Secret Server Feature: Change Network Passwords
Change passwords automatically when they expire
Automatically change passwords based on your organization’s security policies.
What’s the challenge?
In most organizations, both large and small, compliance or security best practices require that privileged passwords be changed regularly—a task that is easily overlooked.
Why it’s important
When passwords need to be changed on an ad-hoc basis, such as when an admin leaves or if a security breach occurs, it’s critical to automate the process to ensure that your security team can move quickly to address threats.
How this feature solves it
Using Secret Server password management software you can easily automate privileged password changes on a schedule to meet compliance mandates. Secret Server’s built in password changing and expiration schedules ensure that critical passwords are changed automatically, without manual intervention. Support is built in for many common platforms for an easy deployment process:
- Windows Local Administrator Accounts
- Active Directory / LDAP
- Microsoft SQL Server
- Unix / Linux
- Blue Coat
- VMWare ESXi
- Websites (Google, Salesforce, Amazon, Office365)
- Any SSH, Telnet, or ODBC interface.
- See the full list here
All Remote Password Changing features such as Check Out and Heartbeat work with these platforms, so you can provide additional security as well as verify that passwords are correct.
TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the blue trial form.
View Secret Server’s full list of user-friendly features.
Password changing occurs either on a manual kick off or when a Secret expires. When that happens Secret Server generates a new random password, connects to the target and updates the account. No Agents are required and you can even take over accounts if the password is unknown.
These features require Premium Edition or add-on licenses:
Service Account Management
In order to keep applications up to date after a password change, Secret Server can immediately synchronize Scheduled Tasks, Windows Services, and IIS App Pool service accounts.
- An IIS AppPool that uses a Domain account as its identity.
- A Service Account running a Windows Service.
- A task that is scheduled to run as a particular user.
- COM+ services running as a Service Account.
- Passwords embedded in flat files and configuration files.
- A password hash in a database with custom SQL scripting
- Update passwords in custom applications using your own PowerShell scripts.
One Time Passwords
Check Out forces accountability on Secrets by granting exclusive access to a single user. Once the Check Out time period is up, Secret Server sets a new password on the account. This guarantees that users must go through Secret Server to access machines with privileged accounts and enforces audit trail integrity.
Customize Password Changing
Secret Server allows you to upload PowerShell, SQL, and SSH scripts to extend password changing to platforms not support out of box. Scripts can also be kicked off after a password change for custom service account management. Send emails, interact with custom applications, update databases, or call API’s.
Speaking of password policies…do you have strong password protection policies in place to prevent unauthorized access or demonstrate security compliance? Get our FREE Security Policies Template for Privileged Passwords.