Contact Us
Help Center Home > VaultOne > VaultOne: Configure Password Rotation for Windows Servers

VaultOne: Configure Password Rotation for Windows Servers

Use a dedicated script from VaultOne to perform automated password rotation for your Windows servers. This process involves configuring the credential within the VaultOne application, then installing the script on your target server.

Prerequisites:

  • You must have administrative access to your VaultOne instance.
  • You must have administrator privileges on the target Windows server.
  • For rotating passwords of Active Directory (AD) users, the user running the script must have "Reset Password" permissions and a higher group permission level than the user whose password is being rotated.

Configuring Rotation and Downloading the Script from VaultOne

This procedure covers enabling the feature, downloading the necessary script, and generating the security key required for installation.

  1. In VaultOne, go to the Passwords menu.
  2. Select the desired password to view its edit screen.
  3. Click the Password Rotation tab.
  4. Select the Use automatic password rotation for this credential checkbox.
  5. Click Save.
  6. Return to the Passwords menu and find the credential you just configured.
  7. Click Actions, then select Password Rotation. A new window opens.
  8. In the new window, click Download Windows (PowerShell) Script.
  9. Next, in the same window, click Generate key.

Important:

This key is displayed only once. You must copy it immediately before you close the window.

  1. Move the downloaded script file to the target Windows server.

Installing the Script on the Windows Server

Complete the process by running the installer script in PowerShell.

  1. On the target server, open PowerShell with administrator privileges.
  2. Go to the directory where you saved the downloaded script.
  3. Open the script file in an editor and add the following line at the beginning of the script: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  4. Save and close the script file.
  5. In your PowerShell window, run the installer script.
  6. Follow the on-screen prompts. When asked, select whether the user is a local or Active Directory user.
  7. When prompted, paste the security key you generated from VaultOne.

Warning:

Password rotation is only supported on machines that use TLS protocol versions 1.2 and 1.3.

Back to Top

List IconIn this Article

Notebook IconLearn More

VaultOne: Enable Password Rotation

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case