support

Hi Tom, We've just thought possibly you could use the API to achieve this. I have pasted in a script below which will create a Private Password List for one single user called halox\lkels. Possibly what you could do is get a list of names that you need to create Private Lists for, and loop through those names, putting this script below in a foreach loop. If you have any questions about this, please let me know: $PasswordstateUrl = "https://sandbox.halox.net" $APIKey = "4ca37695823bdfe9285afe3bc3463453" # Define values for the Password List in below array $Body = @{ PasswordList = "A Test Password List" Description = "This short description is for my Test Password List" NestUnderFolderID = "0" APIKey = $APIKey Guide = "This is some test text to be inserted into the guide for this Password List" ImageFileName = "activedirectory.png" AllowExport = "True" PrivatePasswordList = "true" PreventBadPasswordUse = "true" ApplyPermissionsForUserID = "halox\lkels" Permission = "A" } # Convert Array to Json $jsonData = $Body | ConvertTo-Json # Execute the command $FullUrl = "$PasswordstateUrl/api/passwordlists" $result = Invoke-Restmethod -Method Post -Uri $FullUrl -ContentType "application/json; charset=utf-8" -Body $jsonData Regards, Support.

Hi Tom, Sorry, we do not have a feature for that, and you will just need to instruct these users to create their own Private Password Lists in this instance. Regards Click Studios

Hello, This should not affect Passwordstate at all - we do not record SIDs of the host objects or accounts. Regards Click Studios

Thanks very much Azkabahn - we appreciate it.

Hi Azkabahn, Thanks for the information. For us to design this in Passwordstate, where is slack would we send these notifications - would it be a direct message to yourself, or send the "emails" to a channel? Thanks very much. Regards Click Studios

Issue: You have installed the Browser Based Gateway on your Passwordstate web server, but the Passwordstate-Gateway Service will not start. Part of the installation process is to export the Passwordstate certificate to a password protected pfx file, and then that password is encrypted and inserted into the gateway.conf file. If this encrypted password is missing or incorrect, then the service will not start. One way to test this is the issue is to set the SSL value to false, as per below screenshot, and then try starting the service again. If the service starts then this indicates a problem with the certificate. Change the SSL value back to true after this test. To fix this, follow these steps: 1. Export the certificate by following Section 7 in this document: https://www.clickstudios.com.au/downloads/version9/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf 2. Confirm the exported certificate is called Passwordstate.pfx and copy it into your c:\inetpub\passwordstate\hosts\gateway folder, overwriting the existing certificate if it exists 3. Run the following Powershell script when logged into your web server, but change the password from Welcome123 to the password you set when exporting the certificate cd C:\inetpub\Passwordstate\hosts\gateway java.exe -cp SparkGateway.jar com.toremote.gateway.Encryption Welcome123 -q This will give an output as per below screenshot: 4. Copy this value and place it into your gateway.conf file, as per below screenshot, and save this change 5. Now try to start the Passwordstate-Gateway service again. If this still does not help, please contact Click Studios support. Regards, Support

Hi, Out of curiosity, where is slack would we send these notifications - would it be a direct message to yourself, or send the "emails" to a channel? Regards Click Studios

To test that you have SQL replication working correctly this simple test will help. If you open SQL Management Studio Tools, connect to you Primary database server and run the following query: USE Passwordstate SELECT COUNT(*) FROM Auditing If you repeat this process above when connected to your secondary database server, you should get the same result if SQL Replication is working. If you are using two databases in your HA setup, then SQL Replication must be work otherwise you will experience a range of issues. Regards, Support

Passwordstate has a feature called "User Account Policies", which are similar to Windows "Group Policies". The idea being you create one or more rules, and apply them to a group of users. This forum post describes how you can use a User Account Policy to force all users to enable the URL field when they create a new Private Password List. Step 1: Under Passwords Menu, add in a new Password List Template Step 2: Give the Template a name, choose an icon, and also enable the URL field Step 3: Create a new User account Policy under Administration -> User Account Policies, give it a name, and choose the Template you have created in Steps 1 and 2: Step 4: Apply the Policy to All Users and Security Groups, or choose a custom Security Group to apply the Policy to: Now when any user attempts to create a new Private Password List, the template will be selected for them automatically: ** TIP #1 ** If you want to use a User Account Policy to create a Shared Password List, you can also set the permissions to be based off the permissions you set on your Password List Template (Setting ID #E2) ** TIP #2 ** If you choose the option to Link the User Account Policy to the Password List, (Setting ID # E3 or #E5) then anytime you make changes to settings on the Password List Template, this will automatically update all inked Password Lists in the system ** TIP #3 ** Under Administration -> System Settings -> Password List Options, there are several settings that control the way User Account Policies can behave if using one in conjunction with a Password List Template. Consider reading the setting on that page and decide if they will help you control your environment Regards, Support

Issue: If you are having an issue connecting to some hosts using the browser based launcher, it's possible that you may find an error code in the Passwordstate error console. This can be found under Administration -> Error Console. We have compiled a list of known error codes below, which may help troubleshoot the issue. You can also enable verbose logging for the Browser Based Launcher, and to configure this please see this forum post: https://www.clickstudios.com.au/community/index.php?/topic/2852-enabling-verbose-logging-for-the-browser-based-remote-session-launcher/ '1': 'The disconnection was initiated by an administrative tool on the server in another session.', '2': 'The disconnection was due to a forced logoff initiated by an administrative tool on the server in another session.', '3': 'The idle session limit timer on the server has elapsed.', '4': 'The active session limit timer on the server has elapsed.', '5': 'Another user connected to the server, forcing the disconnection of the current connection.', '6': 'The server ran out of available memory resources.', '7': 'The server denied the connection.', '9': 'The user cannot connect to the server due to insufficient access privileges.', 'A': 'The server does not accept saved user credentials and requires that the user enter their credentials for each connection.', 'B': "The disconnection was initiated by an administrative tool on the server running in the user's session.", 'C': 'The disconnection was initiated by the user logging off his or her session on the server.', //Protocol-independent licensing codes: '100': 'An internal error has occurred in the Terminal Services licensing component.', '101': 'A Terminal Server License Server could not be found to provide a license.', '102': 'There are no Client Access Licenses available for the target remote computer.', '103': 'The remote computer received an invalid licensing message from the client.', '104': 'The Client Access License stored by the client has been modified.', '105': 'The Client Access License stored by the client is in an invalid format', '106': 'Network problems have caused the licensing protocol to be terminated.', '107': 'The client prematurely ended the licensing protocol.', '108': 'A licensing message was incorrectly encrypted.', '109': 'The Client Access License stored by the client could not be upgraded or renewed.', '10A': 'The remote computer is not licensed to accept remote connections', 'connection': 'Failed to connect to Gateway!', 'pwdmatch': 'Passwords don\'t match', //error code from server '1A, Message Undefined': 'Connection was attempted whilst remote server was in the middle of a reboot' 'S0': 'New RemoteApp or desktop found. Please refresh your list.', 'S1': 'License expired.', 'S2': 'You must log in first.', 'S3': 'Disconnected by server.', 'S4': 'Control request was refused', 'S6': 'Joining request was refused', 'S7': 'The password is not correct', 'S8': 'Remote control was denied due to group policy settings', 'S9': 'The user is already under remote control',//37 'S10': 'Remote control of the user session has ended.',//302 'S11': 'Status update of printing: ', 'S100': 'You password is about to expire. Days left: ', 'S3000': 'Invalid user.', 'S3001': 'No access right.', 'S3002': 'Failed to generate PDF file.', 'S3003': 'PDF Converter not found.', 'S3004': 'Unknown host name: ', 'S3005': 'Error:', 'S3006': 'Wrong user name or password!', 'S3007': 'File not found', 'S3008': 'Failed to play file', 'S3009': 'Only accept connections from localhost. You can try localhost, 127.0.0.1, host name, or local IP', 'S3010': 'Session not found or cannot be joined', 'S3011': 'Maximum number of concurrent users is reached.', 'S3012': 'User session timeout', 'S3014': 'Invalid symlink', 'S3015': 'Wrong symlink password', 'S3016': 'There is not enough free disk space.', 'S3017': 'Can not connect to the remote computer: computer is not available or Remote Desktop is not enabled.', 'S3018': 'File is blocked.', 'S3019': 'Maximum number of emergency concurrent users is reached.', 'S3020': 'Maximum number of emergency license days is reached.' Error: - Remote Session Launcher Browser Based Gateway Error. Error = Host not available, or Username or Password incorrect. Possible Issues: - Remote Host is not reachable, check DNS or try IP Address - Username does not exist on remote machine - Password for account is incorrect - Account you are using is a member of the Protected Users Security Group in Active Directory If you see an error in here that doesn't make sense to you, please submit it to support@clickstudios.com.au and our support team will do our best to advise. Regards, Support

Issue: If you are having issues establishing connections to remote devices, it's possible that the Remote Session Launcher will log a error in the Passwordstate Error Console. For more information about this, please see this forum post: If looking in the error console does not give you enough information to troubleshoot the issue, you can try enabling verbose logging for the Browser Based Launcher, by following this process: https://www.clickstudios.com.au/community/index.php?/topic/2853-error-codes-for-the-browser-based-remote-session-launcher/ 1. On the server where you have the gateway installed, which by default it comes pre-installed in your Passwordstate website, run notepad as Administrator 2. Open the c:\inetpub\passwordstate\hosts\gateway\gateway.conf file and change the following lines to look like this: For your convenience, here is the text so you can copy and paste: #log http header, that may contains sensitive information like password. default is true. logHttpHeader = false stderrLog=true log.level = FINEST 3. Stop the Passwordstate Gateway Windows Service 4. Delete the c:\inetpub\passwordstate\hosts\gateway\gateway.log.0 file 5. Restart the Passwordstate Gateway Windows Service 6. Now if you try to replicate the issue, you should see some verbose logging in the c:\inetpub\passwordstate\hosts\gateway\gateway.log.0 file. We'd recommend rolling back these changes to the gateway.conf file after you have finished troubleshooting your issue, as this can leave some potentially sensitive information in the log files. We hope this helps you identify what the issue is connecting to your hosts, but if you need to send this log file through to Click Studios, please send it in a email to the support@clickstudios.com.au email address. Regards, Support.

Sorry Jeff, We have not consider whether we will include support for these other notification applications at this time. Regards Click studios

Purpose: Passwordstate is a self hosted website and if everything is not set correctly then your website can become unavailable. This forum post describes a few things you can check to get your website back up and running again. Things to note: This forum post assumes you are not using the High Availability module for Passwordstate, and you only have a single website to troubleshoot. Passwordstate structure: Passwordstate is a self hosted website that can be installed on any Windows machine, and it uses IIS (Internet Information Services) web server software to host the website. The website sends and receives data to a SQL database. This database can be installed on the same server, or on a separate server if required. In your installation directory, which by default is c:\inetpub\passwordstate, you will find a file called web.config. In this file, is a "Connection String" and an "Application Settings" section, both are important to have set correctly for your website to work. An explanation of these web.config file components is below: Connection String: This section of the web.config file tells your website what server your database is installed on, and which credentials to connect to the database to. 1. Data Source is your web sever name, and if applicable, your SQL instance. In the screenshot below we use the default instance so we omit it in the connection string. If you did have a custom SQL Instance, this section should be in the format of <SQL database server name>\<SQL instance name> 2. This is the name of your database 3. The SQL username which has db_owner permissions to your Passwordstate database 4. The password for this SQL user Application Settings: The application settings section has a few different components with explanations of these below: 1. SetupStage: After installing Passwordstate this value will change to "Setup Complete". This setting should never change unless you are in the process of installing the Passordstate software 2. PassiveNode: This value determines hos your website will behave, either in read/write mode or just read mode. This is only used if you have the High Availability module and are running 2 Passwordstate websites. This value should always be "False" 3. Secret 1 and Secret 2: Passwordstate has built in encryption keys which protect your data. Half of these keys reside in the AppSettings section of your web.cconfig file, the second half are located inside your database. When you log into your Passwordstate website, the code behind the scenes will join these encryption keys, which in turn decrypts any information in the database which only you can see. If these keys do not match, then your website will not load. 4. GUID1: This value stores your authorized web server name which can be found under Administration -> Authorized Web Servers. This is a security feature of Passwordstate and if the value in this field does not match the DNS name of the server where you have Passwordstate installed, then you will be prompted for your Emergency Password. How to find your URL and Port Number: Open IIS on your Passwordstate web server by going to start button -> Run and typing in inetmgr.exe. Click on your Passwordstate website and then select Bindings. Your URL will consist of three things: 1. A protocol, which is either http or https 2. A Host Name which can be anything you like. By default it will be set as the name of your Passwordstate server 3. A Port number. In the example below, my binding is https://webserver02:9119 Web Site Errors: When browsing to Passwordstate, there are many types of errors that you could potentially get, all depending on which information is not set correctly. Below are the most common errors and how to troubleshoot them. The website URL we'll be testing these on is https://webserver02:9119 Error #1: "This site cannot be reached" (ERR_CONNECTION_REFUSED) Steps to Troubleshoot: 1. Ensure you are typing in the correct URL including having the port number appended to the URL. example is https://webserver02:9119. Port 443 is the only port that does not need to be appended to the URL as IIS treats this port as as the default for all HTTPS traffic. 2. Open IIS on your web server, and make sure your Passwordstate website is started. If it is stopped you will see a black stop button on the website in IIS. See screenshot below to start the website again: 3. Ensure there is no firewall blocking access to the website by performing a port test from your desktop computer to the passwordstate URL. Below is an example test you can run in Powershell: test-netconnection webserver02 -port 9119 You should get a successful result like this if nothing is blocking access: Error #2: "Database Connectivity Error" Steps to Troubleshoot: This error means that your website settings in IIS are ok, but for some reason the website cannot communicate to the database. Some suggestions to troubleshoot this are: 1. In the c:\inetpub\passworddstate\web.config file, check that the Database server and SQL instance are set correctly in the connection string 2. Take note of the database server and SQL instance, and the username and in the connection string in the web.config. Use those credentials to try to establish a connect to the database server using SQL management Studio Tools. If everything is correct you will be able to establish a connection. Possibly you will need to reset the password for the account in SQL on your database server to match what you have in your web.config file Error #3: "Secret Key Issue": Steps to Troubleshoot: You will generally see this error if you have done something wrong during an upgrade or a move of your Passwordstate website. The secrets in the web.config file must match the keys in the database, and sometimes these can get out of sync if you copy the wrong keys across or restore an older version of the database etc.. Try to locate a different web.config file with another set of keys in them, possibly in a backup or on another server where you have previously had Passwordstate installed. Insert the new keys into the AppSettings section of the web.config file and if they match, the website will display as per normal. Error #4: "This Site can't be reached" (DNS_PROBE_FINISHED_NXDOMAIN) Steps to Troubleshoot: 1. Perform an nslookup on your URL, by opening a command prompt and entering the following command, assuming your URL is https://webserver02:9119. There's no need to enter the https protocol nor the port number when doing this test: nslookup webserver02 If this nslookup fails you should: Check you are typing in the correct URL with no spelling mistakes Check your DNS entry for your site is correct, and directing all traffic to your Paswordstate web server Make sure are not using a hosts file for your DNS entry. If you haven't already, create a new DNS entry in DNS Manager, which is a tool located on your DNS server, usually the domain controller. Example of DNS entry can be found in this forum post: https://www.clickstudios.com.au/community/index.php?/topic/1465-changing-the-passwordstate-url/ If you are using Load Balancers or proxy servers, try to bypass these altogether as a test. To test this, create a new binding in IIS called "localhost", and assign port 443 to it for ease of use, and select your certificate. Then log directly into your Passwordstate server and browse to https://localhost and if your website displays then there is an issue with external systems that are not handling your URL and DNS properly. Error 5: HTTP Error 404. Page cannot be found Steps to Troubleshoot: Ensure your binding in IIS is correct and is the exact text that you are entering into your browser to access the site. Error 6: ERR_HTTP2_PROTOCOL_ERROR Steps to Troubleshoot: This error can be caused by the Windows Process Activation Service (WAS) not being started. Restart that service or reboot your web server and this should fix the issue. We'll try to add more errors and fixes to this page as we find them. If none of these suggestions help please log a support call with support@clickstudios.com.au Regards, Support.

Purpose: Currently as of Build 8782 Passwordstate does not have a feature in the User Interface to scan an Active Directory OU and automatically add in all the security groups. This Powershell script can do this as an alternative way, which will search an Organisational Unit of your choice and add each security group in via the Passwordstate API. The Security Groups will automatically sync all members within about 1 minute of being added into the system. You must be running Passwordstate 8782 for this to work, and you'll find the Security Groups API key under Administration -> System Settings -> API The script is listed below, and you could potentially put this into a Windows Scheduled Task to run on a regular schedule. Please change the variables on lines 2,3,4 and 5 to suit your environment: #Set following core variables in lines 2,3 & 4 $APIKey = "6c27d83f5a9b43e79843b632fe5dac5e" $PasswordstateURL = "https://sandbox.contoso.com" $Domain = "contoso" $OUtoScan = "OU=Test,OU=Sandbox Testing,DC=contoso,DC=com" #Begin Script #Construct API URL for use later in script $APIURL = $PasswordstateURL + "/api" #Find Security Groups in OU $SecurityGroups = (get-adobject -Filter 'ObjectClass -eq "group"' -SearchBase $OUtoScan).Name #Cycle through array and add each security group to Passwordstate foreach ($SecurityGroup in $SecurityGroups) { #JSON data for the object $Body = @{ SecurityGroupName = $SecurityGroup ADDomainNetBIOS = $Domain APIKey = $APIKey } # Convert Array to Json $jsonData = $Body | ConvertTo-Json #Add the group to Passwordstate $result = Invoke-Restmethod -Method Post -Uri $APIURL'/securitygroup' -ContentType "application/json" -Body $jsonData } Regards, Support.

Issue: Quite often you may have an employee leave the company, whether it be on good or bad terms, and to prevent that user from accessing certain systems you need to reset all passwords that he or she knows. Resolution: Passwordstate has a feature that can reset all passwords a specific user has seen since they were last changed. If the passwords are set up for automatic resets in Passwordstate, then they will also be reset on the remote system too. If you are using the Remote Site Locations module, these resets can complete across the internet, or across air-gapped networks. Below is the process on how to bulk reset all these passwords. Under Administration -> Password Lists, choose the Bulk Password Resets option: On this screen, you have a few options: Search for the user, and configure the search options as you need. "Recommended resets based on historical user activity" is the setting where it will only return passwords that the user has seen, since the password was last reset Alternatively, you can just reset every single password that the user has access to The Site location is only relevant if you are using the Remote Site Locations module When clicking the search option, the relevant passwords will displayed in a grid. If you choose to, you can select individual password by ticking the check box on the left hand side of the grid You then need to configure the Password Reset Schedule, and your options are to reset them "Now" or add set a time in the future by picking a date and time, and then adding them to the queue There is a second grid at the bottom of the page, which will display the passwords that have been added tot he queue. You can monitor this grid to watch passwords being processed We hope this helps and with a couple of clicks of your mouse you can automatically reset hundreds of passwords within Passwordstate and out on remote systems, which can save you enormous time. Regards, Support.

Click Studios do get this question from time to time, about what happens to passwords or password lists, when they are deleted out of the system. Below is some information to help you understand what is happening in this scenario: When you delete individual passwords, they are sent to the recycle bin. They can be recovered from here if needed, but if the recycle bin is emptied, the passwords are gone forever When you delete a Password List, the Password List and all of the passwords it holds will be deleted from the system completely When you delete a Folder, this Folder, all Password Lists and all Passwords they hold will be deleted from the system completely If a user is deleted out of the system, then this will permanently delete any Private Password List they had. If you add the user back in, this private Password list will not reappear. No Shared Password Lists are removed from the system when a user is deleted You can always restore a copy of your database if needed, to recover passwords or password lists, so best practice to keep a long backup history of your database and web.config files. The encryption keys in the web.config file must match the encryption keys in the database, so you should keep a relevant copy of the web.config file with the backup of the database that you take. The auditing is kept forever, no matter if passwords or password Lists are removed from the system. There is an option to purge auditing data under Administration -> Auditing if this is something you’d like to do. We hope this helps, Support.

Issue: As a Passwordstate Security Administrator, you receive an email from the system advising that the Active Directory Sync process was still running at the time the next sync process began. This could mean that not all members of the security groups you have added into Passwordstate are synchronizing properly. Sync Process Behaviour: The Passwordstate Windows service attempts to synchronize any Active Directory Security Group on the schedule you have set under Administration -> System Settings -> Active Directory Options. It will also attempt to synchronize the following attributes for each user account in Passwordstate, regardless if they are a member of a Security Group or not: Display name Given name Surname Email address User principal name Sam account name Department Physical delivery office name Enabled status Please note the fields below are synchronized when users are added into Passwordstate. If the user accounts already exist in Passwordstate, then the Department, Office, Email Address, User Principle Name and enabled/disabled status will be updated, if they change in AD. Click Studios has tested synchronizing 4500 user accounts, and this process took 6 - 7 minutes. Steps to Troubleshoot: Suggestion 1: How many Security Groups and Users do you have in Passwordstate? If you have several thousand, consider changing the Sync time to be longer, under Administration -> System Settings -> Active Directory Options. Restart your Windows Service after making this change which is no disruptive to your system Suggestion 2: By default, Passwordstate uses the Read Active Directory Security Groups and User Accounts privileged account to query Active Directory. To find out which account you have set to query your Active Directory, look under Administration -> Active Directory Domains and look for the name of the Privileged Account on that screen. Then, under Administration -> Privileged Account Credentials, open the relevant account and this will show you the domain account used to query Active Directory. Try elevating the permissions of this account in Active Directory to be a Domain Administrator, and allow a couple more sync processes to occur. Does this fix the issue? Suggestion 3: Are there any exceptions in the Application Event log on your Passwordstate web server, for the Passwordstate Service that indicate errors with the sync process? Suggestion 4: Are there any errors in the Administration -> Error Console which help diagnose the issue? (Send to Click Studios Support if you need help understanding these errors) Suggestion 5: Do manual syncs of each Security Groups work? Try to systematically isolate the problem to one security group, by manually synchronizing each group, one at a time. This can be performed under Administration -> Security Groups as per below screenshot: Suggestion 6: Do any of your Security Groups have users from other domains? Although this could work, it's not officially supported at this time. Adjusting permissions for the privileged account may help if you do have members from other domains. Click Studios will add more fixes/suggestions to this post if we can gather more information. If we can replicate the issue on our own test environments, then possibly we could make some changes in our software to fix the issue. Please contact Click Studios if you'd like to discuss your failed sync process further. Regards, Support.

If you are noticing that Password Resets are getting stuck in the queue, please check the following items to determine the cause of this: On your Passwordstate web server, see if there are any errors being logged in the Windows Application Event Log Check the Passwordstate Windows Service is started In the web.config file on your primary server (not High Availability server), ensure the PassiveNode key is set to false - if it is not, change it to false and restart the Passwordstate Windows Service By default, the Passwordstate Windows Service runs under the identity of the 'Local System' account, and this should never need to be changed unless you are using a Managed Service Account (MSA) for database connectivity. If you are not using an MSA account for database connectivity, please ensure the service is set to run under the identity of 'Local System' Password Resets generally use a Privileged Account credential to perform the reset. Please check the password for the account being used is correct - these accounts can be found on the screen Administration -> Privileged Account Credentials. Regards Click Studios

Hello, We do not have a method in the API to retrieve the UserID for user accounts in Passwordstate unfortunately, but you can look them up on the screen Administration -> User Accounts. You need to be a Security Administrator to do this though, so do you have some sort of standard naming convention for your User Accounts that your staff could reference? You can sort of lookup UserIDs in the normal Passwords tab, if you go to apply some new permissions to a Password List here, but hopefully your naming convention would be a better option. Regards Click Studios

Hello, I think the issue here is fe80:*:*:*:*:* - we do not have support for IPv6, and this would be causing that error. These allowed IP ranges also are not enforced for the Browser Extension Controller within the API - but that IPv6 would have caused the error in a different class being used during authentication. Regards Click Studios

Hi Franz, Could you check for us if your API in Passwordstate is working okay? To do this, go to the Help Menu, and open the menu 'Web API Documentation'. Then click on the button 'Standard API Documentation'. Does the API documentation page load? If it does, can you tell us if you use any Load Balancers, or Reverse Proxies? Thanks Click Studios

Hi Constantin, You can upload any type of file to a Password Record, a Password List or a Folder. To upload a certificate file to a password record, please do this from the actions menu. You'll see a little document icon on your Password Record after you have uploaded one, and your document can then be accessed from this icon, or also selecting the view Documents from the Actions menu. Hope this helps! Regards, Support

Hey Everyone, Just a quick message to say we are very close to releasing a beta of our new Chrome extension. Possibly in the next couple of weeks, and this feature is in the new version:) We'll be announcing the beta release on Social Media soon, and we'll report back here to, and you are all welcome to test it out. Thanks again, Support.

This forum post will show you how to encrypt and decrypt your web.config file. This file by default is located in c:\inetpub\passwordstate folder on your webserver. A standard web.config file will be in clear text, and two important parts of this file with sensitive are the "Connection String" section, and the "AppSettings" section. The ConnectionString section holds the credentials that your Passwordstate website uses to connect to your database. So it will contain the server name, the database name and database instance if it is applicable, and the SQL username and password. The AppSettings section contains the two Secret Keys which are used to protect your website from being accessed if your database is stolen, and the setup stage of your install. A clear text web.config file looks like this: An encrypted web.config file looks like this: As you can see, the encrypted web.config file is not readable when it is encrypted, and this can protect your information in the event your web server has been compromised. Encrypting Web.config file: To encrypt of decrypt the different sections of the web.config file, please follow these instructions below. Step 1: Open a command prompt as Administrator Step 2: Change directories by copying and pasting the following code into your command prompt, and hit enter: CD C:\Windows\Microsoft.NET\Framework64\v4.0.30319 Step 3: To encrypt the connectionString section, execute this line of code: aspnet_regiis.exe -pef "connectionStrings" "c:\inetpub\passwordstate" To encrypt the AppSettings section, execute this line of code: aspnet_regiis.exe -pef "appSettings" "c:\inetpub\passwordstate" Decrypting the web.config file: To decrypt the web.config file, the code you execute is only slightly different: Step 1: Open a command prompt as Administrator Step 2: Change directories by copying and pasting the following code into your command prompt, and hit enter: CD C:\Windows\Microsoft.NET\Framework64\v4.0.30319 Step 3: To encrypt the connectionString section, execute this line of code: aspnet_regiis.exe -pdf "connectionStrings" "c:\inetpub\passwordstate" To encrypt the AppSettings section, execute this line of code: aspnet_regiis.exe -pdf "appSettings" "c:\inetpub\passwordstate" Notes: Note 1: Decrypting the web.config file must be carried out on the same server where it was encrypted, otherwise this process will not work. This is part of the security and is built in to the operating system. If you are migrating your Passwordstate website to a new server, it must be decrypted first on the old server, otherwise your website will not load. Note 2: If you encrypt the AppSettings section of your web.config file, it is imperative you keep an exported copy of your encryption keys in a safe place, as they may be required in the event of a server rebuild, or server move. You can export your encryption keys to a password protected zip file under Administration -> Encryption Keys once you have access to your website. The Passwordstate built backup feature can also take a backup of your encryption keys on a regular schedule. Please see Click Studios documentation page for links on how to set this up: https://www.clickstudios.com.au/documentation/ Note 3: If you intend to rename your server host name, or move your Passwordstate install to a different server, you should decrypt your web.config file first, and re-encrypt it again once the renaming is complete.. If you have any more questions about this, please contact Click Studios support via email, and we'll help in any way we can. Regards, Support.

Thanks - we've been meaning to work on this for quite some time now, but it does require updating several hundred calls to the database, and testing them all, across all tiers and modules in Passwordstate. There just seems to be a lot more other request that seem to take up our time. Maybe we could improve the delete process here, so the user is well aware this is an irreversible process - we could make them acknowledge it by forcing them to tick a checkbox. Regards Click Studios