Password reset using Password Manager Pro Agents
(Feature available only in Premium and Enterprise Editions. This document is applicable only for Password Manager Pro versions 6303 and earlier. If you are using build 6400 and later, click here.)

Password Manager Pro provides the option to remotely change the password of select resources by deploying Password Manager Pro agents. As of now, this facility is available for changing the password of servers - Windows, Windows Domain and Linux alone. Using this utility, you can change the password of a server present in a remote location, from the Password Manager Pro web interface itself.

The agent could be used in target machines to which the Password Manager Pro server can connect and effect password changes. All password related communication is over HTTPS and is secure. The agent is useful in cases when,

  • the Password Manager Pro server runs in a Linux system and has to make password changes to Windows resources
  • the required administrative credentials are not available in the Password Manager Pro server to make the password changes from remote
  • to change the password of domain accounts without the administrator credentials of the domain controller

1. Downloading the Password Manager Pro Agent

The Password Manager Pro agent package is dynamically created by the Password Manager Pro server to include the SSL certificate of the Password Manager Pro server, that is used for the HTTPS communication between the server and the agent. So, the only place to download the agent is from the 'Admin' tab of the Password Manager Pro web GUI. The agent package is a zip file containing the necessary executables, configuration files and the SSL certificate. Download the agent based on the OS of the target and just unzip the package.

2. Installing the Password Manager Pro Agent in Windows

The package has all the necessary configuration already created by the server. Make sure the account in the system in which the agent is installed has sufficient privileges required to modify passwords.

To install the Password Manager Pro Agent as a Windows service,

  1. Open a command prompt and navigate to the Password Manager Pro agent installation directory.
  2. Execute the command 'AgentInstaller.exe start'.

To install the Password Manager Pro Agent as a Windows service,

  1. Open a command prompt and navigate to the Password Manager Pro agent installation directory.
  2. Execute the command 'AgentInstaller.exe stop'.

To install the Password Manager Pro Agent as a Windows service,

The default port in which the agent listens to the triggers from the server for password reset is 5768. To change this to a different value,

  1. Go to the Password Manager Pro agent installation directory.
  2. Open the file Agent.conf.
  3. Modify the parameter ScheduleInterval. to the value you require.
  4. Restart the agent service.

3. Installing the Password Manager Pro Agent in Linux

The package has all the necessary configuration already created by the server. Make sure the account in the system in which the agent is installed has sufficient privileges required to modify passwords.

To install the agent as service,

Execute the command "sh installAgent-service.sh install" to install the agent as service.

To start the agent,

Execute the command "sh installAgent-service.sh start".

To stop the agent,

Execute the command "sh installAgent-service.sh stop".

To uninstall the agent as service,

Use the command "sh installAgent-service.sh remove", in case you wish to remove Password Manager Pro Agent as service.

Configuring the port

The default port in which the agent listens to the triggers from the server for password reset is 5768. To change this to a different value,

  1. Go to the Password Manager Pro agent installation directory.
  2. Open the file Agent.conf.
  3. Modify the parameter ScheduleInterval to the value you require.
  4. Restart the agent service.

To remotely change the password,

  1. Go to the 'Resources' tab.
  2. Click the name of the resource whose password has to be changed remotely.
  3. Click the "Change Password" icon.

4. Parameters in Agent.conf

Field Name Description

ServerName

Host name in which the Password Manager Pro server is running.

ServerPort

Web server port of Password Manager Pro.

ScheduleInterval

Agent keeps checking the Password Manager Pro server periodically to see if any tasks related to password reset or integrity check are pending. By default, the schedule interval for this activity is set to be 60 seconds. The value (in seconds) is configurable.

userAddScheduleInterval

If any new user accounts get added in the machine where the agent has been deployed, the same can be automatically added to Password Manager Pro server at periodic intervals. By default, the schedule interval for new user accounts addition is set to be 24 hours. The value (in hours) is configurable.

UserName

Name of the user who deployed the agent in the machine.

FIPS

Status whether Password Manager Pro is running in FIPS 140-2 compliant mode.

OSType

Type of operating system in which the agent is deployed.

OrgAgentKey

Unique key for the agent. It is unique for every organization. Password Manager Pro authenticates this key for every request.

certificate.check

Password Manager Pro verifies the SSL certificate if the certificate check is set to "TRUE". However, all the communication will happen over SSL only.

Version

It displays the Password Manager Pro version of the machine in which the agent is deployed.

Troubleshooting Tips

If the password changes do not take effect in the target systems, check

  • if the agent port is reachable from the server through a TCP connection (using telnet).
  • if the account in which the agent is installed has sufficient privileges to make password changes.
Top