Discovery allows Secret Server to scan your network to find unmanaged local accounts on Windows, UNIX/Linux, and ESX/ESXi systems. Secret Server can then map Secrets to all the discovered machines.
This makes it easier to find computers that do not have Secrets associated with them.
Secret Server can also automatically discover local accounts on machines; map Secrets to those accounts; import local accounts into Secret Server directly from the network; and allow rules to be created for automatically importing new local accounts found on the network. Plus, email alerts can be configured for some Discovery events.
Discovery for Local Admin Accounts
(Requires Professional Edition)
It is a challenge for IT infrastructure teams to keep accurate details on local admin account passwords. Many organizations don’t even know all of the local admin accounts on their network – this is a huge vulnerability from an audit and risk perspective. Not knowing all the local admin accounts on your network, and not auditing the use of these accounts and password changes, is an easy way for intruders to gain access to your network. Local Admin accounts are all over your network, on every computer – examples include: Windows administrator accounts on workstations, laptops, servers and UNIX/Linux/Mac root passwords.
Controlling access to your local admin accounts is a critical aspect of any organizations Identity and Access Management strategy. By using Secret Server, your admins are able to scan your network for local admin accounts and then pull the local admin account information into Secret Server’s secure repository. For example, if your auditors have asked you to keep detailed records on company issued laptops – Secret Server can scan your network, find every laptop and then take control of the local admin account by changing the password (applying your organization’s password policy) and controlling future access to those credentials in the Secret Server repository.
Discovery for Service Accounts
(Requires Enterprise Edition)
Service accounts are used to run various services (Windows Services, tasks, app pools and more) on the network. Managing passwords on these service accounts (or application accounts) is difficult; typically, no one really knows where service accounts are being used, often one account is used in multiple places, and admins often create new services accounts whenever needed. From a management and audit perspective, this is a nightmare and not many organizations have taken the necessary steps to control the creation and use of these service accounts.
Secret Server can manage your service accounts to automatically change the passwords on a regular schedule. Using Discovery for service accounts allows you to scan the network to:
- Find all the service accounts on your network and the dependent services, tasks, and app pools
- Determine where each service account is being used (including new usages since last scan)
- Import all service accounts into the Secret Server repository for management and auditing
Discovery for service accounts reduces manual errors in managing these accounts, sets up an audit trail for all service accounts, tracks usage and simplifies the management process.
Advanced Discovery using Rules
(Requires Enterprise Plus Edition)
Managing admin credentials in today’s fast paced IT environments is challenging. Automated rules can help an IT team to save time, ensure all accounts are protected as needed, and also eliminate the potential for human error when managing passwords on sensitive accounts.
Secret Server can automatically scan your network for local admin and Active Directory service accounts, and you can set up rules for creating and managing access to these accounts. For example, in a dynamic server environment, where new machines are constantly being added and old machines are being decommissioned – Secret Server can find the new local admin accounts on your network, change the password using a privileged account (applying your organization’s password policy), then add the credentials to the repository so that only the correct administrators have access when needed. If Secret Server finds new services, tasks, or app pools running under a service account, then it can automatically link those dependencies to the appropriate credential in the repository. This level of automation reduces the time spent managing these credentials and improves your organizations security posture.
Rules ensure that your password repository accurately reflects the accounts in use on your network and that your password policies are being consistently enforced.