Zul Posted October 26, 2018 Posted October 26, 2018 I'm trying to configure passwordstate to manage the local admin accounts on all workstations on our campus and have a couple of questions. Workstations are all Windows 10 desktops (Education Edition) with psremoting configured via gp. Current setup: Host Discovery job pointing to workstation OU. (working great) Account discovery jobs based on tag (mostly working): Any built in way to wakeonlan before this runs? Can the job look for multiple Local administrator groups? (Administrators, MainLab Admins, MusicLab Admins) Or do I need to create separate jobs for each Admin group? Can passwordstate bulk reset all accounts in a password list to a specific password? (We used to manage this via group policy, but that's not possible anymore) I tried modifying the reset script, but didn't see an easy way to replace $NewPassword with a static password. Beside that seemed a bit hacky. Is there a way to set: if the heartbeat fails set password to what is in password state? I feel like I'm trying to make passwordstate enable us to be bad about security, but gotta play the hand we are dealt. Thanks in advance.
support Posted October 26, 2018 Posted October 26, 2018 Hi Zul, Thanks for your enquiry, and I've provided a few answers below. If you have any other questions, please let us know. 2 hours ago, Zul said: Any built in way to wakeonlan before this runs? Unfortunately not. You would need to clone our script as on of your own and try and modify it for Wake on LAN. This can be done on the screen Administration -> PowerShell scripts. Then each of your records will need to me changed to use this script, and then you could use the 'Bulk Update Password reset' feature on each of your Lists. If a machine is turned off when a scheduled reset is to occur, it will fail and reschedule the following day at the same time. 2 hours ago, Zul said: Can the job look for multiple Local administrator groups? No sorry it cannot. We've only really ever come across customers using one 'Administrators' security group, so you would need to create separate jobs for this. 2 hours ago, Zul said: Can passwordstate bulk reset all accounts in a password list to a specific password? As this is not best practice, we do not have a feature in the UI for this. If it's something you really want, you could write your own PowerShell script to update records via our API i.e. retrieve all records in a Password List, and then update the password value of each to be the same. 2 hours ago, Zul said: I tried modifying the reset script, but didn't see an easy way to replace $NewPassword with a static password Again, we would recommend just writing your own API script for this, and scheduling it. Modifying the script like you mentioned is not a good idea, as you've also suggested. 2 hours ago, Zul said: Is there a way to set: if the heartbeat fails set password to what is in password state? No sorry, but the next scheduled or manual reset should correct it. Regards Click Studios
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now