1. 1. Server Requirements
  2. 2. Download
  3. 3. Install
  4. 4. Upgrade Software
  5. 5. Uninstall
  6. 6. Connecting to Pleasant Password Server
  7. 7. Server Address
  8. 8. Settings and Setup
  9. 9. Other Information
  1. Have Questions?  Contact Us!

Server Requirements

  • Windows 10/8/7/Vista or Windows Server 2016/2012/2008
  • .NET 4.5+

Detailed requirements

Download

  • Pleasant Password Server includes server-related components:
    • Pleasant Password Server
    • Server Database
    • Web Client - for admin & users
    • Service Config Utility - available from the Start menu

Install

  1.  Run the installer

  2. Navigate to the startup website, which will launch once installation is complete.
    • Click the default server link (https://localhost:10001) to go to your Password Server administrative web site.
    • Problems? See the instructions: here
  3. Sign in with the default credentials:

    User: admin
    Password: admin

  4. Change the Administrator password (you'll be prompted to do so). Add a secure and verified email address for admin user(s).
    • Note: We strongly recommend keeping & safe-guarding this local Administrator account and password
  5. Don't get locked out! Setup your Security Questions
    • Have a backup plan to protect against: forgetting the admin password, admin gets locked out
  6. First time installing? you may want to review:

 

Have Questions?  Contact Us!

Upgrade

Follow these steps to update your software:

Uninstall

  1. Open Control Panel > Programs > Programs and Features.
  2. Select Pleasant Password Server and click Uninstall.
  3. Click the Uninstall button in the window that appears (shown below).
    InstallUninstallSetup.png
  4. (Optional) Remove all traces:

    WARNING: After performing the steps below, your data will be unrecoverable. 

    1. Use the MMC Certificates snap-in to delete PasswordServer_Temporary_Placeholder_Certificate from the Personal store.
    2. Delete your database. Database location:
      • SQLite
      • Other providers: ask your Database Administrator.
    3. Delete the following registry keys:
      • HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions\PasswordManager
      • HKEY_CURRENT_USER\SOFTWARE\Pleasant Solutions\Pleasant Password Server

Connecting to Pleasant Password Server

  1. Determine the hostname of the computer running Password Server. On the computer running Password Server, open the Start menu. Right-click on Computer and click Properties. In the Properties window, locate the field Full Computer Name.
  2. Using another workstation, point your web browser at the address https://[hostname]:10001, where [hostname] is replaced by the Full Computer Name determined in step 1.
  3. On this administrative website, all supported clients can be downloaded from Client Downloads.

 

Note: When connecting to Password Server for the first time in your web browser, you might see a warning about an untrusted site or Certificate. This is due to the default TLS/SSL Certificate that comes with Password Server. This Certificate is Self-Signed (as opposed to being signed by a Trusted Certificate Authority) and also does not match the Domain Name that is being used to access your admin website. For internal company use, this Certificate is safe and this warning can be safely ignored. You can find instructions on configuring a custom Certificate here.

 

Server Address

In general, KeePass for Pleasant Password Server uses a URL in the form of https:break URL autogen//hostname:port to connect to your server instance.

However, clients will accept the server address if you forgot to specify https:// or a port number.

So, if on an intranet, these server addresses:

  • passwords.yourdomain.com
  • passwords.yourdomain.com:10001
  • http:break URL autogen//passwords.yourdomain.com
  • https:break URL autogen//passwords.yourdomain.com:10001

will *ALL* be redirected to:

If no port number is specified in the URL, port 10001 is used by default. If you change the port number of your server, you must specify that in your URL.

As with any web service, the server will respond to any traffic on its assigned port.

Opening Firewall Ports

By default, Pleasant Password Server runs on port 10001. If you want to access your passwords from a remote location, you may need to forward this port in your firewall settings.

Note: Pleasant Password Server will automatically try to add firewall rules for Windows Firewall. These rules will be removed when the service is stopped or uninstalled.

Using a Different Server Name

Using an internal DNS, you can add an entry pointing to the server and have all clients on your intranet or VPN easily access the server via any name you choose.

In a Windows environment, you can also access it using the computer name (i.e. Server11223).

  • This function relies on NetBIOS resolution and has to be the name of the server only.
  • In a small user space, you can also just modify the hosts file for all workstations accessing the server, but this is not a scalable long-term solution as it's difficult to update.

Configuring External Access

For external access, configuration is as easy as installing the server for local use, with the exception that you must have your network infrastructure configured properly.

  • Traffic from the internet needs to be routed to your password server hosted internally.
  • You should also be aware of security implications of opening ports in your firewall to the internet.
  • Read more about port forwarding.
  • More important than this, we recommend using a valid, third-party signed certificate. This will ensure a secure connection between your client device and the server.

Settings and Setup

Roles

Roles allow multiple users to be given the same entry/folder access. They are also the only way to assign server-wide permissions ("permissions") like the ability to view logs or edit users. Roles can inherit both permissions and access from other roles; if the roles Developer and IT are made sub-roles of DevOps, DevOps inherits the permissions and access of Developer and IT combined (DevOps-specific permissions and access can be added separately).

Important: the Administer Users permission should be treated as the keys to the kingdom - all permissions and full access to all entries and folders - because a user with only this permission (via his role) can simply make his role the parent of any other role to gain the latter's permissions and access.

Access Levels

An Access Level is simply a name for a group of permissions assigned as a unit.  Password Server ships with several built-in Access Levels: Full, Full + Grant, and Full + Grant + Block (see here for an explanation of Block). Enterprise and higher editions add a fourth built-in level (Read-only) and allow the creation of entirely new Access Levels (eg, perhaps you'd like some admins to have broad access-granting abilities but no password access themselves?  Create an Access Level with only G permissions!).

Access Levels are a key feature in Pleasant Password Server (PPASS) which let you control access (both per-user and per-role) to actions such as Adding, Deleting, and Viewing Entries and Folders. Each of these actions (see here for an full listing) has two associated permissions: A ("Action") permits the action itself, while G ("Grant") permits the holder to assign the corresponding A permission to other users (the special, G-only "Permissions" action alters each of the other G permissions so that it permits the holder to assign itself in addition to the corresponding A). A good understanding of G permissions, in particular, is necessary for such common tasks as the creation of sub-admins with responsibility over some portion of the folder tree.

Note: An access level that is in use cannot be deleted. Click the "In Use" button attached to any such Access Level to see a list of use sites.

To add or remove access on a particular folder (and everything nested within it - access is inherited!) or credential, click the (FolderActions button and select Security (the default Admin user has Full + Grant + Block (every available permission) access on the root of the folder tree, and thus on all folders and credentials except those on which Access Inheritance has been blocked).

User Settings

Use the Settings page to control Private Folder defaults, the visibility of menu entries, custom branding, and the setup of email sending by Password Server.

Other Information

Database

Pleasant Password Server automatically uses a SQLite database to store your password and user configuration data. If you would prefer to use MS SQL or Postgre SQL, you use the Service Configuration utility installed alongside Password Server. This page provides more detail regarding use of other supported databases.

Structuring the Password Server and KeePass Client

For information on how to structure your Pleasant Password Server and/or your KeePass Client, click here.

Connecting with Internet Explorer

If you plan on accessing your installation of Pleasant Password Server on an intranet with Internet Explorer, you may have to change a few settings in your browser.

By default, Internet Explorer may attempt to show the Password Server website in Compatibility View. When viewing the website in Compatibility View, all of the buttons and and navigation tabs will have square corners and will not work. To resolve this, follow this guide to change your settings: Using Compatibility View

Trouble?

If you having issues getting set up, you may want to view our video Setting Up Pleasant Password Server.

If you have any further problems or questions:

 

The Pleasant Solutions support team would be happy to help you.

Tag page
You must login to post a comment.