Secret Server

Change Network Passwords

Network Password Changing works hand-in-hand with our Secret Expiration feature. When a Secret expires, a background process in Secret Server will automatically generate a new password - which can be customized - and set the new password on the remote account. Expiring Secrets are automatically given new passwords. We currently support changing passwords on Windows local admin accounts (whether domain joined or not), Active Directory, Microsoft SQL Server, Unix/Linux, Sybase, VMWare ESXi, MySQL, Oracle, AS/400, SAP and any interface using SSH or Telnet.

In addition to the on premise network password changing, Secret Server can update web site credentials. Currently Google, Amazon, and Windows Live accounts are supported. All Remote Password Changing features such as Check Out and Heartbeat work with all of these platforms, so you can provide additional security as well as verify that passwords are correct.

 Screenshot: Password changing  Screenshot: Heartbeat Password changing

These three services require Enterprise Edition:

Updating Windows Scheduled Tasks and Service Accounts

Remote Password Changing (RPC) provides immediate synchronization for Scheduled Tasks, Windows Services and IIS App Pool Users. You can keep all the dependencies up to date with the appropriate account information from any RPC Secret.

Examples include:

Check Out Secrets

The Check Out feature forces accountability on Secrets by granting exclusive access to a single user. If a Secret is configured for Check Out, a user can access it, but after checking it in Secret Server automatically forces a password change on the remote machine.

No other user can access a Secret while it is checked out unless Unlimited Administrator Mode is enabled. This guarantees that if the remote machine is accessed using the Secret, the user who had it checked out was the only one with access to those credentials at that time.

Running PowerShell Scripts on Password Change

Secret Server allows you to upload PowerShell scripts and then run them when a Service Account's password is changed. This convenient hook allows near unlimited flexibility for custom actions on password change. Send emails, interact with custom applications, update databases, communicate via web services, etc.