Posted May 20, 20168 yr Hey guys, I'm fresh to Pulseway, and I must say this stuff is an eye opener to our current remote access tool!! I do have a few questions that I would like to ask before converting our 100+ devices to Pulseway. We have a satelite PC's and laptops that we want to install Pulseway on (which we would do unattended for the majority of).. Without having to go into each and every config afterwards and password protect the config with 'click here to prevent changes' and lock it down - is there a global change option that we can do for this? - the issue I have is with leaving this open is that someone only has to make changes to the username, password and servername, and we have complete disconnection to the monitored device... I know we could 'import Settings' from a file to get the system back up and running again, but telling some of our users how to do that can be time consuming.. So, is there a lock down available? Also, in the case of an ICT employee / contractor leaving (with knowledge of the Admin / install credentials), we would change the password and have it propagated to our agents - if we selected a selected propagated time and the device wasn't turned on during that time - does that mean a monitored device will not be connected again? Is this why we would employ the 2 factor authentication? Thanks - Grunta
May 25, 20168 yr Staff Hi Grunta, There is no global lockdown option available, however you can push the registry keys required to do so through a GPO. If you need assistance how to do that please send an email to support [at] pulseway [dot] com. If the device isn't online at least once during the password propagation period, then it will not show up again on the agent until it's credentials are manually updated. You can resolve this issue by registering all systems under an administrator account and then provide delegated access to the employees. Once an employee leaves the company you delete the account to revoke it's access to the systems. Regards Chris
May 31, 20168 yr Author Thanks Chris I have emailed you already... Is there a plan on the roadmap to possibly add this as a global policy within Pulseway? - that way if people do learn the of the lockdown password that it can be pushed down and updated across the Pulseway Group.... It would be a whole heap easier to manage as an administrator... Yes, we have run all our agent installs as the Administrator user, (and will do).... I really don't see how practical this three day password propagation before the agent is disconnected works in the real world.. Let me run this real world example to help explain what I mean: What say a laptop user has Pulseway installed - works fine We have the lock down installed settings with a 'prevent changes'. There is an employee / contractor issue & is promptly dismissed (on a Friday) We know they know the valid username password for Pulseway For preventive reasons we change the valid password for Pulseway (3 day propagation is enforce) Our laptop user is on extended vacation and doesn't return until Wednesday and is working from a satelite office many miles from support. More than 3 days has passed and now the Pulseway password doesn't sync up Pulseway 'prevent changes lock' is enforce To have them reconnect, we have to tell them the 'password' Now we have a possible security breach (the worker now knows the password - potentially the same across generic devices) Staff make the changes / import the file Pulseway reconnects (YAY!!!) My suggestion: Why not just have the existing / old password retained, when the device is next connected (could be a months time - or whenever) it would then simply pull the correct config / password.... As long as the device doesn't get deleted from the Pulseway Management, then it should just reconnect (thats where I guess the Computer Identifier ID comes into play).... By doing this, I think the risk / hassles would be reduced: Transparency to end user Connectivity/support just works. No hassles / panic for the the IT staff to contact the end user to have the device on before 3 days No breach in the end user knowing the 'prevent changes' lock Remote software that just carries on working when times are difficult Thanks - am interested in your thoughts... Grunta
June 2, 20168 yr Administrators Hi Grunta, We will improve agent credential management in the future, we agree there are cases when this mechanism doesn't perform well. -Paul
_a9c1b4.png){kind=logo}
_49ee3f.png){kind=logo}
Create an account or sign in to comment