Secret Server password management software provides an RDP Proxy capability to help control domain admin credentials.
Domain admin credentials are often the least controlled and most abused credentials in the enterprise today. Windows system admins frequently have access to these credentials, rarely change them, use weak passwords and access everything using them.
One of the best ways to reduce risk is to reign in control of domain admin credentials, but this is hard to do unless you can take back control of these accounts and prevent admins from randomly accessing your servers. Thycotic Secret Server provides an RDP Proxy capability that can be used to ensure the only way to access your Windows servers is by coming through the Thycotic Secret Server vault. Direct access can be prevented at your firewall level, which forces administrators to use Thycotic Secret Server to store their domain admin credentials and use the proxy to access servers.
This approach is seamless and does not negatively impact the administrator’s productivity at all. In fact, there are many benefits to having the domain admin credentials vaulted and requiring RDP proxy to access your Windows servers:
- Set strong password requirements on domain admin passwords. For example: 80 characters randomized.
- Automatically rotate domain admin passwords after they are used. This helps to mitigate Pass the Hash and Pass the Ticket attacks.
- All access to your Windows servers is now fully audited as there is no “backdoor” way to access a server.
The RDP Proxy capability can also be used with the Session Monitoring to provide full video recording of all admin activity while accessing sensitive server environments.