Configure Automated, Periodic Remote Password Resets¶
You can configure to reset the passwords of accounts contained in the folder
by navigating to Folders >>
- Reset Once
- Reset Periodically
You can reset once on a specific date and time or you can configure a periodic reset to be taken in intervals as low as an hour.
If you choose ‘Reset Once’, follow the steps to schedule a backup
- Specify the date of reset from the calendar by clicking on the date format text.
- Specify the time of reset in the format [hh mm].
- Specify how often to retry password reset.
- Specify the maximum number of resets to be attempted.
If you choose Reset Periodically, follow the steps to schedule backups
- Specify the date of the first reset from the calendar by clicking on the date format text.
- Specify the time of the first reset in the format [hh mm].
- Specify the periodicity of password reset. You can configure a periodicity as low as an hour.
- Specify the maximum number of resets to be attempted. You can select options shown to notify the folder owner and the users with shared manage access. You can also include recipients to notify by specifying their email addresses in comma separated form.
To disable an already existing schedule, click on Disable. Click Save.
Troubleshooting Tips¶
1. Issue¶
Issue with Domain Admin accounts. The user has put them in a folder and has been using remote password reset functionality, but when it runs it shows the following error.
Error: Possible reasons: (1) Invalid credentials. (2) Remote connection privileges for this account could have been disabled on the remote computer.
Password on both side (Securden and AD) is the same and the user uses a domain admin account for remote.
Solution:
One possible reason could be that WMI connectivity might not be available. We use WMI protocol for password resets and verifications. By default, WMI remains disabled for all local users except for the built-in administrator accounts.
You may follow the steps below to enable WMI access on a specific Windows machine:
https://www.securden.com/documents/WMI-Access-for-All-Users.pdf
In case you wish to enable WMI on multiple machines, you may refer to the link below:
https://www.securden.com/documents/WMI-Access-For-All-Users-GPO.pdf
2. Issue¶
I am trying to let local admin accounts from a PC, and I get an error “The username/password does not exist (or) the user does not have the remote launch or remote.”
Solution: It might be an account permission issue. Try to re-run the discovery by providing a domain admin credential.
Navigate to Accounts >> Discover Accounts >> Windows. Click "Modify" >> Enter username and password
You can enter a domain admin credential and try to discover the computers again to fetch local accounts. If it still fails, please try disabling the firewall and check once again.
Folder Reports¶
You can generate and view various actionable reports with the data specific to the selected folder.
You can view the most used accounts, most active users, accounts and activity trails of the selected folder.
Folder Settings¶
Certain settings such as session recording, syslog settings, etc., can be configured for accounts at a folder level in addition to being configured at an account level. For example, in the case of Syslog settings, you can choose to send Syslog messages pertaining to the events from the accounts belonging to this folder alone to the SIEM tools.
Syslog Settings
You can configure Syslog preferences for Folders. Navigate to Folders >> Select a Folder >> Settings >> Syslog Settings.
Pre-requisite: You need to configure the Syslog settings from Admin >> Syslog for SIEM to be able to access this folder level setting.
You can select the account related activities for which you want to maintain a Syslog.
The folder-specific settings will get the preference over the global settings that were configured in Admin >> Syslog for SIEM.
Event Notification at a Folder level¶
When certain events occur, such as password recovery at the folder level, deletion, or changes in sharing permissions, Securden can send email notifications. You have the option of selecting which events you want to be notified about. The notifications can be sent out in real-time or as a consolidated email once a day.
Configuring Event Notifications¶
To start setting your preferences in receiving notifications, you need to toggle the Configure Notifications button. You will see a field named Events related to actions on accounts.
To add events, click on Select Events under Events related to actions on accounts and select the events you want to get notified about from the list.
The selected events will be shown in a green box and can be deselected by clicking on the x present adjacent to the event. To clear all selected events, click on the Clear All button.
When to Notify?
You can choose to either get notified As and when the events occur or As a consolidated email, once a day.
Who to Notify?
You can choose who receives notification emails by selecting the options in the checklist present under Send Notifications to. If you select All Administrators, users with Administrator or Super Administrator designation will be notified.
If you select All Auditors, the users with auditor role designated to them will be notified.
You can also configure to notify specific users or a group of users by selecting Select Users/Groups.
You can send notifications to people who are not registered users in Securden by specifying their email address in the box named Others (specify email address). When more than one email address needs to be notified, separate the emails with a comma(,).
Click Save.
Ticketing System integration at a Folder level¶
To use the ticketing system for a folder and its accounts, you need to configure the ticketing system from Admin >> Ticketing System.
Once the ticketing system has been configured, you can toggle this feature On for specific accounts and folders. Navigate to Folders >> Settings >> Ticketing System to toggle this feature On or Off.
Exclusion List
You can exclude specific users or groups, with whom the folder is shared, from going through the ticket validation by including them in the exclusion list.