Jump to content

Recommended Posts

Posted

Can passwordstate's password reset be used as a Microsoft LAP replacement? Can the Windows local admin password be unique and randomized across the domain and be changed on a regular basis? If so, how can you view the password for a given host? Can this be extended to non-domain joined windows servers and Linux servers? What about servers in Azure?

Posted

The things you're asking are the actual point of the product PasswordState :)

 

  • Yes every Windows-box can have its own, unique password.
  • PasswordState can discover AD-connected hosts for you.
  • On these AD-connected hosts, PasswordState can login and discover admin accounts for you.
  • Upon discovery, each account can be given a unique password.
  • The password for each account can be retrieved from the relevant user account object in PasswordState.
  • Yes you can also manage the admin/root accounts on non-AD connected hosts, however you will not be able to use the discovery tools. You'll have to either add them manually or by using a script through the API.

Not sure about Azure. :) I doubt that you want Powershell Remoting open on a box in the cloud. Perhaps someone else can weigh in on this topic.

Posted
Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hi Guido, Buckit is absolutely correct. We have a 'Windows Local Admin Accounts; Discovery Job, which can be found under the Tools menu. There are a few prerequisites to using this feature, which are:

  • You must have added a domain Privileged Account Credential which has permissions to do PowerShell Remoting into your Hosts - you can add these in the Administration area
  • The following document also shows some requirements for this feature i.e. how to enable PowerShell Remoting on all Hosts if not already enabled - https://www.clickstudios.com.au/downloads/version8/Password_Discovery_Reset_and_Validation_Requirements.pdf
  • You must add in all your Host records into Passwordstate - this can be done in the top Hosts tab. There's also a Discovery Job there for them also
  • You must have a Password List created, with the 'Enable Password Resets' option selected, so the Discovery Job can add the accounts into
  • And then you can create the account Discovery Job

We hope this helps.

Regards

Click Studios

 

Posted
57 minutes ago, support said:
Quote

Yes every Windows-box can have its own, unique password.

 

But not on Linux boxes Buckit :) Okay, I'll leave that one alone now :)

 

Hey now! I wasn't going on about Linux boxen thankyouverymuch, they were IoT-devices! My Linux boxen are just fine and dandy ;)

 

Sure, the IoT-devices also run Linux, but they're Special Little Snowflakes (tm).

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...