Discovery of IIS Web.Config and Password Reset

Steps Required

  1. Add Domain Controller as a Resource
  2.  Add Domain Admin Account
  3. Add Domain Member Servers as New Resources and Create Resource Group
  4. Configure Remote Password Reset for IIS Web.config Files
  5. Associate Resource Groups for IIS Web.config File
  6. Verify Supported IIS Websites
  7. Change Password
  8. Additional Steps to Schedule Periodic Password Resets for IIS Websites

1. Add Domain Controller as a Resource

  1. Navigate to Resources tab.
  2. Click on Add Resource button, and select Add Manually from the dropdown.
  3. In the pop-up form that opens, add the Domain Controller - PAM360 Machine, as a new resource with Resource Type as Windows Domain.
  4. Supply the NETBIOS name - PAM360DC, in upper case in the Domain Name field.
  5. Fill in the other details such as DNS.
  6. Click Save & Proceed.

2. Add Domain Admin Account and IIS Websites

  1. Navigate to Resources tab.
  2. Click the Resource Actions icon against the newly added resource and select Add Accounts from the drop down list.
    3.
  3. In the pop-up form that opens, add the domain administrator account (John Newton)  and click Add.
  4. Then, continue to add the accounts in the same way. When you are done, click Save

3. Add Domain Member Servers as New Resources and Create Resource Group

  1. Continue adding the other member servers of the domain - Win1, Win2, Win3, and Win4 as new resources in the same way as explained above.
  2. Navigate to Resources tab.
  3. Click Add Resources button and add the member servers along with their respective local accounts.
  4. Now, go to Groups tab and click on Add group button and select Dynamic Group from the drop down.
  5. In the pop-up form that opens, name the group and choose Match any of the following
  6. Click Save.

4. Configure Remote Password Reset for IIS Web.config Files

Instead of manual addition explained in Step 3, you can also discover the required resources and groups in your domain by following the steps given below:

  1. Navigate to Resources tab.
  2. Click the Resource Actions icon against the WindowsDomain PAM360 Machine resource and select Configure password reset from the drop down.
  3. In the pop-up form that appears, select the Domain Admin (John Newton) account as the Administrator Account.
  4. Click Save.

5. Associate Resource Groups for IIS Web.Config Files

  1. Click on the WindowsDomain PAM360 Machine resource name.
  2. In the UI that opens, click the Account Actions icon against the app pool account (John Newton in this case) and then select Edit account from the drop down.


  3. In the pop-up form that appears, associate resource groups for this service account by moving it to the other box.
  4. Click Save.


6. Verify Supported IIS Websites

  1. Click the WindowsDomain PAM360 Machine resource name.
  2. Select the IIS website John Newton and click the IIS web.config button.
  3. In the pop-up form that appears, click Fetch under Supported IIS websites.
  4. PAM360 will scan and list all the websites that are run in the servers of IIS websites in which the service account is used in the connection string of the web.conf files. After reviewing the list, hit Ok.


7. Change Password

  1. Click on the WindowsDomain PAM360 Machine resource name.
  2. Click the Account Actions icon against John newton and then select Change Password from the drop down.
  3. In the pop-up form that appears, either provide or generate a new password. Make sure to enable Apply password changes to the remote resource.
  4. Click Save. PAM360 will immediately reset the password in the domain first and then, automatically update the new password across all servers where John Newton is used to run IIS websites.

8. Additional Steps to Schedule Periodic Password Resets for IIS Websites

The aforementioned steps are adequate to carry out password resets for app pool accounts anytime on demand. If you would like to configure automatic password resets on a periodic basis, execute the additional steps given below:

To configure periodic password reset for IIS websites,

  1. A resource group has to be first created.
  2. Click the Actions icon against the resource group and select Periodic Password Reset from the drop down.
  3. A pop-up form will open with a four step process through which required schedule can be created.
Top