Introducing Secret Server 8.5 Pt. 5: PowerShell 3

17 04 2014

Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Each Thursday post since the 8.5 release highlighted a new Secret Server feature. Check out our previous posts to learn how 8.5 will increase your team’s overall security and productivity. This week we’re finishing up our series with the benefits of PowerShell 3.

Secret Server has an  increasing list of built-in password changers for a wide variety of platforms, including Active Directory, Windows/Unix/Mac, networking devices, databases, and any platform that can connect with an SSH/TELNET connection. Also, Secret Server can update many service/application account dependencies out-of-the-box.

However, there can be unique password changing dependencies, such as when actions have to be daisy-chained after a password change, like restarting a specific device or application. For those situations, PowerShell provides additional flexibility to save time and maintain security.

With the 8.5 release of Secret Server, and the upgrade to .NET 4.5, Secret Server now makes use of the full PowerShell 3 capabilities. The main benefit of this upgrade is eliminating PowerShell’s “Double-Hop” issue, where PowerShell did not allow users to log into one platform (in this case Secret Server) and then jump to another server with those credentials. Now, PowerShell scripts can authenticate Active Directory credentials over multiple connections. This allows you to run PowerShell with an Active Directory Secret to perform multiple tasks across the network. This will be useful for organizations that need to update custom dependencies after a password change, such as SharePoint and IIS metadata. Get full instruction on avoiding PowerShell Double-Hop here.

Want to learn more about using PowerShell with Secret Server? Check out instruction for using PowerShell with Secret Server.

We hope you’ve enjoyed the latest enhancements to Secret Server with our latest release. Of all the 8.5 features, which is your favorite? Let us know in the comment section below. If there is still a Secret Server feature you still wish to see, be sure to cast your vote here.





Enable, Disable, or Mirror: A Deeper Look into User Administration

7 01 2014

Controlling users is one of the most important facets of Secret Server password management administration. While Secret Server supports local users and groups, the easiest way to administer users is to use Active Directory (AD) integration. Secret Server can automatically pull in existing AD users and groups and create user accounts with the same permissions. After discovering the groups, Secret Server offers several different options on importing the data. 

secret-server-user-administration-screen.jpg

Enabling Users. First, you have the option of automatically creating and enabling all users from the selected groups. This is the best option for small groups with only user accounts that need enabling.

Disabling Users. The next option is to have the users created and marked as disabled. Don’t worry, disabled users do not count towards license seats. This is ideal when importing groups with a mix of service and user accounts. Disabling allows administrators to import the existing groups without worrying about exceeding license limits and adds another layer security because users added through AD don’t automatically have access to Secret Server. Simply import and select which users you want to enable. This can all be done using the Bulk Operation feature by administrating multiple users at once.

Mirroring User’s Status. Finally, Secret Server can mirror the user’s status in AD. Mirroring the status will not only create the users in Secret Server but also automatically enable and disable users based on their status within the AD group. Unlike the other options, it is the only method that actively affects existing users. This is useful for administrators who want to automate permissions based on groups. Mirroring allows you to administer AD groups and automatically reflect changes within Secret Server. As for security options, Secret Server supports the use of RADIUS if two-factor authentication is a concern, along with our built-in email based two-factor.

Upcoming webinars. Join us next week for our Deep Dive: Service Account Discovery Webinar. Product manager Ben Yoder will show you how to gain control of your network’s service accounts and dependencies through a step-by-step guide in our live webinar.

Also, be sure to check back next week as we will go over recent changes made to our Web Service API with the release of Secret Server 8.4.000000.

We want your feedback for future blog posts! Leave a request below and we will consider it for a later post. Happy 2014 everyone.





Reduce Help Desk Calls with Password Reset Server

12 11 2013

Any help desk or system administrator will tell you that their company spends much more time resetting end-user passwords then they should. Constant calls to the help desk for this simple yet urgent problem eat a lot IT’s time that could be spent working on other projects and support issues.

To help alleviate this problem, Thycotic Software developed Password Reset Server. Password Reset Server is a self-service password reset tool for Active Directory end-users. It makes the password reset process very simple and straightforward, with a Windows login integration for in-network employees and a web portal for those off-site.

Some of the main features of Password Reset Server include:

Self-Service Password Resets

End-users are put in charge of changing their own passwords. With secure identification, I.T. no longer has to be directly involved.

Automatic Enrollment

IT teams can bulk-enroll all employees. That way, users can simply log into the site and answer questions based on Active Directory attributes when they need to change their passwords.

Multi-factor Questions

Add security to ensure the correct person is resetting their password with multi-factor authentication, including verification via phone, email and SMS.

By providing a secure method for end-users to reset their Active Directory passwords, Password Reset Server helps reduce support demands on help desk staff and allows them to focus on other tasks while giving end-users a quick and easy interface for changing their own passwords.

Learn more about Password Reset Server at our upcoming webinar on Thursday, November 14, at 11:30am EST. We hope you’ll join us!

Register here for the Password Reset Server webinar





Inheriting Permissions Based on Folders

29 07 2011

Inheriting Permissions based on Folders

It is possible for Secrets in Secret Server to inherit permissions from the folder where they are placed. For example, if you install a new managed switch in your network, instead of setting an Active Directory group or users for every network-based Secret, you set the Active Directory group or individual user accounts to the folder. That way, when an admin enters a new Secret into Secret Server they don’t have to worry about selecting all the people that need access. Instead, they can place it into the correct folder that already has the correct permission level. Not only does it save time, but it also ensures that everyone who needs access to a Secret has it.

Adding Permissions to a folder
First, move your mouse to the Administration tab, then select Folders.

Then select the folder you want to edit permissions on, select edit

From here you can add Active Directory groups and individual Secret Server users. They will have access to any Secret that inherits permissions with the level you select.

Having a Secret Inherit Permissions From a Folder

Click to expand the Secret, and then select view.

Now, select share.

From here, select edit.

Finally, check the “Inherit Permissions from folder” box.

That’s it! Now any user in the Active Directory group or one you manually added to the folder permissions will have access. You can also turn on this behavior by default with the “Default Secrets Inherit Permissions” setting on the configuration page. It is important to note that a user with folder-based permissions will have that level of access to any Secret in the folder .








Follow

Get every new post delivered to your Inbox.

Join 30 other followers