Windows – Centralised Password Management Software

access-control-listmac-osxpassword-managementwindows

Currently, the company I work for has nothing in the way of password management – everything is in a big excel spreadsheet that everyone has access to. Obviously this has a whole rash of issues attached to it, namely:

Staff have access to passwords they shouldn't have/don't need.
Anyone who can get access to a machine on the network can get full access to all the passwords.

So, I'm pushing for us to move to a new system….however, I don't have a whole lot of experience in this area, so I don't know what solution to suggest.

Essentially, I'm looking for some form of password management solution, where administrators can limit individual users to a limited subset of passwords, but while still having all the passwords in one (secure) place.

Assuming it's some form of server->client solution, it needs to have clients for both OS X and Windows (and ideally Linux, but not essential!)

If anyone has any recommendations, I'd love to hear them!

Thanks,

Liam

Best Answer

There are quite a few tools out there that you can take a look at for what you're requesting:

My company was previously using a homebrewed PHP password manager, but we switched over to a commercial manager. I currently use Lastpass as my current personal password manager, but they also have an enterprise version which you can check out.

Related Solutions

Windows Server 2012 IPAM feature – “Unblock IPAM Access” error/recomended action

Probably you already resolved this long ago, but answering for other people with the issue.

Solution taken from here: http://khellman.blogspot.com/2014/02/unblock-ipam-access-to-dc.html (and worked for me):

Editing the problem server in the IPAM Server Inventory panel to untick DNS - OK - then reticked DNS fixed it.

Ftp – How to automate FTP user password updates, on a remote IBM z/OS FTP server

BACKGROUND

Each FTP server implementation decides if/how to invoke access controls, per File Transfer Protocol (FTP) technical specification RFC 959:

2.2.  TERMINOLOGY
   ...
   access controls
      Access controls define users' access privileges to the use of a
      system, and to the files in that system.  Access controls are
      necessary to prevent unauthorized or accidental use of files.
      It is the prerogative of a server-FTP process to invoke access
      controls.

Since password policy represents a form of access control, and RFC 959 specifies no password reset mechanism, it seems reasonable to conclude each FTP server implementation decides if/how to support FTP client-initiated password resets.

In practice, this represents what we see:

Some servers, such as Titan FTP server, support SITE PSWD command:

SITE PSWD "<old_password>" "<new_password>"

Other servers, such as WS_FTP Server, support CPWD command:

CPWD <new_password> Yet another

variant is:

SITE CPWD <new_password>

IBM Z/OS FTP SERVER PASSWORD RESET MECHANISM

IBM z/OS FTP server extends File Transfer Protocol (FTP) command "PASS", to grant FTP users the ability to initiate the password change, via the FTP client.

Specifically, enter "oldpass/newpass/newpass", in FTP client field "password" (substitute the actual old and new passwords, for "oldpass" and "newpass", respectively, preserving the forward-slash delimiters). Upon successful login, this triggers the FTP server to subsequently change the FTP user password, on the remote server. Subsequent logins require the FTP user to provide only the new password. Additional constraints exist; please refer to the IBM FTP command "PASS" documentation for full details.

AUTOMATING IBM Z/OS PASSWORD RESETS

Automation depends on both the FTP server password reset mechanism and an FTP client which lends itself to automation.

We currently use Ipswitch WS_FTP Professional Client v12:

ONERROR GOTO end1 ;(Goes to the end1 label and ends the script) 
TRACE SCREEN ;(sends a trace of the script to the screen - you can modify this line to point to a trace files so that any errors can be viewed after the script is run) 
LOG SCREEN ;(sends the log file to the screen you can modify this line to point to a trace files so that any errors can be viewed after the script is run)
USER test ;(username command) 
PASS oldpw/newpw/newpw ;(password command) 
CONNECT 127.0.0.1 21 ;(connects to the remote site) 
CLOSE ;(closes the connection) 
LABEL end1

Best Answer

Related Solutions

Windows Server 2012 IPAM feature – “Unblock IPAM Access” error/recomended action

Ftp – How to automate FTP user password updates, on a remote IBM z/OS FTP server

Related Topic