Password propagation

Password Propagation allows privileged accounts passwords reset to be propagated to remote servers services. This topic covers Propagation by script and Active Directory specific propagation.

Propagation by script

The following sections describe the properties of the Propagation by script feature within the Privileged Access Management solution. The Steps section explains how to set up this feature by using a Devolutions template, but it is also possible to Create a template.

This method covers all PAM account providers.

Steps (with template)

  1. Download our template .json file from GitHub.

  2. Log in to Devolutions Server with an administrator account.

  3. Go to AdministrationModulesPrivileged AccessPropagation (Preview).

    Propagation (Preview)
    Propagation (Preview)

  4. Click on Script Templates.

    Script Templates
    Script Templates

  5. Click on Import.

    Import
    Import

  6. Select the previously downloaded template .json file and click Import.

    Import button
    Import button

  7. Click Save.

    Save button
    Save button

  8. Go back to the Propagation (Preview) page.

  9. Click on Add.

    Add
    Add

  10. Select the desired template and click on Select.

    Select button
    Select button

  11. In the General tab, name this configuration.

  12. In the Propagation Properties tab, enter the information for the remote machine.

  13. In the Property Mapping tab, click on Configure a PAM entry to select a privileged account type.

    Configure a PAM entry
    Configure a PAM entry

  14. Click on Continue.

  15. Select the fields of the account (or provider) to associate with the variables and click Save.

  16. Click Save to save this new configuration and close the window.

    Save button
    Save button

  17. Go to the Privileged Access tab and select an account type previously configured with Propagation.

  18. Click on Edit.

  19. Go to the Propagation tab and click on the "+" button.

    + button
    + button

  20. Select the configuration to link to that account, and click Confirm.

    Confirm button
    Confirm button

    It is possible to select multiple configurations.

  21. Click OK to save the changes and close the window.

    OK button
    OK button

    To test if the link is successful, click on More and then Reset Password. If working correctly, the newly created file will appear on the remote machine. If not, it is recommended to check the logs of the account.

Create a PowerShell template

  1. Log in to Devolutions Server with an administrator account.

  2. Go to AdministrationModulesPrivileged AccessPropagation (Preview).

    Propagation (Preview)
    Propagation (Preview)

  3. Click on Script Templates.

    Script Templates
    Script Templates

  4. Click on Add.

    Add
    Add

  5. In the General tab, add a Name for this template.

    It is possible to add a Description. The icon can also be changed by clicking on it.

  6. In the Propagation Properties tab, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the URL to the remote machine (i.e., ComputerIP, Username, Password and RootFolder).

    Propagation Properties
    Propagation Properties

  7. In the Property Mapping tab, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the Field Mapping of the remote machine (i.e., FileName and FilePath).

    Property Mapping
    Property Mapping

  8. In the Script tab, the previous variables appear as well as the NewPassword variable. This new variable will contain the new password for the account on script execution.

  9. Click on Generate base script.

    Generate base script
    Generate base script

    Click on Edit to modify or add to the script.

  10. Click Save to save this configuration and close the window.

    Learn more about custom scripts for this feature by visiting our public GitHub.

Active Directory specific propagation

The WinRM must be properly configured as described in WinRM and Trusted Hosts List article.

This Password Propagation feature is only available for Domain accounts.

The following section describes the properties of the Active Directory Password Propagation feature within the Privileged Access Management solution.

Password Propagation
Password Propagation

Properties

Option Description
Computers Inherited: Inherits the computer's list from the parent's folder.
Custom: Set a custom list of computers.
Custom + Inherited: Inherits the computer's list from the parent's folder and set a custom list of computers.
Computer name Name of each computer on which the password propagation will take place.
Browse domain containers Browse the domain to select the computers.