SimonRB Posted July 14, 2022 Share Posted July 14, 2022 Hello, I recently installed and configured Passwordstate 9 in our organization, to work as our password vault and also our PAM solution. We're really happy with the option to link privileged credentials to specific hosts. However there's a scenario I can't seem to figure out how to solve. The idea is that for each server two user accounts will be created. ServerOne_01 and ServerOne_02 as an example. These credentials are saved to a password list, and then linked to a set of Remote Session Credentials. User A, B, and C are allowed to use these credentials on ServerOne. User A logs on with the credentials ServerOne_01 User B logs on with the credentials ServerOne_02 Now trouble arrives cause User C would also like to log on to ServerOne. The way things work now, if User C Auto Launches a Remote Session to ServerOne then he takes over the session from either User A or User B. I was wondering if it was possible to lock the credentials while they are in use so that User C is denied access to logon until either User A or User B is done using them. Kind Regards Simon Link to comment Share on other sites More sharing options...
support Posted July 15, 2022 Share Posted July 15, 2022 Hi Simon, Thanks for your post and I think another feature we have called "Check Out" will help with this. This feature give a user exclusive access to a Password Record, and this feature works in conjunction with the Remote Session Launcher. Here is a video of how to use the Checkout feature: https://www.youtube.com/watch?v=xq15Bbdkz1k And below is a screenshot of what the user will see, if they try to do a remote session using a Remote Session Credentials linked to a password record configured for Checkout: If you have any questions about this, please don't hesitate to ask. Regards, Click Studios Support Link to comment Share on other sites More sharing options...
SimonRB Posted July 15, 2022 Author Share Posted July 15, 2022 Hello Support, Thanks for getting back to me. I attempted this check out feature, because I figured that's how it would work. However in my experience the Auto Launch button does not turn grey. Does this have something to do with being system administrator? Link to comment Share on other sites More sharing options...
support Posted July 15, 2022 Share Posted July 15, 2022 Hi Simon, It actually shouldn't have anything to do with being an administrator. Do you have more than one Remote Session Credential linked to your host? This may be a bug and may need fixing, and I'll test this as soon as I can. Regards, Support Link to comment Share on other sites More sharing options...
SimonRB Posted July 15, 2022 Author Share Posted July 15, 2022 I actually managed to get it to work with checkout. Here is a little detail so you can look into if it is working as intended. User A - Security Administrator User B - Security Administrator User C - Regular user with access Host 1 - Windows Host Remote credentials are set with Check Out User A connects to Host 1 with remote credentials. User B can hijack that connection using the same remote credentials. Button is NOT grayed out. User C CAN'T hijack that connecting using the same remote credentials. Button IS grayed out. That leaves me to believe that Security Admins can always hijack sessions, which for my purposes is perfectly fine. My issue was that I never thought to test the check out feature with anything but security admins. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now