Jump to content
MrRat

MSP Accounts Plugin - Free

Recommended Posts

Mr Rat,

 

I just ran our first full password update with your plugin last night, it was amazingly fast and all but 2 clients (of 117) ran fine! I just wanted to ask if there was a way to set the non domain local service accounts to use the same password vs generating one. We have a single password that we change frequently and for my field guys that might hit 2-3 clients/locations in a day it wont take long for them to run me out of the office if they have to look up and type a random string for each location. Currently we have 277 locations and maybe 70 of those generated their own random passwords.

 

We want to be able to click a button and set our msp account to the same password on every domain/non domain computer.

 

As a side note, its kinda weird to not be able to update the msp accounts password from outside of the msp account. It means I have to temporarily give it super admin, log into the CC, update its password, then revoke its permissions. Not a big deal in the scheme of how much time the plugin already saves but it would be cool if super admins could update any users password.

 

Thanks

-Keegan

Share this post


Link to post
Share on other sites
I have a couple of feature requests..

 

Thanks for the suggestions. I'll do #1 in the next update, the rest I will need to think about.

Share this post


Link to post
Share on other sites
We have a single password that we change frequently and for my field guys that might hit 2-3 clients/locations in a day it wont take long for them to run me out of the office if they have to look up and type a random string for each location. Currently we have 277 locations and maybe 70 of those generated their own random passwords.

 

you make a good argument for it

 

 

As a side note, its kinda weird to not be able to update the msp accounts password

 

ok, ok. i have to give in on this one. enough people have asked for it that I'll add it to the next update

Share this post


Link to post
Share on other sites

I managed to put together the correct command to delete the OU I created by mistake. Here is an example below..

for /f "Tokens=*" %s in ('dsquery ou -name MSPNAME_Helpdesk* -limit 0') do @DSRM %s -subtree -noprompt

Share this post


Link to post
Share on other sites

Hey Mr Rat,

 

Do you have logs for when something isn't working as expected? I found a single location with a DC and domain that didn't get a user created, the clients other location without a DC got a local service account as expected. I tried running the force creation from the plugin but I'm not seeing any commands. Without disclosing client domains, it's nothing fancy, just 4 letters ex: pbnj.local. I also just double checked and it is detecting as a domain controler with the 'AD Domain Controller' roll.

 

Thoughts?

-Keegan

Share this post


Link to post
Share on other sites
Do you have logs for when something isn't working as expected?

 

what it does know it should email you. which i admit isn't much

 

 

it is detecting as a domain controler with the 'AD Domain Controller' roll.

 

the plugin specifically targets the PDC, was that role detected?

Share this post


Link to post
Share on other sites
the plugin specifically targets the PDC, was that role detected?

 

Well there's my problem. Its got the PDC Emulator roll but LT thinks it's not currently detected. This will be fun!

 

Thanks

-Keegan

Share this post


Link to post
Share on other sites

Feature Request. Is it possible to store the passwords in the Passwords Tab on the Client. We are using a plugin that passes passwords from there to ScreenConnect.

Share this post


Link to post
Share on other sites
Feature Request. Is it possible to store the passwords in the Passwords Tab on the Client. We are using a plugin that passes passwords from there to ScreenConnect.

 

No, that would allow anyone to see them.

Share this post


Link to post
Share on other sites
Feature Request. Is it possible to store the passwords in the Passwords Tab on the Client. We are using a plugin that passes passwords from there to ScreenConnect.

 

No, that would allow anyone to see them.

 

I'm a little confused here. I'm seeing the password we set getting saved into the password tab for clients? Is this not the intended behavior?

 

Also heads up you can restrict who can view passwords by limiting per client permissions:

Double Click Client head into Permissions tab, user class will need the 'Passwords Read' permission to be able to see them. We have this locked down for our guys so only super admins and select mini admins in our company can read these.

Share this post


Link to post
Share on other sites
I'm a little confused here. I'm seeing the password we set getting saved into the password tab for clients? Is this not the intended behavior?

The Service Account is saved to the Password Tab. Individual user accounts are not.

 

 

Also heads up you can restrict who can view passwords by limiting per client permissions:

Permissions are not granular enough for individual account passwords.

Share this post


Link to post
Share on other sites

I had not deployed far enough to test Service Accounts. That is great. I only tested user Accounts, and as I thought about this further, after writing, I realized that would not be ideal, everyone would have access to it. Thanks for they quick reply.

Share this post


Link to post
Share on other sites
Hi ... download link isn't working (on first page of this topic)

 

try again, should work now

Share this post


Link to post
Share on other sites

Mr Rat,

I am having a problem where our MSP account doesn't appear to be updating at all clients.

We had an account lock-out problem this morning, and when I checked the Service account password for that client, the entry "Title" was formatted in a way that leads me to believe that it was created by the plug-in, but the password value saved in that entry appears to be random (or at least, the value was not current, historic, or anything that I recognized).

 

This site has a single DC, and I checked that the PDC emulator role was detected (you noted this in an earlier post).

 

Any ideas what else might be going on here? Anything else I can check or look at?

 

Thanks

Nate

Share this post


Link to post
Share on other sites
when I checked the Service account password for that client, the entry "Title" was formatted in a way that leads me to believe that it was created by the plug-in, but the password value saved in that entry appears to be random

 

Have you been using the plugin longer than the date set for "auto change password"? If so then it would be random and maybe it just had an issue talking to that one DC when it was changing passwords. Manually set the password on the DC to what the is listed in the client and we'll see what happens next time.

Share this post


Link to post
Share on other sites

So I am going through this morning and checking all of our clients.

Of the 28 I have checked so far, 13 of them have wrong passwords.

I checked the MSP account settings for that user account, and the "AutoChangePassword" box for that account in question is NOT checked.

 

Under the We did just start using this plug-in after our upgrade to LT 11 back in February, and the "auto change password" field under settings is set to 99, but that shouldn't have an effect since the that account is not set to auto-update.

Share this post


Link to post
Share on other sites

Mr Rat, We have found that there is a need for the user logon name to be set in the "new" User Logon name (currently only the User logon name (pre-Windows 2000) is set). Can that be easily added?

Share this post


Link to post
Share on other sites

 

Mr Rat -

 

We pushed this out and found that when it does the local accounts, it does this. It can't be one per computer, because we have less computers on that site than that

 

It;s going to really litter up our system if it creates a new entry every time it rotates passwords. Every single customer has at least 11 entries in their database. I'm hoping the most recent one is correct, but there's no way to know without testing them all.

59ec9443ace60_2017-05-2612_01_08-FalconResearch-ToolsOnly(LocationID_251).png.88aef7d416d83490012b42acd970a7b9.png

59ec9443ace60_2017-05-2612_01_08-FalconResearch-ToolsOnly(LocationID_251).png.88aef7d416d83490012b42acd970a7b9.png

Share this post


Link to post
Share on other sites

 

Mr Rat, We have found that there is a need for the user logon name to be set in the "new" User Logon name (currently only the User logon name (pre-Windows 2000) is set). Can that be easily added?

 

I'm still trying to figure out why that doesnt work.

 

Share this post


Link to post
Share on other sites

 

Every single customer has at least 11 entries in their database. I'm hoping the most recent one is correct, but there's no way to know without testing them all.

 

i have no idea what that image was or what database you are referring to.

 

Share this post


Link to post
Share on other sites

 

Every single customer has at least 11 entries in their database. I'm hoping the most recent one is correct, but there's no way to know without testing them all.

 

i have no idea what that image was or what database you are referring to.

That's from the customer password manager screen, for one specific site, all those LTSVC accounts were created by MSP Accounts.

 

Every site it touched is like that.

 

Share this post


Link to post
Share on other sites

 

That's from the customer password manager screen, for one specific site, all those LTSVC accounts were created by MSP Accounts.

Every site it touched is like that.

 

 

Are you moving the account in AD? It seems like it can't find the account after it creates it.

 

Are you running a pilot version of Automate?

 

Share this post


Link to post
Share on other sites

 

No, that's the local account.

 

This behavior was only observed on customers that had non domain computers.

 

We're not on pilot, we're on v11.0.365 (patch 12)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×