Local Admin Account Credential Rotation PSAgent

Using the Local Admin Account Credential Rotation PSAgent (PowerShell Script) allows for local admin accounts to have their credential updated and populated into Passportal.

After the initial run of the script, re-running the script will update the credential and push the updated credential information to Passportal. The script can be re-run manually, or via a suitable scheduling mechanism.

Prerequisites

The Client must have Active Directory and Entra ID Integration set to Connect to Active Directory, with Sync Behavior as either One Way Sync (AD to Passportal) or Two Way Sync.

Download the Script

The PowerShell script is downloaded from the Passportal web console:

1. Navigate to Settings > Downloads
2. Click the download link for Passportal PSAgent

First Time Run

Make sure you have the Agent Key, Organization Key and the Local account username

1. Copy the script to the target device
2. Run the script on the device
3. Provide the three parameters when prompted
   1. Agent Key
   2. Organization Key
   3. Local account username

The script will encrypt and store the above information in the folder [UserAppData]\Local\N-able\Passportal\ and will generate a new password (using the rules provided in the Passportal organization rules) and be assigned to that local user.

The user will also be created in Passportal along with the generated credential.

Subsequent Runs

1. Schedule the script to re-run on the device using a suitable mechanism (or run manually) on the machine with the local user
   • The configuration supplied in the first run will be used
2. Both the local user and Passportal record will be updated with a randomly generated password

Resetting Script/Config

1. Delete the Passportal configuration folder stored at [UserAppData]\Local\N-able\Passportal\
2. Repeat all steps in First Time Run (above)