Network Password Changing works hand-in-hand with our Secret Expiration feature.
When a password, or Secret, expires a background process in Secret Server password management software will automatically generate a new password – which can be customized – and set the new password on the remote account.
Expiring Secrets are automatically given new passwords. Secret Server software supports changing passwords on:
- Windows local admin accounts (whether domain joined or not
- Active Directory
- Microsoft SQL Server
- Unix / Linux
- VMWare ESXi
- …and any interface using SSH or Telnet.
In addition to on-premise network password changing, Secret Server can update web site credentials. Currently Google, Amazon, and Windows Live accounts are supported. All Remote Password Changing features such as Check Out (see more below) and Heartbeat work with these platforms, so you can provide additional security as well as verify that passwords are correct.
These three services require Enterprise Edition:
Updating Windows Scheduled Tasks and Service Accounts
Remote Password Changing (RPC) provides immediate synchronization for Scheduled Tasks, Windows Services and IIS App Pool Users. You can keep all the dependencies up to date with the appropriate account information from any RPC Secret.
- An IIS AppPool that uses a Domain account as its identity.
- A Service Account running a Windows Service.
- A task that is scheduled to run as a particular user.
- COM+ services running as a Service Account.
- Passwords embedded in flat files and configuration files.
- Update passwords in custom legacy applications using your own PowerShell scripts.
Check Out Secrets
The Check Out feature forces accountability on Secrets by granting exclusive access to a single user. If a Secret is configured for Check Out, a user can access it, but after checking it in Secret Server automatically forces a password change on the remote machine.
No other user can access a Secret while it is checked out unless Unlimited Administrator Mode is enabled. This guarantees that if the remote machine is accessed using the Secret, the user who had it checked out was the only one with access to those credentials at that time.
Running PowerShell Scripts on Password Change
Secret Server allows you to upload PowerShell scripts and then run them when a Service Account’s password is changed. This convenient hook allows near unlimited flexibility for custom actions on password change. Send emails, interact with custom applications, update databases, communicate via web services, etc.