Password Propagation allows privileged accounts passwords reset to be propagated to remote servers services. This topic covers Propagation by script and Active Directory specific propagation.
Propagation by script
The following sections describe the properties of the Propagation by script feature within the Privileged Access Management solution. The Steps section explains how to set up this feature by using a Devolutions template, but it is also possible to Create a template.
This method covers all PAM account providers.
Steps (with template)
-
Download our template .json file from GitHub.
-
Log in to Devolutions Server with an administrator account.
-
Go to Administration – Modules – Privileged Access – Propagation (Preview).
-
Click on Script Templates.
-
Click on Import.
-
Select the previously downloaded template .json file and click Import.
-
Click Save.
-
Go back to the Propagation (Preview) page.
-
Click on Add.
-
Select the desired template and click on Select.
-
In the General tab, name this configuration.
-
In the Propagation Properties tab, enter the information for the remote machine.
-
In the Property Mapping tab, click on Configure a PAM entry to select a privileged account type.
-
Click on Continue.
-
Select the fields of the account (or provider) to associate with the variables and click Save.
-
Click Save to save this new configuration and close the window.
-
Go to the Privileged Access tab and select an account type previously configured with Propagation.
-
Click on Edit.
-
Go to the Propagation tab and click on the "+" button.
-
Select the configuration to link to that account, and click Confirm.
It is possible to select multiple configurations.
-
Click OK to save the changes and close the window.
To test if the link is successful, click on More and then Reset Password. If working correctly, the newly created file will appear on the remote machine. If not, it is recommended to check the logs of the account.
Create a PowerShell template
-
Log in to Devolutions Server with an administrator account.
-
Go to Administration – Modules – Privileged Access – Propagation (Preview).
-
Click on Script Templates.
-
Click on Add.
-
In the General tab, add a Name for this template.
It is possible to add a Description. The icon can also be changed by clicking on it.
-
In the Propagation Properties tab, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the URL to the remote machine (i.e., ComputerIP, Username, Password and RootFolder).
-
In the Property Mapping tab, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the Field Mapping of the remote machine (i.e., FileName and FilePath).
-
In the Script tab, the previous variables appear as well as the NewPassword variable. This new variable will contain the new password for the account on script execution.
-
Click on Generate base script.
Click on Edit to modify or add to the script.
-
Click Save to save this configuration and close the window.
Learn more about custom scripts for this feature by visiting our public GitHub.
Active Directory specific propagation
The WinRM must be properly configured as described in WinRM and Trusted Hosts List article.
This Password Propagation feature is only available for Domain accounts.
The following section describes the properties of the Active Directory Password Propagation feature within the Privileged Access Management solution.
Properties
Option | Description |
---|---|
Computers | Inherited: Inherits the computer's list from the parent's folder. Custom: Set a custom list of computers. Custom + Inherited: Inherits the computer's list from the parent's folder and set a custom list of computers. |
Computer name | Name of each computer on which the password propagation will take place. |
Browse domain containers | Browse the domain to select the computers. |