Password Reset using Password Manager Pro Agents

(Feature available only in Premium and Enterprise editions)

Password Manager Pro provides the option to reset the password of desired resources by deploying Password Manager Pro agents for Windows, Windows domain and Linux servers. The agents, once deployed in the target machines, will communicate with Password Manager Pro and effect password changes. By using this option, you can change the password of a resource present in a remote location directly from the Password Manager Pro web interface itself.

The agents are used for the following cases:
  • When Password Manager Pro server runs in a Linux system and password reset has to be carried out for a Windows machine.
  • If the required administrative credentials are not stored locally in Password Manager Pro server to execute password resets remotely.
  • To change the password of domain accounts without the administrative credentials of the domain controller.

Communication between PMP server and agent

All password related communication between the Password Manager Pro server and agent is over HTTPS and is secure. Moreover, the communication is always one way, i.e. the agent always initiates the connection. Therefore, only the server needs to be available for the agents, eliminating the need to punch firewall holes or creating VPN paths for the server to reach all agents.

The agent will periodically ping the Password Manager Pro server through HTTPS to check if any operation is pending for execution. By default, the agent pings the server once every 60 seconds but the interval is configurable. Once the agent contacts the PMP server, the server will trigger the list of tasks to be carried out by the agent in the remote resource. The agent will then carry out the tasks and after completing them, it will notify back the Password Manager Pro server with the results.

Note: Since the tasks are triggered by the server only upon contact from the agent, the time taken for successful task execution will depend on how quickly the agent is able to connect with the server.

To download Password Manager Pro agents

The PMP agent package is dynamically created by the PMP server to include the SSL certificate of the PMP server, which is used for the HTTPS communication between the agent and the server. To download the PMP agent,

  • Navigate to Admin >> PMP Agents.
  • You can download the agent package based on the operating system (OS) of the target machine, i.e. Windows, Windows Domain, or Linux.
  • The agent package is a zip file containing the necessary executables, configuration files and the SSL certificate, which you can simply unzip after the download.

Steps to install Password Manager Pro agents

By default, the package contains all necessary configuration as set up earlier in the server. Before installation, make sure that the account that you use to install the agent in the remote host has sufficient privileges for password modification. As of now, Password Manager Pro agents are available for Windows, Windows domain and Linux alone.

1.To install Password Manager Pro agent in Windows
  • To install agent as a Windows service
    • Open a command prompt and navigate to the Password Manager Pro Agent installation directory.
    • Execute the command 'AgentInstaller.exe start'.
  • To stop the agent and uninstall the Windows service
    • Open a command prompt and navigate to the Password Manager Pro Agent installation directory.
    • Execute the command 'AgentInstaller.exe stop'.
  • To configure the time interval at which the agent should ping the Password Manager Pro server

    By default, the agent pings the server once in 60 seconds. The interval is configurable. To change this,

    • Navigate to the PMP agent installation directory and open the file <Agent.conf>.
    • Modify the time interval value in seconds for the parameter ScheduleInterval to the value you require (in seconds).
    • Restart the agent service.
2.To install Password Manager Pro agent in Linux
  • To install and start the agent as service
    • Open a command prompt and navigate to Password Manager Pro installation directory.
    • Execute the command 'sh installAgent-service.sh install' to install the agent as service.
    • Execute the command 'sh installAgent-service.sh start' to start the agent as service.
  • To stop and uninstall the agent as service
    • Open a command prompt and navigate to Password Manager Pro installation directory.
    • Execute the command 'sh installAgent-service.sh stop' to stop the agent as service.
    • Execute the command 'sh installAgent-service.sh remove', to uninstall and remove the agent as service.
  • To configure the time interval at which the agent should ping the Password Manager Pro server

    By default, the agent pings the server once in 60 seconds. The interval is configurable. To change this,

    • Navigate to Password Manager Pro agent installation directory and open the file <Agent.conf>.
    • Modify the time interval value in seconds for the parameter ScheduleInterval to the value you require (in seconds).
    • Restart the agent service.

To remotely change the password

  • Navigate to Resources tab --> Passwords.
  • Select the desired account of the resource for which password has to be changed remotely. Click the Account Actions icon and select "Change Password" from the drop down list.
  • In the Change Password dialog box that opens, enter the new password and click "Save".

To find if any tasks awaiting execution by the agents

The remote password reset and other tasks that have already been triggered by the user in Password Manager Pro but are still awaiting execution by the agents, can be found by clicking on the "notification icon" located in the top panel of the GUI. You can also review the status of The status of the previously triggered tasks can also be known from here.

  • Navigate to Resources tab.
  • Click on the "Notification icon" present in the top pane of the GUI.
  • The notification icon will provide the following information,
    • Number of password reset actions and verify actions triggered.
    • Status of password reset actions triggered earlier.
    • Status of password verify actions triggered earlier.
  • This listing is user specific - users will be notified of only those tasks that have been triggered by them.

Troubleshooting

If the password changes do not take effect in the target systems, you need to check the following,

  • Check if the account in which the agent is installed has sufficient privileges to make password changes.
  • By default, the agent tries to communicate with the Password Manager Pro server through the port 7272. If you have changed the default port for PMP to another number instead of 7272, the agent should also be configured to communicate with the server through the same port.

©2014, ZOHO Corp. All Rights Reserved.

Top