+1-202-802-9399 U.S. Headquarters

Secret Server Feature: RDP Proxy

Control Domain Admin Credentials with the RDP Proxy

Limit where domain admins can connect from

What’s the challenge?

Domain admin credentials are often the least controlled and most abused credentials in the enterprise today. Windows system admins frequently have access to these credentials, rarely change them, use weak passwords, and access everything using them.

Why it’s important

These credentials are open to a wide range of risk possibilities. One of the best ways to reduce risk is to reign in control of domain admin credentials, but this is hard to do unless you can take control of these accounts and prevent admins from randomly accessing your servers.

How this feature solves it

Thycotic Secret Server provides a proxy capability that can be used to ensure the only way to access your Windows servers is by coming through the Thycotic Secret Server vault. Direct access can be prevented at your firewall level, which forces administrators to use Thycotic Secret Server to store their domain admin credentials, and use the proxy to access servers.

TRY IT FREE FOR 30 DAYS. It’s fast to install and easy to use!
Start your free trial of Secret Server using the trial form.
View Secret Server’s full list of user-friendly features.

Additional Information

This approach to controlling admin domain credentials is seamless and does not negatively impact the administrator’s productivity. There are many advantages to vaulting and proxying domain admin credentials:

  1. You can set strong password requirements on domain admin passwords. For example: 50 randomized characters.
  2. You can automatically rotate domain admin passwords after they are used. This helps mitigate Pass the Hash and Pass the Ticket attacks.
  3. All access to your Windows servers is now fully audited as there is no “backdoor” way to access a server.

The RDP proxy can be used in conjunction with the session recording and monitoring to provide a full audit log of what was done on the target server. For more information on the proxy configuration and performance see this KB article.

Try Secret Server for 30 Days

  • Free Enterprise level support
  • Choose your preferred deployment option
  • The easiest PAM Solution you’ll ever use
  Step 1 of 3