hatface13
-
Posts
12 -
Joined
-
Last visited
Posts posted by hatface13
-
-
+1
I'd like to see this as well. Maybe make this an optional setting via a checkbox in misc. Or possibly a per passwordlist setting as I could see us wanting to apply this to a specific list, but not to another.
-
Good afternoon everyone!
I'm trying to work out the errors in the Windows Dependency Account scan. I'm seeing this across a handful of hosts: Error = Could not find a part of the path '\\\'..
Has anyone else figured out how to go about working through this error? I've verified DNS is good, and tested by IP(changed hostname to IP in PasswordState host settings), which gave a winrm error until i finagled trustedhosts but once I cleared that up it went back to the above error.
I get this on a good chunk of the hosts I am trying to scan, including some that share the same OU/GPOs, but not all of them. Nothing in Error Console. I've got a handful of powershell Events that do look to include the discovery scan that I can forward to support if needbe.
Open to any ideas, hoping someone else has run up against this and worked their way through it.
Thanks!
-
This behavior was present yesterday while I was out of office. Saw that no reports were sent. This morning I logged into the server to take a look at logs and the report sent for me logging in there, and all test reports sent. No restart of service or server, just logging into the server with my administrative account seems to get things moving again. Any thoughts or ideas on how I can troubleshoot further? I've been looking at the windows events and don't see anything that sticks out to me but they definitely do have some contents above my level of comprehension that may be helpful that I can supply in private if necessary to help look into this.
Thanks so much!
-
Thanks so much for this!
-
Do you (or anyone) have documentation anywhere publicly available (or willing to share) on syslog and the messages that are sent? Trying to build parsers in my SIEM and this would help a lot if I knew all of the messages that I need to create parsers for. Easy to generate login and remote session/password viewed logs but I'm sure there are others I will need to parse out and I don't see it in the Security Admin Guide.
Thanks!
-
Now that I posted about it it did not happen last night.
In each occurrence the service was still running. I will take a look to see if the service is restarting overnight and not coming all the way up. Our email is hosted and the unfortunately won't provide me the logs directly but I will reach out and ask about communications problems with the server.
-
We have configured the 5 minute remote connection report to provide emails to select staff when admins login with their reasons.
It seems that the ability to send emails stops every night. When I try and send a test email from System Settings it says there is something wrong with the email server settings. Once I reboot or restart the service the test emails start sending again. If I run a scheduled report it will then send the email, and the scheduled 5 minute report email starts sending again. I'm not seeing any Windows Event Logs that seem to occur nightly that I could try and tie to this.
Thanks!
-
Yeah that timeout is taking at least half an hour and I wouldn't want it any longer than that. Would like to define it to stick to that and not be longer though.
So within browser based connections no settings for timeouts. The use case I'm presenting that management has bitten on is the ability to centralize all of the RDP and SSH sessions to one host so we can alert on any originating from elsewhere so the client based isn't really an option. I'll enter a feature request.
Thanks!
-
We are using the browser based. I'm following up this morning and I'm actually not seeing a timeout so far with Windows as was reported to me.
-
I've configured the 5 minute report as a workaround but my org would like to see a notification option to check to include notifications of remote sessions being launched with the reason included (if the password list the remote session is pulled from requires them).
It would also be nice if there were a way to assign the "requires reason" to host folders in addition to credentials so that if an admin were logging in with a credential they had memorized they would still be asked for a reason. That would be a protection aimed at the host as opposed to the credential which I understand is where your focus is at (credentials) but figured we could ask.
Thanks!
-
Good afternoon,
Has anybody found a spot where I can adjust the timeout for SSH sessions like I would in putty? I've been looking around but haven't come across it as of yet. Actually, now that I'm looking I don't see where we can adjust timeout for RDP sessions either. SSH sessions don't seem to timeout and sometimes it feels like RDP sessions timeout too quickly. I'd like to know where I can set these times.
Thanks!
Error in Windows Dependency Account Discovery Scan
in Community Support
Posted
I believe I've resolved this. For anyone else who comes along behind me, the failing servers also failed to update to WMF5.1 somewhere in the past. These were all servers that had in place upgrades performed on them. They all still held on to powershell version 4.0. All working machines were on 5.1 or newer. Updated one of the non-working machines to 5.1 and it started working as expected.
Going to test with a few more machines but this appears to have resolved the issue for me.