath your Passwords Grid, you should see a 'Grid Layout Actions' dropdown list. From here you can save the layout. Regards Click Studios

Hello, Unfortunately we do not provide options for chaging the icons for Folders - only Password Lists. Regards Click Studios

A customer has requested the following functionality: "Would be great to be able to manage\modify and delete password lists via API.". Specifically fields and settings on Password Lists. Regards Click Studios

Hello Szu, Thanks for letting us know about this - it's actually a bug, which we've just fixed for the next release. The next release might not be for a week or two, but we will post back here as soon as it's ready. Regards Click Studios

What I would like to know is if there is a way for me to change the time limit or set a time limit upon how many pin codes get set to a user at once or a delay? Is this possible. As an example can I do this: I want to set it so that users only get e-mailed 1 Pin and then there is a 10 – 15 minute delay before they get another is this possible?

Hi Szu, Could you have a read of this Blog we published about permissions in Passwordstate 9, and how they changed from Passwordstate 8, and let me know if this helps? https://blog.clickstudios.com.au/whats-with-the-red-crosses/ Regards, Support

Hi Mike, We believe you've contacted us before on Facebook regarding this, and you are getting two different companies confused - please check your URL, as our web site is www.clickstudios.com.au. Regards Click Studios

Hi Alex, We can confirm that is expected behaviour, of checking for updated data once a minute. Regards Click Studios

Hi Alex, We're glad your found the initial issue. For the second lot of calls, this is our Browser Extension making calls to the API in Passwordstate. This should not be doing this every second, but once a minute. Regards Click Studios

Issue: You've noticed Application Pools being stopped in IIS, and even if you start them, the next day they are stopped again. Fix. Disabling the Microsoft Monitoring Service fixes the issue, but for a long term solution, you should exclude the w3wp.exe process from your monitoring service: Regards. Support

Hi Alex, The first errors relate to SAML authentication, and there is no scheduled events for authentication like this. Do you know why there would be authentication attempts at this time. The second error is also when accessing the UI - the user's session ended on the web server. Maybe check the auditing in Passwordstate to look at activity at that time, or your IIS logs. Regards Click Studios

Hi Scott, We've provided some guidance in the email you just sent us. Regards Click Studios

As of build 9360 One Time Codes cannot be exported from the system, when exporting passwords from a List. This feature request is to add in OTP codes when performing an export to CSV.

Purpose: This forum post will describe how to simplify the user interface, and remove certain sections for users that only need to use the basic functionality. Step 1: All menus on on the left hand side of your screen can either be hidden, or disabled for one or more users. For example, you may have a user who is never going to use the Account Discovery feature: You can completely remove this single menu item from under Administration -> Feature Access by selecting the Hide option, and then remove the users permissions as per below screenshot. As you can see in the above screenshot, you could also remove the entire Tools Menu if you wish. **Tip** When applying permissions in this manner, consider applying permissions via Security Groups. Step 2: All Users by default will have the Hosts tab available. But generally speaking, this tab would only be used for people in the IT department that will use it to remote into servers and devices on the network. A standard user would normally not need to use this feature, so you can remove the tab by removing permissions from Administration -> Feature Access: Step 3: User Account Policies (UAP) in Passwordstate are similar to Group Policy on a Windows Domain. ie, you'll set a series of settings within a User Account Policy and then apply then apply that policy to one or more users. Again, it's always best practice to use Security Groups for this. An example of setting up a UAP can be found here: https://forums.clickstudios.com.au/topic/2994-user-account-policies-explained/ Some settings that you can configure in a User Account Policy can be seen below: Setting #1 - A14 These Blue arrows, and Red crosses indicate the Advanced Permission Model is being used: Setting A14 in your User Account Policy will permanently hide these icons: Setting 2 & 3: B4 and B6 One all Password Lists, by default, users will see a Recent Activity Grid, showing all auditing information for that Password List. They will also see a Pie Chart shows some statistical information. Both of these can be removed by configuring Settings B4 and B6: Setting #3: C1 and C2 On the Passwords Home Page there's 4 grids and a Statistic Chart Each of these grids and/or the Chart can be hidden using Settings C1 and C2 Hopefully this helps simplify the User Interface, and any feedback is welcome to Click Studios Support. Regards, Support.

Hi Robert, This is by design in version 9, when you are using the Advanced Permission Model. That feature you've mentioned above only applies to the Standard Permission Model, as the Advanced Permission Model replicate permissions down the tree structure. You will need to elevate the user's permissions on the parent folders, if you are wanting to allow them to do this. Or, use the Standard Permission Model instead - which you can convert back to. Regards Click Studios