http://www.thycotic.com/forums/messages.aspx?TopicID=273 Thycotic Community - Secret Server - Remote password change - multiple servers, one secret - Messages en-us http://blogs.law.harvard.edu/tech/rss Jitbit AspNetForum Mon, 19 Apr 2010 06:04:33 GMT Mon, 19 Apr 2010 06:04:33 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=273
The ability to set the same local passwords on multiple servers and bundle computers to the same secret will be added as a feature request.

The 7.0 updates to the Launcher will allow you to have the user input the machine name dynamically, giving the ability to use a user specific credential to log in to multiple machines. This would allow your users to click the launcher on their Active Directory domain account, it would prompt them for the machine to remote desktop to, and then automatically login in using the credentials stored in Secret Server. This feature will grant you the role security of having users use their own AD account and the added speed and auditing of the Launcher. Coupled with Remote Password Changing of AD accounts, you could set a very secure password complexity and short expiration schedule.

]]> Mon, 19 Apr 2010 06:04:33 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=273
I have already set up a small number of our servers to do expiry and password change. Tested and working.

In my situation we are not looking to set everything to the same password, but more along the lines of: 'these 20 servers from customer x would be set as a single secret' to simplfy support whilst ensuring enough separation for the customers peace of mind.

The launcher app will be of minimal use to us in the near future as we are moving to role based AD security and will have all of our support staff logging in with named accounts (for accountability). Secret server will serve us well for service accounts, local accounts and many other things.

Adding the ability to have multiple servers assigned to a single secret would make the product vastly more useful and valuable to us.]]> Sun, 18 Apr 2010 16:03:25 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=273
In Secret Server, you can add the passwords for all those servers and then set an expiration schedule (e.g. every 90 days). It will then change each password on each server to a random value ever 90 days. You can set the next password to use per Secret by editing a Secret and putting in a value for the "Next Password" field.

We don't have a way of grouping servers to use the same generated password at this time. I will add it as a feature request.

By the way, why would you prefer to use the same password on 1000 servers rather than a randomized password for each one? (The Launcher feature typically make it easy for admins to access servers using Remote Desktop directly from Secret Server). You can even use the CheckOut feature to force a password change on the server after an admin has used the password.

Best.]]> Fri, 16 Apr 2010 12:37:49 GMT http://www.thycotic.com/forums/messages.aspx?TopicID=273
I am implementing Secret Server 7.0 into my workplace for the first time.

We host and support well over 1000 windows servers over a couple dozen different customers.

What i am wondering is if there is a way to have a secret which stores the local admin password for a group of servers and allows the password on them to be expired and changed to the same password. If not I'd like to make that feature request.

Ideally this would work by having server IPs listed in a text field: space, comma or semi-colon seperated. When the password expires and the RPC engine begins changing passwords, it just moves through the list of IPs and changes password on the servers]]> Thu, 15 Apr 2010 17:53:52 GMT