Phone Number +1-202-802-9399 (US)


Find unmanaged and unknown privileged accounts

Quickly scan your network to find and take over privileged accounts with Secret Server’s automatic Discovery


The first step in managing privileged accounts is finding accounts you don’t know exist. IT may not inventory all accounts, due to manual processes or error. Automatic discovery of privileged accounts makes it simple to find all your privileged accounts and manage them.


Without knowing where privileged accounts exist, you may be leaving backdoor accounts in place. These allow users to bypass proper controls and auditing. External threats may create user accounts for later access that can go undetected for months. Automatic scanning for privileged credentials alerts you when unexpected accounts are found.


Secret Server’s Discovery finds vulnerable unmanaged privileged and shared accounts. Discovery can automatically find accounts, map existing Secrets to those accounts. Rule based imports take over unmanaged accounts and import them into Secret Server.

TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use! Start your free trial of Secret Server using the trial form. Or, discover local admin accounts, service accounts, and applications in use on endpoints with this FREE Least Privilege Discovery Tool for Windows.

It is a challenge for IT infrastructure teams to keep details on local admin accounts. Many organizations don’t know all the admin accounts on their network, which is a huge vulnerability from an audit and risk perspective. Unknown and unmanaged accounts are an easy way for intruders to access your network and insiders to bypass audit controls. Privileged accounts are all over your network, from Windows administrator accounts on workstations and servers, Linux & Mac root passwords, to domain admin accounts in Active Directory.

Controlling access to your local admin accounts is a critical aspect of any organizations Identity and Access Management strategy. By using Secret Server, your admins are able to scan your network for local admin accounts and then pull the local admin account information into Secret Server’s secure repository. For example, if your auditors have asked you to keep detailed records on company issued laptops – Secret Server can scan your network, find every laptop and then take control of the local admin account by changing the password (applying your organization’s password policy) and controlling future access to those credentials in the Secret Server repository.

Network View of Discovery showing managed accounts and account status

Service accounts are used to run various services (Windows Services, tasks, app pools and more) on the network. Managing passwords on these service accounts (or application accounts) is difficult; typically, no one really knows where service accounts are being used, often one account is used in multiple places, and admins often create new services accounts whenever needed. From a management and audit perspective, this is a nightmare and not many organizations have taken the necessary steps to control the creation and use of these service accounts.

Secret Server can manage your service accounts to automatically change the passwords on a regular schedule. Using Discovery for service accounts allows you to scan the network to:

  • Find all the service accounts on your network and the dependent services, tasks, and app pools
  • Determine where each service account is being used (including new usages since last scan)
  • Import all service accounts into the Secret Server repository for management and auditing

Discovery for service accounts reduces manual errors in managing these accounts, sets up an audit trail for all service accounts, tracks usage and simplifies the management process.

For more information on configuring Discovery please review our KB walkthrough

Network View of Discovery

Managing admin credentials in today’s fast paced IT environments is challenging. Automated rules can help an IT team to save time, ensure all accounts are protected as needed, and also eliminate the potential for human error when managing passwords on sensitive accounts.

Secret Server can automatically scan for local privileged accounts and Active Directory service accounts. You can set up rules for creating and managing access to these accounts. In a dynamic server environment, where new machines are constantly being added, Secret Server can find the new accounts on your network, change the password using a privileged account, and import the credentials to the password repository. Secret can automatically link up new Services, Scheduled Tasks, or App Pools as dependencies to the appropriate service account Secret. This ensures that passwords used by dependent services are synchronized.

Rules ensure that your password repository accurately reflects the accounts in use on your network and that your password policies are being consistently enforced.

Discovery can also be extended using PowerShell to find accounts or services if Secret Server doesn’t have an out of the box connector. Learn more about extensible Discovery here.

Network View of Discovery

Try Secret Server for 30 Days

  • Free Enterprise level support
  • Choose your preferred deployment option
  • The easiest PAM Solution you’ll ever use
Choose your deployment option:
By completing this form you are opting into emails from Thycotic. You can unsubscribe at any time.

See comprehensive feature list