Expire password through API

[sysadmin-z]

Hi,

 

I was wondering if it is possible to expire a password through the API. I am able to update a password using the API, but that requires me to generate a password and then update it. I would like to update using the selected password generator and privileged account that is required for resetting the password. Would it be possible to expire it by updating the ExpiryDate? If so, how quickly would a reset happen?

 

Thanks.

[support]

Hello,

 

Yes, you can do something like this, as per the example below in PowerShell. Are you also aware of the GeneratePassword option when updating passwords via the UI as well? This will generate a new password for you, based on the selected Password Generator assigned to the Password List, and then you wouldn't need to change the Expiry Date or Schedule as per below?

 

With this example below, or if you used the GenerarePassword option, the reset would be picked up within the next minutes and processed.

 

$NewExpiryDate = (get-date).AddDays(-1).ToString("yyyy-MM-dd")
$NewSchedule = (get-date).AddMinutes(1).ToString("hh:mm")

$jsonData = '
{
"PasswordID":"57783",
"ExpiryDate":"' + $NewExpiryDate + '",
"PasswordResetSchedule":"' + $NewSchedule + '"
}
'

$PasswordstateUrl = 'https://myurl/api/passwords'
$result = Invoke-Restmethod -Method Put -Uri $PasswordstateUrl -ContentType "application/json" -Body $jsonData -UseDefaultCredentials
Write-Output $result

Regards

Click Studios

[Steve D]

Sorry for dragging up this old post.

Can this process be used in a replacement for LAPS?

Scenario:
Workstation Local Administrator Account: localadmin

Technician retrieves the localadmin password.

 

I am monitoring the PasswordState event log, so at this point I call the above API URL but with modifications to set the expiration, let's say 30 minutes in the future.  This would give the technician a 30 minute window of access.

 

The question:

When the password expires in PasswordState, would PasswordState use it's own internal PowerShell scripts to reset the localadmin password on the workstation?

 

(I can make a new post if prefered)

[support]

Hi Steve,

 

Sorry we missed this post.

 

When you trigger a password reset via our API, it does use our own reset scripts to perform the reset.  It sounds like what you want to do though is give a user access to a password for a specific amount of time, and this can be achieved through the User Interface, which would be much easier.

 

This could either be achieved through requesting access to a password, and the approver can set how long the access lasts for.  Or you could use the Check IN? Check Out feature, which will give the user exclusive access to the password for a set amount of time, and can automatically change the password when they are finished with it.

 

Regards,

Support

[PeterJ]

can I suggest that you change the line:

$NewSchedule = (get-date).AddMinutes(1).ToString("hh:mm")

to

$NewSchedule = (get-date).AddMinutes(1).ToString("HH:mm")

 

Regards

Peter