Installing the Password Manager Pro Agent
(Feature available only in Premium and Enterprise editions, steps applicable only for build 10301 and earlier)

For steps to install the agent for versions 10302 and later, click here.


Note: Password Manager Pro agent will work only on Redhat versions up to 7.9, and CentOS.

  1. Overview
  2. Communication between the Password Manager Pro Server and the Password Manager Pro Agent
  3. Installing the Password Manager Pro Agent

    3.1 Prerequisite

    3.2 Steps to Download Password Manager Pro Agent

    3.3 Password Manager Pro Agent for Windows/Windows Domain

    3.4 Password Manager Pro Agent for Linux

    3.5 Configuring Agent Settings

  4. Discovering Local Accounts using the Password Manager Pro Agent
  5. Finding Tasks Awaiting Execution by the Password Manager Pro Agent

1. Overview

Deploying the Password Manager Pro agent allows you to establish connections with remote resources that are not connected to the Password Manager Pro server, and manage them from Password Manager Pro. The Password Manager Pro agent is available for Windows, Windows domain, and Linux servers. The agent package, available for download in the Password Manager Pro web interface, contains the necessary executable/configuration files and an SSL certificate used for the HTTPS communication between the agent and the Password Manager Pro web server. Once deployed in the target machines, the agents will communicate with Password Manager Pro and effect password changes. By using this option, you can change the password of a remote resource directly from the Password Manager Pro web interface.

The Password Manager Pro agent is useful in the following cases:
  • When the Password Manager Pro server runs in a Linux system, and password reset has to be carried out for a Windows machine.
  • If the target systems are in a Demilitarized Zone(DMZ) or a different network to which Password Manager Pro server does not have direct connectivity.
  • If the required administrative credentials are not stored locally in the Password Manager Pro server to execute remote password resets.
  • To change the password of domain accounts without the domain controller's admin credentials.

2. Communication between the Password Manager Pro Server and the Password Manager Pro Agent

All password-related communication between the Password Manager Pro server and the agent is carried out securely over HTTPS. Since the agent always initiates the connection, the communication is one-way. The agent residing in the target machines only needs access to the Password Manager Pro web interface, thereby only the Password Manager Pro web server needs to be available for the agent. Since the agent uses the outbound traffic to reach the login page of Password Manager Pro, there is no need to punch firewall holes or create VPN paths to allow inbound traffic for the server to reach all the deployed agents.

The agent will periodically ping the Password Manager Pro web server through HTTPS to check if any operation is pending for execution. By default, the agent pings the server once every 60 seconds but the interval can be changed according to requirements. Once the agent contacts the Password Manager Pro web server, the server will trigger the list of tasks to be carried out by the agent in the remote resource. Once the tasks have been executed, the agent will notify the results to the Password Manager Pro web server.

Note: Since the tasks are triggered by the web server only upon contact from the agent, the time taken for successful task execution will depend on how quickly the agent can connect with the Password Manager Pro web server.

3. Installing the Password Manager Pro Agent

3.1 Prerequisite

Before installing the agent, ensure that the account that you use to install the agent in the remote host has sufficient privileges to carry out password modifications.

The Password Manager Pro agent package is dynamically created by the Password Manager Pro server to include the corresponding SSL certificate to use for the HTTPS communication between the agent and the Password Manager Pro web server.

3.2 Steps to Download Password Manager Pro Agent

  1. Navigate to Admin >> PMP Agents.
  2. You will see the agent packages for both 32-bit and 64-bit versions of the following operating systems:
    • Windows
    • Windows Domain
    • Linux
  3. Click the required agent package. A .zip file with all the necessary executables will be downloaded.

3.3 Password Manager Pro Agent for Windows/Windows Domain

The following are the commands to be executed in the target system for the Windows agent and the Windows Domain agent.

  1. Start
  2. Stop

Notes:

  1. You need administrative privileges in the target system to execute the above commands.
  2. Despite having similar installation steps, the agents for Windows and Windows Domain are not interchangeable, i.e., do not install the Windows agent in a Domain Controller machine and vice versa. The reason is as follows:
    • Once the Windows agent is installed in a machine, it will discover and list all local accounts available in that machine so that password reset can be done for those accounts.
    • Whereas, Windows Domain agent is meant for a domain controller machine and it will not discover any accounts from the machine in which it is installed.

i. To Install and Start the Agent as a Windows Service

  1. Open a command prompt and navigate to the Password Manager Pro agent installation directory.
  2. Execute the command AgentInstaller.exe start.

ii. To Stop the Agent and Uninstall the Windows Service

  1. Open a command prompt and navigate to the Password Manager Pro agent installation directory.
  2. Execute the command AgentInstaller.exe stop.

3.4 Password Manager Pro Agent for Linux

The following are the commands to be executed in the target system for the Linux agent.

  1. Install
  2. Start
  3. Stop
  4. Remove

Note: You need administrative privileges in the target system to execute the above commands.


i. To Install the Agent as a Linux Service

  1. Open a command prompt and go to the Password Manager Pro agent installation directory.
  2. Execute the command sh installAgent-service.sh install.

ii. To Start the Agent as a Linux Service

  1. Open a command prompt and go to the Password Manager Pro agent installation directory.
  2. Execute the command sh installAgent-service.sh start.

iii. To Stop the Agent as a Linux Service

    1. Open a command prompt and go to the Password Manager Pro agent installation directory.
    2. Execute the command sh installAgent-service.sh stop.

iv. To Uninstall the Agent as a Linux Service

  1. Open a command prompt and go to the Password Manager Pro agent installation directory.
  2. Execute the command sh installAgent-service.sh remove.

3.5 Configuring Agent Settings

Open the agent.conf file available in the downloaded agent package. The following are the parameters listed in the .conf file:

  • ServerName: This is the server/IP Address which the Password Manager Pro agent will try to reach to contact the Password Manager Pro server.
  • ServerPort: This indicates the port in which the Password Manager Pro server is running. If you have changed the default port of Password Manager Pro to any other port such as 443, the same port number must be updated here.
  • ScheduleInterval: By default, the agent pings the server once in every 60 seconds. To configure the time interval at which the agent should ping the Password Manager Pro web server, modify the time interval value in seconds.
  • UserName:This is the admin user account under which the agent server will be added as a resource.

Once any of the above parameters are modified, restart the agent service.

4. Discovering Local Accounts using the Password Manager Pro Agent

When the agent is started for the first time on the target machine, it will automatically add the machine as a resource in Password Manager Pro and discover the local accounts. After the discovery, you can reset the passwords of the local accounts. To learn more about resetting passwords using the Password Manager Pro agent, click here.

5. Finding Tasks Awaiting Execution by the Password Manager Pro Agent

Follow the below steps to find the tasks have been triggered by the user but awaiting execution by the Password Manager Pro agent.

  1. Click the bell icon on the top panel of the interface for viewing Notifications.
  2. Under Agent Alerts, you will find the different statuses of the agent:
    • The number of password reset and password verify actions triggered.
    • Status of password reset actions triggered earlier.
    • Status of password verify actions triggered earlier.

  3. The notifications are user-specific i.e., users will be notified of only those tasks that they have triggered.
Top