Jump to content

Search the Community

Showing results for tags 'resetpassword'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Essentials
    • Announcements
  • Passwordstate 9.x
    • General Support
    • General Hints and Tips
    • Known Issues
    • Installing Passwordstate
    • Feature Requests
    • Feature Requests - Completed
    • 3rd Party Hardware/Software Knowledge Forum
  • Knowledge Base
    • General FAQs
    • Password Resets
    • Remote Session Launcher
    • App Server
    • Passwordstate API
    • Browser Extensions
    • Password Reset Portal
  • Passwordstate 8.x
    • General Support
    • Feature Requests - Completed

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL





Google Plus Account







Found 3 results

  1. I was recently tasked in finding a solution for resetting root passwords for 800+ VMWare ESXi hosts and if Passwordstate would be able to facilitate this. I initially started looking at the built-in Linux scripts which utilises SSH connections, something we have disabled for our ESXi hosts for security. Searching through these forums I found a post where someone used PowerCLI to do the heavy lifting, but I found the post didnt quite give me everything I needed to complete the project. Here is my attempt at demonstrating my solution, in hopes it will help someone out in the future. Password reset and password validation scripts: We need to talk about these custom scripts first, as we need the IDs of the script to fill in the JSON data for scripted host ingest Password reset script: 1. Function Set-ESXiPassword 2. { 3. [CmdletBinding()] 4. param ( 5. [String]$HostName, 6. [String]$UserName, 7. [String]$OldPassword, 8. [String]$NewPassword 9. ) 10. try { 11. $Connection=Connect-VIServer $HostName -User $UserName -Password $OldPassword 12. } 13. catch { 14. switch -wildcard ($error[0].Exception.ToString().ToLower()) 15. { 16. "*incorrect user*" { Write-Output "Incorrect username or password on host '$HostName'"; break} 17. "*" {write-output $error[0].Exception.ToString().ToLower();break} 18. } 19. } 20. try { 21. $change=Set-VMHostAccount -UserAccount $UserName -Password $NewPassword | out-string 22. if ($change -like '*root*'){ 23. Write-Output "Success" } 24. else { 25. Write-Output "Failed" } 26. Disconnect-Viserver * -confirm:$false 27. } 28. catch { 29. switch -wildcard ($error[0].Exception.ToString().ToLower()) 30. { 31. "*not currently connected*" {Write-Output "It wasn't possible to connect to '$HostName'";break} 32. "*weak password*" { Write-Output "Failed to execute script correctly against Host '$HostName' for the account '$UserName'. It appears the new password did not meet the password complexity requirements on the host."; break } 33. "*" {write-output $error[0].Exception.ToString().ToLower();break} 34. #Add other wildcard matches here as required 35. default { Write-Output "Got here" } 36. } 37. } 38. } 39. 40. Set-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -OldPassword '[OldPassword]' -NewPassword '[NewPassword]' This utilises Set-VMHostAccount Powercli command which is baked into an ESXi host and only requires powershell to be open from the Passwordstate webserver to the host (port 443). The success criteria simply looks for the word root in the output, this may be foolish of me, but there isn't much of a result from the command to parse for a successful result If the command fails it should be captured by my catch commands Password verification script: 1. Function Validate-ESXiPassword 2. { 3. [CmdletBinding()] 4. param ( 5. [String]$HostName, 6. [String]$UserName, 7. [String]$CurrentPassword 8. ) 9. $ErrorActionPreference = "Stop" 10. 11. try{ 12. $Connection = Connect-VIServer $HostName -User $UserName -Password $CurrentPassword 13. if ($Connection.isconnected){ 14. Write-Output "Success" } 15. else { 16. Write-Output "Failed" } 17. } 18. 19. catch 20. { 21. switch -wildcard ($error[0].Exception.ToString().ToLower()) 22. { 23. "*incorrect user*" { Write-Output "Incorrect username or password on host '$HostName'"; break 24. Disconnect-VIServer $HostName -Force -Confirm:$false 25. } 26. default { Write-Output "Error is: $($error[0].Exception.message)"} 27. 28. } 29. } 30. } 31. Validate-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -CurrentPassword '[CurrentPassword] Simple script with attempts to connect to a host via powercli, if there is a connection then output success. Host/Password Entry: All of our hosts are domain joined so host discovery was rather straightforward enough by using the built in utility in Passwordstate. Unfortunately there was no easy way to automatically discover host accounts, but since we are only dealing with Root here we can script adding of password entries. You'll need to get your custom script IDs from the ones you created above. This is a one off script and took around one minute to add 800 hosts Here is the script I used to add password entries: Connect-VIServer (your vcenter server) $hostlist = get-vmhost $Creds = Get-Credential $PasswordstateUrl = 'https://passwordstateurl/winapi/passwords' foreach ($hostname in $hostlist) { Write-Host "I am working on host $($Hostname.name)" $jsonData = ' { "PasswordListID":"existingpasswordlistID", "Title":"' + $($hostname.name) + '", "UserName":"root", "password":"existingpassword", "hostname":"' + $($hostname.name) + '", "AccountTypeID": "34", (VMWare) "PasswordResetEnabled": false, "EnablePasswordResetSchedule": true, "ScriptID": "28", "HeartbeatEnabled": true, "ValidationScriptID": "22", } ' Write-Host $jsondata $result = Invoke-Restmethod -Method Post -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -Credential $Creds } Write-Host "Disconnecting vCenter" Disconnect-Viserver * -confirm:$false https://github.com/wgarbutt/Passwordstate
  2. I’m requesting that the Password Reset Portal generate an email to the end-user whose password was reset using the portal. This request is for a feature that is similar to several web services, such as Google and banking sites, which generate an email to the end-user stating that their password was changed (using the password reset portal), and that if they didn’t change their password, to please contact their support department/Helpdesk/etc. In places where account security is a high-concern, this would be extremely helpful for our end-users to become an additional part of our overall security focus, where another person, hacker, or bot attempted to use the portal to reset their password in order to gain (elevated) access to systems.
  3. Hello, I have PasswordState 9 (Free 5 users) and everything runs smooth except 2 features and this topic is for one of them. The dependencies discovery. I try to use the PasswordState powershell script that's called "Discover Windows Account Dependencies" to troubleshoot the reason why when an AD password is reset, it doesn't onto Scheduled Tasks... When I put the list of our servers and precise the identity, the script seems to work but for an unknown reason, some servers just don't return Scheduled Tasks. Even 2 identicals servers (like load-balancing's ones) which are supposed to be smiliars... Just don't behave the same way... For exemple, SRV1 and SRV2 are supposed to have similar configuration. SRV1 returns it Scheduled Tasks and SRV2 returns : "Cannot call a method on a null-valued expression" I am not a developper and this issue just surpass my skills... Does anyone have any idea about how to troubleshoot this ? Ever encountered this ? Or anything that could help us to get a relation AD Account <-> Scheduled Tasks (per Host) Really appreciate any help, thanks !
  • Create New...