Jump to content

Recommended Posts

Posted

Hey guys,

I'm fresh to Pulseway, and I must say this stuff is an eye opener to our current remote access tool!!
I do have a few questions that I would like to ask before converting our 100+ devices to Pulseway.

We have a satelite PC's and laptops that we want to install Pulseway on (which we would do unattended for the majority of).. 
Without having to go into each and every config afterwards and password protect the config with 'click here to prevent changes' and lock it down - is there a global change option that we can do for this? - the issue I have is with leaving this open is that someone only has to make changes to the username, password and servername, and we have complete disconnection to the monitored device...
I know we could 'import Settings' from a file to get the system back up and running again, but telling some of our users how to do that can be time consuming..

So, is there a lock down available?

Also, in the case of an ICT employee / contractor leaving (with knowledge of the Admin / install credentials), we would change the password and have it propagated to our agents - if we selected a selected propagated time and the device wasn't turned on during that time - does that mean a monitored device will not be connected again?

Is this why we would employ the 2 factor authentication?

Thanks - Grunta

 

  • Staff
Posted

Hi Grunta,

There is no global lockdown option available, however you can push the registry keys required to do so through a GPO. If you need assistance how to do that please send an email to support [at] pulseway [dot] com.

If the device isn't online at least once during the password propagation period, then it will not show up again on the agent until it's credentials are manually updated. You can resolve this issue by registering all systems under an administrator account and then provide delegated access to the employees. Once an employee leaves the company you delete the account to revoke it's access to the systems.

Regards

Chris

Posted

Thanks Chris

I have emailed you already... Is there a plan on the roadmap to possibly add this as a global policy within Pulseway? - that way if people do learn the of the lockdown password that it can be pushed down and updated across the Pulseway Group.... It would be a whole heap easier to manage as an administrator...

Yes, we have run all our agent installs as the Administrator user, (and will do)....

I really don't see how practical this three day password propagation before the agent is disconnected works in the real world..
Let me run this real world example to help explain what I mean:

  • What say a laptop user has Pulseway installed - works fine
  • We have the lock down installed settings with a 'prevent changes'.
  • There is an employee / contractor issue & is promptly dismissed (on a Friday)
    • We know they know the valid username password for Pulseway
    • For preventive reasons we change the valid password for Pulseway (3 day propagation is enforce)
  • Our laptop user is on extended vacation and doesn't return until Wednesday and is working from a satelite office many miles from support.
    • More than 3 days has passed and now the Pulseway password doesn't sync up
      • Pulseway 'prevent changes lock' is enforce
    • To have them reconnect, we have to tell them the 'password'
      • Now we have a possible security breach (the worker now knows the password - potentially the same across generic devices)
    • Staff make the changes / import the file
  • Pulseway reconnects (YAY!!!)

My suggestion: Why not just have the existing / old password retained, when the device is next connected (could be a months time - or whenever) it would then simply pull the correct config / password.... As long as the device doesn't get deleted from the Pulseway Management, then it should just reconnect (thats where I guess the Computer Identifier ID comes into play)....

By doing this, I think the risk / hassles would be reduced:

  • Transparency to end user
  • Connectivity/support just works.
  • No hassles / panic for the the IT staff to contact the end user to have the device on before 3 days
  • No breach in the end user knowing the 'prevent changes' lock
  • Remote software that just carries on working when times are difficult

Thanks - am interested in your thoughts...

Grunta :)

  • Administrators
Posted

Hi Grunta,

We will improve agent credential management in the future, we agree there are cases when this mechanism doesn't perform well.

-Paul

  • 10 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...