Password Manager Pro - FAQ

Contents

Web Interface, Authentication

1. Why are my users not notified of their PMP accounts?  

Users are notified of their PMP accounts only through email. If they do not get the notification email, check

 

 

2. What are the authentication schemes available in PMP?

You can use one of the following three mechanisms:

 

 
 
 

3. What are the user roles available in PMP? What are their access levels?  

PMP comes with four pre-defined roles.

 

  1. Administrators

  2. Password Administrators

  3. Password Users

  4. Password Auditors

 

Any administrator can be made as "Super Administrator" with the privilege to view and manage all resources. Refer help documentation for details on access levels.
 


4. What if I forget my PMP login password?

If you were already given a valid PMP account, you can use the 'Forgot Password?' link available in the login page to reset the password. The user name/e-mail id pair supplied should match the one already configured for the user and in that case, the password will be reset for that user and the new password will be emailed to that email id.

 


5. Why does Internet Explorer 7 (and other browsers) complain while accessing PMP console?

The PMP web console always uses HTTPS to communicate with the PMP server. The PMP server comes with a default self-signed SSL certificate, which the standard web browsers will not recognize and issue a warning. Particularly IE 7's warning message appears serious. Ignoring this warning still guarantees encrypted communication between the PMP console and the server but if you want your users to be particularly sure that they are connecting only to the PMP server, you will need to install a SSL certificate that you have bought from a certificate authority, that is recognised by all standard web browsers.
 


6. Can I change the default port 7272 occupied by PMP?

Yes, you can change the default port as explained below:
 

 

Security

1. How secure are my passwords in PMP?

Ensuring the secure storage of passwords and offering high defence against intrusion are the mandatory requirements of PMP. The following measures ensure the high level security for the passwords:

 

 

For detailed information, refer to Product Security Specifications document.

 


2. Can we install our own SSL certificate? How?

Refer to the FAQ section in website.

 


3. How secure are the A-to-A, A-to-DB password management done through Password Management APIs?

The web API exposed by PMP forms the basis for Application-to-Application/Database Password Management in PMP. The applications connect and interact with PMP through HTTPS. The application's identity is verified by forcing it to issue a valid SSL certificate, matching the details already provided to PMP corresponding to that application.

 

password reset

1. Can I also change resource passwords from the PMP console?

Yes, of course. PMP can change the passwords currently for Windows, Windows domain and Linux systems. Capability to change passwords of other types of resources like databases, routers, switches etc will be gradually added. PMP supports both agent-based and agent-less modes of changing passwords.

 


2. When to use the agent and agent-less modes for password reset?

Let us first look at the requisites for both the modes:

The agent mode
requires the agent to be installed as a service and run with administrative privileges to perform password changes. The communication between the PMP server and agent takes place through TCP for normal information and HTTPS for password transfer and hence communication paths must exist (ports to be kept open) between the server and agent.

For the agentless mode
, you must supply administrative credentials to perform the password changes. For Linux you must specify two accounts, one with root privileges and one with normal user privileges that can be used to login from remote. Telnet or SSH service must be running on the resources. For Windows domain, you must supply the domain administrator credentials. For Windows and Windows domain, PMP uses remote calls and relevant ports must be open on the resource.

Based on this you can choose which mode you want for your environment, indicated by the following tips:

Choose agent mode when,

 

 

Choose agentless mode in all other cases as it is a more convenient and reliable way of doing password changes.
 


3. Can I enable agentless password reset if I add my own resource type for other distributions of Linux / other versions of Windows?

Yes, you can. As long as your resource type label contains the string 'Linux' or 'Windows', you can still configure agentless password reset for those resources.

Example of valid resource type labels to enable password reset:

 

Debian Linux, Linux - Cent OS, SuSE Linux, Windows XP Workstation, Windows 2003 Server 
 


4. Is there a way to do remote password reset for resource types other than the ones for which remote reset is supported now?

Yes, you can make use of Password Reset Listeners, which enable invoking a custom script or executable as a follow-up action to Password Reset action in PMP. Refer to Password Reset Listener for more details.

 


5. How to troubleshoot when password reset does not happen?

In the agent mode,

 

 

In the agentless mode,

 

 


6. Windows domain password reset fails with the error message: "The authentication mechanism is unknown"

This happens when PMP is run as a Windows service and the 'Log on as" property of the service is set to the local system account. Change it to any domain user account to be able to reset domain passwords. Follow the instructions below to effect that setting:

 

 


7. What are the prerequisites for enabling Windows Service Account Reset?

Before enabling windows service account reset, ensure if the following services are enabled in the servers where the dependent services are running:

 

 


8. Does domain SSO work across firewalls / VPNs?

The domain Single Sign On (windows integrated authentication) is achieved in the Windows environment by setting non-standard parameters in the HTTP header, which are usually stripped off by devices like firewalls / VPNs. PMP is designed for use within the network. So, if you have users connecting from outside the network, you cannot have SSO this enabled.

Backup & Disaster Recovery

1. Can I setup disaster recovery for the PMP database?

Yes, you can. PMP can periodically backup the entire contents of the database, which can be configured through the PMP console. Refer help documentation for more details.

 


2. Where does the backup data get stored? Is it encrypted?

All sensitive data in the backup file are stored in encrypted form in a .zip file under  <PMP_Install_Directory/backUp> directory. It is recommended that you backup this file in your secure, secondary storage for disaster recovery.

 


General

1. Do I need any prerequisite software to be installed before using PMP?

There is no prerequisite software installation required to use PMP.
 


2. Can others see the resources added by me?

Except super administrators (if configured in your PMP set up), no one, including admin users will be able to see the resources added by you. Apart from this, decide to share your resources with other administrators, they will be able to see tham.
 


3. Can I add my own attributes to PMP resources?

Yes, you can extend the attributes of the PMP resource and user account to include details that are specific to your needs. Refer the help documentation for more details.


4. What if a user who has not shared his sensitive passwords, leaves the enterprise?

This can very well happen in any enterprise, but with PMP you need not worry about passwords getting orphaned. Administrators can 'transfer' resources owned by users to other administrator users and in the process they have no access to those resources themselves, unless they do the transfer to their name. Refer the help documentation for more details.
 


5. Can I run custom queries to generate results for integration with other reporting systems?

Yes, you can. Please contact us at support@passwordmanagerpro.com with your specific request and we will help you with the relevant SQL query to generate XML output.
 


6. Can I rebrand PMP with our logo?

Yes. If you want to replace the PMP logo appearing on the login screen and on the web-interface with that of yours, you can do so from the web-interface itself. It is preferable to have your logo of the size 210 * 50 pixels.

 

To rebrand the logo,

 


7. Does PMP record Password viewing attempts and retrievals by users?

Yes, PMP records all operations performed by the user including the password viewing and copying operations. From audit trails, you can get a comprehensive list of all the actions and attempts by the users with password retrieval. The list of operations that are audited (with the timestamp and the IP address) includes:
 

 


8. Does PMP provide high availability support?

Yes, refer to High Availability section in the Help Documentation for more details

Licensing

1. What is the Licensing Policy for PMP?

There are three license types:
 

Features Matrix


2. Can I buy a permanent license for PMP? What are the options available?

Though PMP follows an annual subscription model for pricing, we also provide perpetual licensing option. The perpetual license will cost three times the annual subscription price, with 20% AMS from the second year. Contact sales@manageengine.com and support@passwordmanagerpro.com for more details.
 


3. Can PMP support more than 100 administrators?

Yes, very much. If you want a license with more than 100 administrator users, please contact sales@manageengine.com and support@passwordmanagerpro.com for more details.
 


4. Can I extend my evaluation to include more administrator users or for more number of days?

Yes. Fill in the required details in the website and we will send you the license keys.

 


5. Do I have to reinstall PMP when moving to the Standard/Premium Edition?

No. You need not have to reinstall or shut down the server. You just need to enter the new license file in the "License" link present in the top right corner of the PMP web interface.

 

FAQ Section in our website is updated frequently. Refer to that for more information.

 


© 2014, ZOHO Corp. All Rights Reserved.