Secret Server

Secret Server allows users to automatically change service account passwords on a configurable schedule. Secret Server will scan your network and find where a service account is being used and update all the Windows services, Windows Scheduled Tasks, configuration files (.config, .ini, etc.), COM+ Applications, and IIS App Pools using that service account when the password is changed. The Enterprise Plus Edition supports PowerShell Dependencies. An admin can upload a custom PowerShell script that will be run after a password is changed by Secret Server. Scheduled changes are then tracked and logged, providing a full audit trail for compliance and accountability.

Teams often don't know all the places that their service accounts are being used. For example, a typical domain account (service account) may be used on several different machines for the identity of different tasks / services. An admin attempting to change the password for a particular service account may not know all of the places that use those credentials. This makes service accounts less secure, as they are changed infrequently by admins wary of inadvertently causing service outages.

Service accounts have been a common attack vector for network breaches since their passwords are not changed for years at a time and are known by many people (even ex-employees).

Secret Server uses discovery capabilities to scan the network to locate any dependent services. When the service account's password is changed, Secret Server will automatically change the password on all the dependencies. Windows Services are automatically restarted by Secret Server to ensure that they new password takes effect. The order of the changes on the dependencies, whether they are restarted and even propogation delays can all be configured within Secret Server.

Next Role Based Access Control