+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Define, Apply , and Standardize Security Policies across Secret Server

July 2nd, 2014

When managing sensitive, privileged accounts, the ability to dial down granular policies and controls is imperative for a strong security posture. Secret Server provides a wide landscape of customization for security policies on Secrets. Most configurations can be set at either the Template or the Secret level. This approach provides admins global and granular control of Secrets to optimize your company’s internal security policies.

In previous versions of Secret Server, a fair amount of administration was needed to maintain newly configured Secrets. Security settings had to be set when the Secret was created, while administrators checked that users were assigning the correct configurations based on company policy. By introducing Secret Policy, administrators can cut down on time used to manage individual policies on secrets and ensure their instance of Secret Server is configured correctly.

As of 8.6, Security Policy allows administrators to set controls at the folder level, affecting all Secrets in a particular folder and confirming that any Secret created within a folder has the correct security settings assigned.

For example, if Active Directory accounts are set to Auto Change their password every 90 days, but there are 100 of these that are domain administrator accounts needing to expire every 45 days, a Secret Policy can be created and applied only to these Secrets that activates this timed password rotation. Without making any changes at the template level, I am still able to maintain the default settings for my other Active Directory Secrets.

Secret Policy also provides the option to configure a default setting, such as when a new Secret is added to a folder with the policy applied, as well as the option to enforce settings so users cannot change them. Below is an example of a security policy set for domain admin accounts. This policy sets Auto-Change for every 45 days. Heartbeat and Check Out are required, while changing passwords on Check In is optional. Require Comment is also enforce for all the secrets created with this policy in effect.

Secret Server Secret Policy


Want to learn more about Secret Policies? Join us Thursday, July 10 at 1:00 PM for live demonstrations of setting Security Policies in our monthly webinar. We hope to see you there!


The following two tabs change content below.

Thycotic Team

We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.

Leave a Reply