Sneak Peek: PuTTY Launcher

11 09 2008

putty1 One of a system administrator’s must-have items in his toolbox is PuTTY. PuTTY is a small, lightweight program that is perfect for telnet and SSH connections. It doesn’t require any installation, it’s just a single EXE file and you’re good to go.

A feature of Secret Server that I personally have always found extremely useful is the launching capability that we introduced with Remote Desktop. It’s very handy for starting Remote Desktop sessions. We decided to take it a step further and extend this functionality to PuTTY.

An initial obstacle that needed to be overcome was figuring out how to make sure PuTTY was on the client’s machine. The creators of PuTTY are generous, and fortunately they allow us to distribute PuTTY with Secret Server. Since the Remote Launcher capability is a Microsoft ClickOnce application, it seemed reasonable to distribute PuTTY with our application. This would avoid the need for users having to tell our application where to look for PuTTY, or us requiring that you have it in a certain location on the machine.

putty2 However, PuTTY is 500 kilobytes, and the initial application was a mere 12 kilobytes. 500K is small in today’s high tech world, but to reduce corporate bandwidth use, we only distribute it when you need it for the first time. That means when you make your first launch of PuTTY, we’ll download the application for you from your Secret Server installation, thus not needing an outside Internet connection, but after that it’s cached so you only need to download it once.

putty3Once PuTTY is downloaded successfully, the application will automatically start already logged in at the prompt. For the first release of the PuTTY launcher, we will only support SSH.

If you want to see additional launchers built into Secret Server, make sure you stop by our forums and let us know!

– Kevin


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Secret Server, Tips & Tricks

Why does Secret Server take so long to start up?

18 05 2008

One of the things that we did notice with Secret Server is that it does take what seems to be a long time for Secret Server to start up for the first time. This started happening in Secret Server 4.0. So, what exactly is going on?

Secret Server does some startup tasks for the first time. Namely, it starts up some background monitoring tasks for synchronizing Active Directory and the Remote Password changing features. There is one more though that takes up most of the time, and that is verifying all of the Strong Name signatures.

First, what is a Strong Name? When we release Secret Server, we send out all of the DLLs with a digital signature on all of the assemblies. Secret Server has multiple DLLs that talk to each other. Now, what’s stopping someone with access to the server from dropping in a fake DLL that looks like ours, but it is also secretly emailing out information? Step in strong names. When the .NET Framework loads all of the assemblies for a particular application, it ensure that all of the assemblies have the strong name key that was used when it was compiled. If the Strong Name keys don’t match, then the .NET Framework won’t accept it. Since only Thycotic has the key, it cannot be faked.

This is a somewhat lengthy process for the .NET Framework, as it will also have to calculate checksums of the entire assembly as well. Not to mention that this entire process occurs for all 14 of the assemblies in Secret Server.

– Kevin


Comments : Leave a Comment »
Tags: ,
Categories : Secret Server, Tips & Tricks

Secret Server on the Treo 700

19 04 2008

image

Secret Server has supported a "Mobile Edition" for over a year now but it is always tricky making sure that it works correctly on all devices.

Our approach was to bake mobile support into the base product (ASP.NET based) so it simply scales down to the capability of the device.  That sounds simple but unfortunately it depends on making sure that functionality will work with all the limitations of various devices.

My own favorite BlackBerry 8820 does a reasonable job of helping me get to the password I need in emergencies but it is hardly a pleasant browsing experience.  In fairness, no browsing on the device is particularly pleasant since it is slow, struggles with most layouts and has a small screen.  That said, I love it dearly and browsing has never been a core requirement for me since email, contacts and calendar are definitely my most essential.

Today we had a customer ask about the Treo 700 so I tried out the emulator from the Palm website.  It seems to work fine with Secret Server and I was able to browse around and access passwords.

–Jonathan


Comments : Leave a Comment »
Tags: , , , , ,
Categories : Mobile, Secret Server, Tips & Tricks

Giving Secret View a System Font

27 03 2008

One of the questions that I sometimes get from customers is, "I want the information on the Secret View page to display in a system font". The reason for this is it makes it easier to distinguish between O’s and zeros; and lower-case L’s and capital I’s.

This can easily be accomplished with CSS, and with since Secret Server 4.0 and up supports Themes, it is simple enough to add your own CSS to the default.css file.

Because of the way Copy to Clipboard works, all of the attributes that contain information are held in a custom attribute "t". This attribute is on the span elements and the text boxes when in edit mode. In theory, it should be as simple as this:

*[t]
{
    font-family:Consolas,System;
}

This is part of the CSS 2 specification, and the selector states "Any element with the attribute ‘t’." As expected, this works well with FireFox. This took care of the labels and the text boxes all-in-one. However, IE presented a bit of an issue. This simple solution didn’t seem to work. It’s not a secret to web developers that Trident, IE’s rendering engine, is pretty buggy as far as rendering engines go. What surprised me more was that the IE 8 beta, the up-and-coming super-compliant version of IE, still did not take. What was strange that when using a simple test page, the attribute selector did work; so it is supported in IE 7 and 8. There just appears to be an issue with that particular page.

So the solution became a little more complex. A lot of the elements on the secret view page don’t have classes or ID’s at the moment, which makes applying CSS to just some of the elements a bit trickier. In the end, this is how it turned out:

 consolasview

And the CSS used to accomplish this that works in both IE and FireFox:

 

div#SecretViewDialog * td.SecretFieldCell span, * span#iSM li
{
    font-family:Verdana ! important;
    font-size:10pt ! important;
}

input.SecretViewTextbox, input.SecretPasswordTextbox, div#SecretViewDialog * span
{
    font-family:Consolas,System;
    font-size:11pt;
}

The font of my choice is Consolas, a nice font that makes it easy to distinguish characters. It is a free font for user’s that own Visual Studio 2005 via download, and also ships with Visual Studio 2008.

– Kevin


Comments : Leave a Comment »
Tags: ,
Categories : Secret Server, Tips & Tricks

Secret Server on Windows Server 2008 x64

7 02 2008

ss40win2008x64 With the new release of Windows Server 2008, we wanted to make sure that Secret Server is always able to use the latest technology. So, we set out to prove that Secret Server would work on Windows Server 2008. To take it even further, we wanted to see it work on the 64-bit platform. So how did Secret Server do?

We’re excited to say that yes, Secret Server does work on Windows Server 2008 x64 Edition. Here was our setup:

- Windows Server 2008 Enterprise x64 Edition (IIS 7.0)
- SQL Server 2005 Developer x64 Edition
- Secret Server 4.0.000003.

There are a few things to note before Secret Server will function properly. IIS 7.0 had some ground breaking changes with the way it integrates with ASP.NET 2.0. Unfortunately, Secret Server currently cannot support this. This is called "Integrated Managed Pipeline Mode". Secret Server currently will only work properly with IIS’s Pipeline mode configured to "Classic". Fortunately, this isn’t a problem at all. It is really as simple as changing the Application Pool that Secret Server is in to use Classic Pipeline.

While Secret Server is functional in this environment, we can’t officially support it yet; there are a few features of Secret Server that are problematic due to the new environment. The immediate one is a lack of support for IPv6 for the IP Address Restrictions, which we will be addressing in a release in the near future. This is due to the fact that the IPv6 protocol is installed by default on Windows Server 2008. The same problem arises when the IPv6 protocol is installed on a previous version of Windows.

We still have a lot of testing to do on Windows Server 2008. We want to make sure that Secret Server works just as well as it always has on previous versions of Windows Server. Once we have finished our testing process, and resolved any issues that arose, we will be able to officially support the Windows Server 2008 x64 and x86 platform.

In the near future, we will be testing Secret Server against the up-and-coming SQL Server 2008.


Comments : Leave a Comment »
Tags: , , , , , ,
Categories : Secret Server, Tips & Tricks

Migrating from eWallet

17 12 2007

Some users who are currently using eWallet and other single user password managers want to migrate to an enterprise solution. This will give them the benefit of tracking and managing all privileged passwords in a company.

We are currently working with one customer to produce a tool that will allow a user to migrate from eWallet to Secret Server as painlessly as possible.

Here is a movie showing the migration tool in action: http://www.thycotic.com/movies/secretserver/ewallet/ewallet.html 

If you are interested in this tool please contact support.

– Kevin


Comments : Leave a Comment »
Tags: , , , ,
Categories : Secret Server, Security, Tips & Tricks

Bulk Operation "Edit Share" explained

4 12 2007

Back in Secret Server 3.0, we added bulk operations to make it easier to deal with lots of secrets.  Typical example – I need to add our network administrators to these 100 passwords with View permission.  This can be easily accomplished using the "Add Share" option at the bottom of the search grid on the home page.

What happens if I accidentally added the wrong network administrators group and now I need to remove their View permission from the 100 secrets.  This is where "Edit Share" comes in.

I recorded a short movie that shows removing "Edit" and "Share" permissions for one group (Administrators) from two secrets.

Watch movie

Add Share – use this to safely add new permissions for View, Edit or Share for a group or user.  It will not affect their existing permissions.  So if a user has View, Edit and you just Add Share ‘View’ then they will still have View and Edit.

Edit Share – use this option to replace permissions for certain users or groups. There is currently a bug that prevents you from removing all permissions for a user or group but that will be fixed in the next release.

NOTE:  The Edit Share does not show existing permissions on your selected secrets.  We have struggled with how to make such a user interface make sense since some of your secrets will have some permissions and some won’t.  It seems difficult to know how to present this in a way that isn’t confusing.  If you have any ideas – please post them to the forums.

–Jonathan


Comments : Leave a Comment »
Tags: ,
Categories : Secret Server, Tips & Tricks

Secret Server to support theming in 4.0

16 11 2007

One of the most requested features in Secret Server is theming. I have seen several customers skin Secret Server to fit their company’s colors and logo. The only down side to that is, when Secret Server is updated, all of those nice changes were lost. A feature that we will be releasing soon is Custom Themes. It goes beyond just changing the style and images. We designed it to allow the administrator to create their own themes for Secret Server. The Administrator has the choice of allowing users to specify their own theme, or force a global theme. Here is a sample theme that we have been playing around with to prove that anything is possible!

We don’t plan on actually shipping Secret Server with this theme :-)

 

 

 

– Kevin


Comments : Leave a Comment »
Tags: ,
Categories : Secret Server, Tips & Tricks

Next Entries »


Follow

Get every new post delivered to your Inbox.