What is Password Reset?
The safest passwords are those that no one knows. A Password Reset enables passwords to be reset to a new and unknown value according to freely definable triggers. A trigger could be a definable time interval or a certain action by the user. The value of the password is changed in both Password Safe and also on the target system.
This process will be explained below using a specific example. The password for the MSSQL user has expired. The Password Reset thus changes the password in Password Safe and also in the target system to a new value.
Creating a Password Reset
New Password Resets can be directly added via the ribbon or the keyboard shortcut “Ctrl + N” in the Password Reset module. With regards to permission, a Password Reset behaves in precisely the same way as every other object. It can be managed to precisely define which users can view and use which Password Resets.
The configuration of a new Password Reset comprises four steps. All of the necessary conditions and variables for the configuration are defined in the following areas: “General”, “Trigger”, “Scripts” and “Linked passwords”.
- Name: Designation for the Password Reset
- Responsible user: All completed Password Resets are also recorded within Password Safe (logbook,…). To ensure these steps can be allocated to a user, a user who is registered in Password Safe is selected in the field “Responsible user”.
Triggers describe the conditions that need to be fulfilled so that a Password Reset is carried out. There are a total of three possible triggers available:
- Reset the password x minutes after the password has been viewed
- Reset the password when it has not been changed for x days
- Reset the password when it has been expired for x days
At least one trigger must be activated so that the Password Reset is activated. Deactivating all triggers is equivalent to deactivating the Password Reset. All three triggers can be activated and deactivated independently of one another. Only one selection can be made in each of the three categories.
The following systems can currently be automatically reset (script types).
- Windows user
- MSSQL user
- Active Directory user
- Service accounts
- Windows tasks
A new dialogue appears after the selection in which the type of system “to be reset” can be defined.
- Script type: You select here from the possible script types.
- Password: The credentials for the record that will ultimately carry out the Password Reset.
The required information is specifically requested in each case. For example, if the reset is for an MSSQL user, the MSSQL instance and the port used needs to be entered.
All records that should be reset with the Password Reset according to the selected trigger are listed under “Linked passwords”. It is possible to enter multiple objects. The linked Password Reset is also visible in the footer of the reading pane once it has been successfully configured.