Password Reset using Password Manager Pro Agents

(Feature available only in Premium and Enterprise editions)

Password Manager Pro provides the option to reset the password of desired resources by deploying agents for Windows, Windows domain, and Linux servers. The agent package is a zip file containing the necessary executables, configuration files, and the SSL certificate, which you can simply unzip after the download. Once deployed in the target machines, the agents will communicate with Password Manager Pro and effect password changes. By using this option, you can change the password of a remote resource directly from the Password Manager Pro web interface.

The agents are used for the following cases:
  • When Password Manager Pro server runs in a Linux system and password reset has to be carried out for a Windows machine.
  • If the target systems are residing in a Demilitarized Zone(DMZ) or on a different network to which Password Manager Pro server does not have direct connectivity.
  • If the required administrative credentials are not stored locally in Password Manager Pro server to execute password resets remotely.
  • To change the password of domain accounts without the administrative credentials of the domain controller.

Communication between PMP server and PMP agent

All password-related communication between the Password Manager Pro server and agent is carried out securely over HTTPS. Since the agent always initiates the connection, the communication is one-way. The agents residing in the target machines only need access to the Password Manager Pro webpage, thereby only the PMP web server needs to be available for the agents. This eliminates the need to punch firewall holes or creating VPN paths to allow inbound traffic for the server to reach all agents, as the agents use outbound traffic to reach the login page of Password Manager Pro.

The agent will periodically ping the Password Manager Pro web server through HTTPS to check if any operation is pending for execution. By default, the agent pings the server once every 60 seconds but the interval is customizable. Once the agent contacts the PMP web server, the server will trigger the list of tasks to be carried out by the agent in the remote resource. Once the tasks have been executed, the agent will notify the results to the Password Manager Pro web server.

Note: Since the tasks are triggered by the web server only upon contact from the agent, the time taken for successful task execution will depend on how quickly the agent can connect with the Password Manager Pro web server.

Downloading Password Manager Pro agents

The PMP agent package is dynamically created by the PMP server to include the corresponding SSL certificate to use for the HTTPS communication between the agent and the PMP Web server.

  • Navigate to Admin >> PMP Agents.
  • You can download the agent package based on the operating system (OS) of the target machine, i.e., Windows, Windows Domain, or Linux.

Steps to install Password Manager Pro agents

By default, the package contains all necessary configuration as set up earlier in the server. Before installation, make sure that the account that you use to install the agent in the remote host has sufficient privileges for password modification. As of now, Password Manager Pro agents are available for Windows, Windows domain, and Linux alone.

Installing Password Manager Pro Agent in Windows
  • To install the agent as a Windows service
    • Open a command prompt and navigate to the Password Manager Pro Agent installation directory.
    • Execute the command 'AgentInstaller.exe start'.
  • To stop the agent and uninstall the Windows service
    • Open a command prompt and navigate to the Password Manager Pro Agent installation directory.
    • Execute the command 'AgentInstaller.exe stop'.
Agent settings for Windows

Unzip the downloaded agent package and open the agent.conf file. The following are settings that can be customized to suit your needs.

  • ServerName: This is the server/IP Address which the PMP Agent will try to reach to contact the PMP Server.
  • ServerPort: This indicates the port in which the PMP Server is running. If you have changed the default port of PMP to any other port such as 443, the same port number must be updated here.
  • ScheduleInterval: By default, the agent pings the server once in 60 seconds. To configure the time interval at which the agent should ping the Password Manager Pro web server, modify the time interval value in seconds for the parameter ScheduleInterval to the value you require.
  • UserName: This is the admin user under whom the agent server will be added as a resource.

Once any of the above parameters are modified, restart the agent service.

Installing Password Manager Pro agent in Linux
  • To install and start the agent as a Linux service
    • Open a command prompt and navigate to Password Manager Pro installation directory.
    • Execute the command 'sh installAgent-service.sh install' to install the agent as service.
    • Execute the command 'sh installAgent-service.sh start' to start the agent as service.
  • To stop and uninstall the agent as a Linux service
    • Open a command prompt and navigate to Password Manager Pro installation directory.
    • Execute the command 'sh installAgent-service.sh stop' to stop the agent as service.
    • Execute the command 'sh installAgent-service.sh remove', to uninstall and remove the agent as service.
Agent settings for Linux

The following are parameters in the agent.conf file that can be customized to suit your needs.

  • ServerName: This is the server/IP Address which the PMP Agent will try to reach to contact the PMP Server.
  • ServerPort: This indicates the port in which the PMP Server is running. If you have changed the default port of PMP to any other port such as 443, the same port number must be updated here.
  • ScheduleInterval: By default, the agent pings the server once in 60 seconds. To configure the time interval at which the agent should ping the Password Manager Pro web server, modify the time interval value in seconds for the parameter ScheduleInterval to the value you require.
  • UserName: This is the admin user under whom the agent server will be added as a resource.

Once any of the above parameters are modified, restart the agent service.

Discover local accounts

When the agent is started for the first time on the target machine, it will automatically add the machine as a resource inside PMP and automatically discover the local accounts.

Remotely change the passwords
  • Navigate to Resources tab --> Passwords.
  • Select the desired account of the resource for which password has to be changed remotely. Click the Account Actions icon and select "Change Password" from the drop-down list.
  • In the Change Password dialog box that opens, enter the new password and click Save.
Find tasks awaiting execution by the agents

You can find the tasks that have already been triggered by the user in Password Manager Pro but are still awaiting execution by the agents under the Notifications icon. You can also review the status of the previously triggered tasks here.

  • Navigate to Resources tab.
  • Click on the Notifications icon present in the top panel of the GUI.
  • The notification icon will provide the following information:
    • The number of password reset and password verify actions triggered.
    • Status of password reset actions triggered earlier.
    • Status of password verify actions triggered earlier.

This listing is user specific - users will be notified of only those tasks that have been triggered by them.

Troubleshooting

If the password changes do not take effect in the target systems, you need to check the following:

  • Check if the account in which the agent is installed has sufficient privileges to make password changes.
  • By default, the agent tries to communicate with the Password Manager Pro web server through the port 7272. If you have changed the default port of PMP to any other port such as 443, the agent should also be allowed to communicate with the server through the same port.
  • Check if the server name mentioned in the agent.conf file is reachable, if not then change it into a reachable IP address or server name for the agent to be able to establish a successful connection with the Password Manager Pro web server.
  • If you are unable to see an added resource, check if the username updated in the agent.conf file is reachable.

©2014, ZOHO Corp. All Rights Reserved.

Top