It is a challenge for IT infrastructure teams to keep details on local admin accounts. Many organizations don’t know all the admin accounts on their network, which is a huge vulnerability from an audit and risk perspective. Unknown and unmanaged accounts are an easy way for intruders to access your network and insiders to bypass audit controls. Privileged accounts are all over your network, from Windows administrator accounts on workstations and servers, Linux & Mac root passwords, to domain admin accounts in Active Directory.

Controlling access to your local admin accounts is a critical aspect of any organizations Identity and Access Management strategy. By using Secret Server, your admins are able to scan your network for local admin accounts and then pull the local admin account information into Secret Server’s secure repository. For example, if your auditors have asked you to keep detailed records on company issued laptops – Secret Server can scan your network, find every laptop and then take control of the local admin account by changing the password (applying your organization’s password policy) and controlling future access to those credentials in the Secret Server repository.

Service accounts are used to run various services (Windows Services, tasks, app pools and more) on the network. Managing passwords on these service accounts (or application accounts) is difficult; typically, no one really knows where service accounts are being used, often one account is used in multiple places, and admins often create new services accounts whenever needed. From a management and audit perspective, this is a nightmare and not many organizations have taken the necessary steps to control the creation and use of these service accounts.

Secret Server can manage your service accounts to automatically change the passwords on a regular schedule. Using Discovery for service accounts allows you to scan the network to:

Discovery for service accounts reduces manual errors in managing these accounts, sets up an audit trail for all service accounts, tracks usage and simplifies the management process.

For more information on configuring Discovery please review our KB walkthrough

(Requires Premium Edition or Add On)

Managing admin credentials in today’s fast paced IT environments is challenging. Automated rules can help an IT team to save time, ensure all accounts are protected as needed, and also eliminate the potential for human error when managing passwords on sensitive accounts.

Secret Server can automatically scan for local privileged accounts and Active Directory service accounts. You can set up rules for creating and managing access to these accounts. In a dynamic server environment, where new machines are constantly being added, Secret Server can find the new accounts on your network, change the password using a privileged account, and import the credentials to the Secret Server repository. Secret Server can automatically link up new Services, Scheduled Tasks, or App Pools as dependencies to the appropriate service account Secret. This ensures that passwords used by dependent services are synchronized.

Rules ensure that your password repository accurately reflects the accounts in use on your network and that your password policies are being consistently enforced.

Discovery can also be extended using PowerShell to find accounts or services if Secret Server doesn’t have an out of the box connector. Learn more about extensible Discovery here.