Table of Contents
GETTING STARTED ...................................................................................................... 2
USER MANAGEMENT ................................................................................................. 36
TWO FACTOR AUTHENTICATION ............................................................................. 74
RESOURCE MANAGEMENT ..................................................................................... 100
HIGH AVAILABLILITY ............................................................................................... 219
SESSION MANAGEMENT ......................................................................................... 250
MISC ........................................................................................................................... 275
Getting Started
Introduction
Contents
Overview
Password Manager Pro - where passwords reside in safe custody
How secure are your passwords in Password Manager Pro?
Documentation Structure
Overview
In this age of IT revolution, most business applications deal with sensitive intellectual
property and strategic information that are critical to the success and even survival of the
enterprise. User access control systems are in place almost everywhere to protect the
intellectual property.
Over a period of time at work, even a normal user acquires an amazing number of user
accounts. Still more complex is the work of Network Administrators and System
Administrators who deal with hundreds of passwords at various levels. Consequently, it
becomes a daunting task for anyone to keep track of all the passwords. Users tend to store
the user name and password information somewhere in their system locally or in a central
location when multiple administrators need to use the information.
As System and Network Administrators mostly deal with sensitive administrative passwords,
also known as privileged passwords, which provide complete access to all sensitive
applications and data, any mismanagement of such passwords would result in a huge
security risk exposing the applications to misuse and attacks by identity thieves.
The way out is the use of a secure password management solution that enables secure
storage of administrative passwords offering the flexibility to share them among multiple
users based on fine-grained user authorization.
Password Manager Pro - where passwords reside in safe custody
ManageEngine Password Manager Pro (PMP) is a Password Management Solution for
Enterprises to manage the administrative/privileged passwords. It serves as a centralized
repository for storing user names and passwords of any 'network resource' such as a
network device, a desktop server, an application et al.
PMP serves not just as a secure password repository, but offers a complete Password
Management solution. Using PMP, one can store all passwords in encrypted form in the
database and achieve role-based access control for users. That is, administrators can
centrally create users, assign them with specific roles and define access levels. Only
authorized users will get access to view, edit or manage the permitted 'resources' (the
resources assigned to them) based on their role. Thus, PMP facilitates encrypted storage
and secure sharing of passwords in enterprises where multiple users will have access to
multiple resources. The user account information and passwords can be accessed from a
central web interface.
PMP helps in achieving password reset too. Existing passwords of remote resources can be
changed from PMP itself and the changed passwords are stored in the repository. The
comprehensive auditing mechanism of PMP helps in tracking who changed what and when,
thereby ensuring accountability in multi-member environment.
Highlights
Centralized, administrative password management
Manage shared administrative passwords
A-to-A, A-to-DB password management
Password encryption using AES algorithm
Provision for importing users from AD, LDAP and leveraging AD/LDAP authentication
Provision for smart card authentication
Role-based access control for users
Password access control workflow
Super administrator Support
Remote password reset
Windows service account reset
Post password reset script execution
Privileged Session Management
Automatically connecting to servers and applications from PMP GUI
Setting password expiry dates
Real-time notifications for password events
Two-factor Authentication for enhanced security
High availability
Password generator that helps in generating hard-to-guess passwords
Password policy definition and enforcement
Comprehensive audit mechanism recording all user operations for all resources
Informative reports. Provision for creating custom reports, which helps in meeting
regulatory compliance requirements
Tools for scheduled backup of database and disaster recovery
Provision for storing the passwords for personal use such as Email account information,
Credit Card Numbers, PIN etc.
Access from anywhere through web browser
Anytime, anywhere access through mobile app
How secure are your passwords in Password Manager Pro?
Ensuring the secure storage of passwords and offering high defense against intrusion are
the mandatory requirements of PMP. The following measures ensure the high level security
for the passwords:
Passwords entered are encrypted using the Advanced Encryption Standard (AES) and
stored in the Database. So, hacking of passwords from the database, is highly
improbable. AES has been adopted as an encryption standard by the U.S. Government
Role-based, fine-grained user authentication mechanism ensures that the users are
allowed to view the passwords based on the authorization provided
All transactions through the PMP browser take place through HTTPS
Refer to Security Specifications document for more details.
Documentation Structure
This Help Documentation contains two parts:
Installation & Getting Started provides information on how to install PMP, how to
connect Web Interface and start working with the solution
Working with Password Manager Pro provides information about the workflow in PMP.
The subsequent topics provide information on the arrangement of the various tabs in
PMP Web Interface through which various Password Management operations could be
performed. This also deals with the pre-requisite browser settings and important
terminologies used in the product.
Installation & Getting Started
Contents
Overview
Prerequisite
System Requirements
Installing Password Manager Pro
In Windows
In Linux
Starting and Shutting Down
In Windows
In Linux
Connecting Web Interface
Using MS SQL Server as Backend
Migrating data from MySQL to MS SQL Server in PMP
Quick Start Guide
Managing PMP Encryption Key
Ports Used by Password Manager Pro
Licensing
Moving PMP Installation from One Machine to Another / Within Same Machine
MSP Edition
Overview
Welcome to ManageEngine Password Manager Pro!
This section provides information on how to install Password Manager Pro (PMP) in your
system. This section also deals with the system requirements for PMP, how to install the
solution, how to start and shutdown and how to connect web interface after successfully
starting the server.
Prerequisite Software
There is no prerequisite software installation required to use PMP. The standard system
(hardware and software) requirements as mentioned below plus an external mail server
(SMTP server) are essential for the functioning of PMP server and to send various
notifications to users.
System Requirements
Following table provides the minimum hardware and software configuration required by
PMP:
Hardware
Operating systems
Web Interface
Processor
Windows
1.8 GHz Pentium®
processor
RAM
2 GB
Hard Disk
200 MB for product
10 GB for database
Windows 2000 Server / Professional
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows XP Professional
Windows Vista
Windows 7
Windows 8
Linux
Ubuntu 9.x and above
CentOS 4.4 & above
Red Hat Linux 9.0
Red Hat Enterprise Linux 5.3, 5.4, 5.5
PMP normally works well with any
flavor of Linux
Note: Password Manager Pro can be run on
VMs of the above operating systems
HTML client requires one of the
following browsers** to be installed in
the system:
IE 7 and above (on Windows)
Chrome, Firefox, and Safari (on
Windows, Linux and Mac)
** PMP is optimized for 1280 x 800
resolution and above.
Database
PostgreSQL 9.2.4, bundled with
the product.
Supports MySQL and MS SQL
Server 2005 and above also.
SQL server should be installed in
Windows 2003 Server and
above.
Components of PMP
PMP consists of the following components:
The PMP server
PMP agent that helps in connecting to remote resources
PostgreSQL 9.2.1 bundled with PMP. It runs as a separate process. It accepts
connections only from the host in which it is running and is not visible externally
Installing PMP
In Windows
Download and execute ManageEngine_PMP.exe
The installation wizard will guide you through the installation process
Choose an installation directory - by default, it will be installed
in C:/ManageEngine/PMP; Henceforth, this installation directory path shall be referred
as "PMP_Home"
In the final step, you will see two check-boxes - one for viewing ReadMe file and the
other one for starting the server immediately after installation; if you choose to start the
server immediately, it will get started in the background.
If you choose to start the server later, after installation, you can start it from the Start
>> Programs >> ManageEngine Password Manager Promenu
From the Start Menu, you can perform other actions such as stopping the server and
uninstalling the product
In Linux
Download ManageEngine_PMP.bin for linux
Assign executable permission using command chmod a+x
Execute the following command: ./
Follow the instructions as they appear on the screen
PMP is installed in your machine in the desired location. Henceforth, this installation
directory path shall be referred as "PMP_Home".
Starting & Shutting Down PMP
In Windows
Using Start Menu
Using Tray Icon
From Start >> Programs >> Password
Once you installed PMP, in the windows tray area
Manager Pro menu, you can do the
on the far right end of your task bar, you will find
following:
Start PMP service
Stop PMP service
Launch Tray Icon
View Help Documentation
Uninstall the product
In Linux
the
for PMP.
Right click the tray icon and click the desired
operation
Start PMP Service
Stop PMP Service
PMP web console
Installing as Startup Service
Starting & Stopping the Server as
Service
Login as root user
To Start PMP as a service in Linux
Open a console and navigate
to
/bin directory
Login as root user
Execute /etc/rc.d/init.d/pmp-service
Execute "sh pmp.sh install" (In Ubuntu,
start
execute as "bash pmp.sh install")
PMP server runs in the background as
To uninstall, execute the script "sh pmp.sh
remove"
service
To Stop PMP Server started as service in
Linux
Execute /etc/rc.d/init.d/pmp-service
stop(as root user)
Connecting Web Interface
Automatic Browser Launch
Once the server is started successfully, a browser is automatically launched with the PMP
login screen. As the connection is through HTTPS, you will be prompted to accept security
certificate. Hit 'Yes' and then type the user name and password in the login screen and
press Enter. For an unconfigured setup, the default user name and password will be admin