Installing the Password Manager Pro Agent
(Feature available only in Premium and Enterprise editions, steps applicable only for build 10301 and earlier)

For steps to install the agent for versions 10302 and later, click here.


  1. Overview
  2. Communication between the PMP server and the PMP agent
  3. Installing the PMP agent

    3.1 Prerequisite

    3.2 Steps to download PMP agent

    3.3 PMP agent for Windows/Windows Domain

    3.4 PMP agent for Linux

    3.5 Configuring Agent Settings

  4. Discovering local accounts using the PMP agent
  5. Finding tasks awaiting execution by the PMP agent

1. Overview

Deploying the Password Manager Pro (PMP) agent allows you to establish connections with remote resources that are not connected to the PMP server, and manage them from PMP. The PMP agent is available for Windows, Windows domain, and Linux servers. The agent package, available for download in the PMP web interface, contains the necessary executable/configuration files and an SSL certificate used for the HTTPS communication between the agent and the PMP web server. Once deployed in the target machines, the agents will communicate with Password Manager Pro and effect password changes. By using this option, you can change the password of a remote resource directly from the Password Manager Pro web interface.

The PMP agent is useful in the following cases:
  • When the PMP server runs in a Linux system, and password reset has to be carried out for a Windows machine.
  • If the target systems are in a Demilitarized Zone(DMZ) or a different network to which PMP server does not have direct connectivity.
  • If the required administrative credentials are not stored locally in the PMP server to execute remote password resets.
  • To change the password of domain accounts without the domain controller's admin credentials.

2. Communication between the PMP Server and the PMP Agent

All password-related communication between the PMP server and the agent is carried out securely over HTTPS. Since the agent always initiates the connection, the communication is one-way. The agent residing in the target machines only needs access to the PMP web interface, thereby only the PMP web server needs to be available for the agent. Since the agent uses the outbound traffic to reach the login page of PMP, there is no need to punch firewall holes or create VPN paths to allow inbound traffic for the server to reach all the deployed agents.

The agent will periodically ping the PMP web server through HTTPS to check if any operation is pending for execution. By default, the agent pings the server once every 60 seconds but the interval can be changed according to requirements. Once the agent contacts the PMP web server, the server will trigger the list of tasks to be carried out by the agent in the remote resource. Once the tasks have been executed, the agent will notify the results to the PMP web server.

Note: Since the tasks are triggered by the web server only upon contact from the agent, the time taken for successful task execution will depend on how quickly the agent can connect with the PMP web server.

3. Installing the PMP Agent

3.1 Prerequisite

Before installing the agent, ensure that the account that you use to install the agent in the remote host has sufficient privileges to carry out password modifications.

The PMP agent package is dynamically created by the PMP server to include the corresponding SSL certificate to use for the HTTPS communication between the agent and the PMP web server.

3.2 Steps to Download PMP Agent

  1. Navigate to Admin >> PMP Agents.
  2. You will see the agent packages for both 32-bit and 64-bit versions of the following operating systems:
    • Windows
    • Windows Domain
    • Linux
  3. Click the required agent package. A .zip file with all the necessary executables will be downloaded.

3.3 PMP Agent for Windows/Windows Domain

The following are the commands to be executed in the target system for the Windows agent and the Windows Domain agent.

  1. Start
  2. Stop

Notes:

  1. You need administrative privileges in the target system to execute the above commands.
  2. Despite having similar installation steps, the agents for Windows and Windows Domain are not interchangeable, i.e., do not install the Windows agent in a Domain Controller machine and vice versa. The reason is as follows:
    • Once the Windows agent is installed in a machine, it will discover and list all local accounts available in that machine so that password reset can be done for those accounts.
    • Whereas, Windows Domain agent is meant for a domain controller machine and it will not discover any accounts from the machine in which it is installed.

i. To Install and Start the Agent as a Windows Service

  1. Open a command prompt and navigate to the PMP agent installation directory.
  2. Execute the command AgentInstaller.exe start.

ii. To Stop the Agent and Uninstall the Windows Service

  1. Open a command prompt and navigate to the PMP agent installation directory.
  2. Execute the command AgentInstaller.exe stop.

3.4 PMP Agent for Linux

The following are the commands to be executed in the target system for the Linux agent.

  1. Install
  2. Start
  3. Stop
  4. Remove

Note: You need administrative privileges in the target system to execute the above commands.


i. To Install the Agent as a Linux Service

  1. Open a command prompt and go to the PMP agent installation directory.
  2. Execute the command sh installAgent-service.sh install.

ii. To Start the Agent as a Linux Service

  1. Open a command prompt and go to the PMP agent installation directory.
  2. Execute the command sh installAgent-service.sh start.

iii. To Stop the Agent as a Linux Service

    1. Open a command prompt and go to the PMP agent installation directory.
    2. Execute the command sh installAgent-service.sh stop.

iv. To Uninstall the Agent as a Linux Service

  1. Open a command prompt and go to the PMP agent installation directory.
  2. Execute the command sh installAgent-service.sh remove.

3.5 Configuring Agent Settings

Open the agent.conf file available in the downloaded agent package. The following are the parameters listed in the .conf file:

  • ServerName: This is the server/IP Address which the PMP agent will try to reach to contact the PMP server.
  • ServerPort: This indicates the port in which the PMP server is running. If you have changed the default port of PMP to any other port such as 443, the same port number must be updated here.
  • ScheduleInterval: By default, the agent pings the server once in every 60 seconds. To configure the time interval at which the agent should ping the PMP web server, modify the time interval value in seconds.
  • UserName:This is the admin user account under which the agent server will be added as a resource.

Once any of the above parameters are modified, restart the agent service.

4. Discovering Local Accounts using the PMP Agent

When the agent is started for the first time on the target machine, it will automatically add the machine as a resource in PMP and discover the local accounts. After the discovery, you can reset the passwords of the local accounts. To learn more about resetting passwords using the PMP agent, click here.

5. Finding Tasks Awaiting Execution by the PMP Agent

Follow the below steps to find the tasks have been triggered by the user but awaiting execution by the PMP agent.

  1. Click the bell icon on the top panel of the interface for viewing Notifications.
  2. Under Agent Alerts, you will find the different statuses of the agent:
    • The number of password reset and password verify actions triggered.
    • Status of password reset actions triggered earlier.
    • Status of password verify actions triggered earlier.
  3. The notifications are user-specific i.e., users will be notified of only those tasks that they have triggered.

©2014, ZOHO Corp. All Rights Reserved.

Top