Secret Server Feature

Proxying RDP

Control Domain Admin Credentials with the RDP Proxy
Limit where domain admins can connect from

The challenge

Domain admin credentials are often the least controlled and most abused credentials in the enterprise today. Windows system admins frequently have access to these credentials, rarely change them, use weak passwords, and access everything using them.

Why it's important

These credentials are open to a wide range of risk possibilities. One of the best ways to reduce risk is to reign in control of domain admin credentials, but this is hard to do unless you can take control of these accounts and prevent admins from randomly accessing your servers.

How we solve it

Thycotic Secret Server provides a proxy capability that can be used to ensure the only way to access your Windows servers is by coming through the Thycotic Secret Server vault.

Direct access can be prevented at your firewall level, which forces administrators to use Thycotic Secret Server to store their domain admin credentials, and use the proxy to access servers.

Additional Information

Controlling Admin Domain Credentials

This approach to controlling admin domain credentials is seamless and does not negatively impact the administrator’s productivity. There are many advantages to vaulting and proxying domain admin credentials:
  • You can set strong password requirements on domain admin passwords. For example: 50 randomized characters.
  • You can automatically rotate domain admin passwords after they are used. This helps mitigate Pass the Hash and Pass the Ticket attacks.
  • All access to your Windows servers is now fully audited as there is no “backdoor” way to access a server.

The RDP proxy can be used in conjunction with the session recording and monitoring to provide a full audit log of what was done on the target server. For more information on the proxy configuration and performance see this KB article.

Secret Server Hosting

Security Solutions as a service.
Maximize your password security,
Minimize your security risks.