Secret Server Feature

Change Network Passwords

Automatically change passwords based on your organization’s security policies.

The challenge

In most organizations, both large and small, compliance or security best practices require that privileged passwords be changed regularly—a task that is easily overlooked.

Why it's important

When privileged account passwords need to be changed on an ad-hoc basis, such as when an admin leaves or if a security breach occurs, it’s critical to automate the process to ensure that your security team can move quickly to address threats.

How we solve it

Using Secret Server password management software you can easily automate privileged password changes on a schedule to meet compliance mandates. Secret Server’s built in password changing and expiration schedules ensure that critical passwords are changed automatically, without manual intervention. Support is built in for many common platforms for an easy deployment process.

  • Windows Local Administrator Accounts
  • Active Directory / LDAP
  • Microsoft SQL Server
  • Unix / Linux
  • Cisco
  • Juniper
  • Blue Coat
  • Sybase
  • VMWare ESXi
  • MySQL
  • Oracle
  • AS/400
  • SAP
  • Websites (Google, Salesforce, Amazon, Office365)
  • Any SSH, Telnet, or ODBC interface.
  • See the full list here

All Remote Password Changing features such as Check Out and Heartbeat work with these platforms, so you can provide additional security as well as verify that passwords are correct.

Additional Information

Password changing

Password changing occurs either on a manual kick off or when a Secret expires. When that happens Secret Server generates a new random password, connects to the target and updates the account. No Agents are required and you can even take over accounts if the password is unknown.

These features require Premium Edition or add-on licenses

Service Account Management

In order to keep applications up to date after an account password change, Secret Server can immediately synchronize Scheduled Tasks, Windows Services, and IIS App Pool service accounts.

Examples include:
  • An IIS AppPool that uses a Domain account as its identity.
  • A Service Account running a Windows Service.
  • A task that is scheduled to run as a particular user.
  • COM+ services running as a Service Account.
  • Passwords embedded in flat files and configuration files.
  • A password hash in a database with custom SQL scripting

One Time Passwords

Check Out forces accountability on Secrets by granting exclusive access to a single user. Once the Check Out time period is up, Secret Server sets a new password on the account. This guarantees that users must go through Secret Server to access machines with privileged accounts and enforces audit trail integrity.

Customize Password Changing

Secret Server allows you to upload PowerShell, SQL, and SSH scripts to extend password changing to platforms not support out of box. Scripts can also be kicked off after a password change for custom service account management. Send emails, interact with custom applications, update databases, or call API’s.

Speaking of password policies… do you have strong password protection policies in place to prevent unauthorized access or demonstrate security compliance? Get our FREE Security Policies Template for Privileged Passwords.

Secret Server Hosting

Security Solutions as a service.
Maximize your password security,
Minimize your security risks.