Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

Wham! IIS Application Pools & Scheduled Tasks available for Discovery

Written by Thycotic Team

December 24th, 2013

Secret Server version 8.4.000000 boasts a number of exciting new features for Discovery, with a focus on expanded functionality for rules and service account dependencies.

Discovery has always been a great tool for detecting and importing Windows local accounts and service accounts from the computers on your network. Now, in addition to Windows services, Discovery can also detect IIS Application Pools and Scheduled Tasks running on your domain-joined machines. Secret Server can either import them as dependencies for existing Secrets or create a new Secret for the account and dependency.

What to look for: An icon indicating the dependency type on the Service Accounts tab of Discovery Network View.

Service Account Tabs | Secret Server

Another addition to service account Discovery is Dependency Rules. Much like the Discovery Rules that apply to local Windows accounts, Dependency Rules allow you automatically import dependencies based on domain or OU. Subsequently, new event subscription actions are available that provide the option to send notifications when dependencies are added, deleted, or fail a password change.

What to look for: Discovery Dependency Rules can be found by clicking Discovery Rules from the main Discovery page, or by clicking View Rules at the bottom of the Service Accounts tab of Discovery Network View.

Discovery Rules | Secret Server

The Discovery administration page has also had a bit of a makeover. You will now have the option to enable or disable Discovery for each account/dependency type. For example, if you would only like to use Discovery for Windows services, you can disable Discovery for all other types, leaving Windows Service Discovery enabled. Now when Discovery scans machines, either automatically or manually (click the Run Now button above the Computer Scan Log), it will only return Windows service results. Scanning will be completely turned off and inaccessible for every type of Discovery that is marked disabled.

What to look for: Additional Discovery options at the top of the main Discovery page. Discovery logs for local and service accounts have also been consolidated on this page to make viewing Discovery logs simpler and more centralized.

Discovery Configuration | Secret Server