Password propagation allows privileged accounts passwords reset to be propagated to remote servers services either by script or with Active Directory.
Propagation by script
The following sections describe the properties of the propagation by script feature within the Privileged Access Management (PAM) solution. This method covers all PAM account providers.
Seting up propagation by script
- Download our .json template file from GitHub or create a your own template.
- Log in to Devolutions Server with an administrator account.
- Go to Administration – Privileged access – Propagation (preview).
- Click on Script templates.
- Click on Import.
- Select the previously downloaded template .json file and click Import.
- Click Save.
- Go back to the Propagation (preview) page.
- Click on Add.
- Select the desired template and click on Select.
- In General, name this configuration.
- In Propagation properties, enter the information for the remote machine.
- In the ***Property mapping, click on Configure a PAM entry.
- Select a privileged account type, then click on Continue.
- Select the fields of the account (or provider) to associate with the variables and click Save.
- Click Save and close the Propagation configuration window.
- Go to Privileged access and select an account type previously configured with Propagation.
- Click on Edit.
- Go to Propagation tab and click on Add.
- Select the configuration to link to that account, and click Confirm. It is possible to select multiple configurations.
- Click OK to save the changes and close the window.
To test if the link is successful, click on More and then Reset Password. If working correctly, the newly created file will appear on the remote machine. If not, it is recommended to check the logs of the account.
Create a PowerShell template
- Log in to Devolutions Server with an administrator account.
- Go to Administration – Privileged access – Propagation (preview).
- Click on Script templates.
- Click on Add.
- In the General tab, add a Name for this template. It is also possible to add a Description. The icon can also be changed by clicking on it.
- In Propagation properties, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the URL to the remote machine (i.e., ComputerIP, Username, Password, and RootFolder).
- In Property mapping, add the variables for the script by clicking on + Add property. The variables added in this tab should represent the Field mapping of the remote machine (i.e., FileName and FilePath).
- In Script, the previous variables appear as well as the NewPassword variable. This new variable will contain the new password for the account on script execution.
- Click on Generate base script.
- Click Save and close the window.
Learn more about custom scripts for this feature by visiting our public GitHub.
Active Directory specific propagation
The following section describes the properties of the Active Directory Password Propagation feature within the PAM solution. This Password propagation feature is only available for Domain accounts.
The WinRM must be properly configured as described in WinRM and trusted hosts list article.
Properties
Option | Description |
---|---|
Computers |
|
Computer name | Name of each computer on which the password propagation will take place. |
Browse domain containers | Browse the domain to select the computers. |