GuidoPinamonti Posted April 26, 2018 Posted April 26, 2018 Can passwordstate's password reset be used as a Microsoft LAP replacement? Can the Windows local admin password be unique and randomized across the domain and be changed on a regular basis? If so, how can you view the password for a given host? Can this be extended to non-domain joined windows servers and Linux servers? What about servers in Azure?
Buckit Posted April 26, 2018 Posted April 26, 2018 The things you're asking are the actual point of the product PasswordState :) Yes every Windows-box can have its own, unique password. PasswordState can discover AD-connected hosts for you. On these AD-connected hosts, PasswordState can login and discover admin accounts for you. Upon discovery, each account can be given a unique password. The password for each account can be retrieved from the relevant user account object in PasswordState. Yes you can also manage the admin/root accounts on non-AD connected hosts, however you will not be able to use the discovery tools. You'll have to either add them manually or by using a script through the API. Not sure about Azure. :) I doubt that you want Powershell Remoting open on a box in the cloud. Perhaps someone else can weigh in on this topic.
support Posted April 26, 2018 Posted April 26, 2018 Quote Yes every Windows-box can have its own, unique password. But not on Linux boxes Buckit Okay, I'll leave that one alone now Hi Guido, Buckit is absolutely correct. We have a 'Windows Local Admin Accounts; Discovery Job, which can be found under the Tools menu. There are a few prerequisites to using this feature, which are: You must have added a domain Privileged Account Credential which has permissions to do PowerShell Remoting into your Hosts - you can add these in the Administration area The following document also shows some requirements for this feature i.e. how to enable PowerShell Remoting on all Hosts if not already enabled - https://www.clickstudios.com.au/downloads/version8/Password_Discovery_Reset_and_Validation_Requirements.pdf You must add in all your Host records into Passwordstate - this can be done in the top Hosts tab. There's also a Discovery Job there for them also You must have a Password List created, with the 'Enable Password Resets' option selected, so the Discovery Job can add the accounts into And then you can create the account Discovery Job We hope this helps. Regards Click Studios
Buckit Posted April 26, 2018 Posted April 26, 2018 57 minutes ago, support said: Quote Yes every Windows-box can have its own, unique password. But not on Linux boxes Buckit Okay, I'll leave that one alone now Hey now! I wasn't going on about Linux boxen thankyouverymuch, they were IoT-devices! My Linux boxen are just fine and dandy Sure, the IoT-devices also run Linux, but they're Special Little Snowflakes (tm). support 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now