Secret Server Feature


Find unmanaged and unknown privileged accounts
Quickly scan your network to find and takeover privileged accounts with Secret Server’s automatic Discovery

The Challenge

The first step in managing privileged accounts is finding accounts you don’t know exist. IT may not inventory all accounts, due to manual processes or error. Automatic discovery of privileged accounts makes it simple to find all your privileged accounts and manage them.

Why it's important

Without knowing where privileged accounts exist, you may be leaving backdoor accounts in place. These allow users to bypass proper controls and auditing. External threats may create user accounts for later access that can go undetected for months. Automatic scanning for privileged credentials alerts you when unexpected accounts are found.

How we solve it

Secret Server’s Discovery finds vulnerable unmanaged privileged and shared accounts. Discovery can automatically find accounts, map existing Secrets to those accounts. Rule based imports take over unmanaged accounts and import them into Secret Server.

Additional Information

Account Discovery

(Requires Professional Edition)

It is a challenge for IT infrastructure teams to keep details on local admin accounts. Many organizations don’t know all the admin accounts on their network, which is a huge vulnerability from an audit and risk perspective. Unknown and unmanaged accounts are an easy way for intruders to access your network and insiders to bypass audit controls. Privileged accounts are all over your network, from Windows administrator accounts on workstations and servers, Linux & Mac root passwords, to domain admin accounts in Active Directory.

Controlling access to your local admin accounts is a critical aspect of any organizations Identity and Access Management strategy. By using Secret Server, your admins are able to scan your network for local admin accounts and then pull the local admin account information into Secret Server’s secure repository. For example, if your auditors have asked you to keep detailed records on company issued laptops – Secret Server can scan your network, find every laptop and then take control of the local admin account by changing the password (applying your organization’s password policy) and controlling future access to those credentials in the Secret Server repository.

Service Accounts

(Requires Premium Edition)

Service accounts are used to run various services (Windows Services, tasks, app pools and more) on the network. Managing passwords on these service accounts (or application accounts) is difficult; typically, no one really knows where service accounts are being used, often one account is used in multiple places, and admins often create new services accounts whenever needed. From a management and audit perspective, this is a nightmare and not many organizations have taken the necessary steps to control the creation and use of these service accounts.

Secret Server can manage your service accounts to automatically change the passwords on a regular schedule. Using Discovery for service accounts allows you to scan the network to:

  • Find all the service accounts on your network and the dependent services, tasks, and app pools
  • Determine where each service account is being used (including new usages since last scan)
  • Import all service accounts into the Secret Server repository for management and auditing

Discovery for service accounts reduces manual errors in managing these accounts, sets up an audit trail for all service accounts, tracks usage and simplifies the management process.

For more information on configuring Discovery please review our KB walkthrough

Advanced Discovery

(Requires Premium Edition or Add On)

Managing admin credentials in today’s fast paced IT environments is challenging. Automated rules can help an IT team to save time, ensure all accounts are protected as needed, and also eliminate the potential for human error when managing passwords on sensitive accounts.

Secret Server can automatically scan for local privileged accounts and Active Directory service accounts. You can set up rules for creating and managing access to these accounts. In a dynamic server environment, where new machines are constantly being added, Secret Server can find the new accounts on your network, change the password using a privileged account, and import the credentials to the Secret Server repository. Secret Server can automatically link up new Services, Scheduled Tasks, or App Pools as dependencies to the appropriate service account Secret. This ensures that passwords used by dependent services are synchronized.

Rules ensure that your password repository accurately reflects the accounts in use on your network and that your password policies are being consistently enforced.

Discovery can also be extended using PowerShell to find accounts or services if Secret Server doesn’t have an out of the box connector. Learn more about extensible Discovery here.

Secret Server Hosting

Security Solutions as a service.
Maximize your password security,
Minimize your security risks.