Restricting User Input for Launcher

3 05 2013

A new feature in Secret Server is the ability to control which servers users are able to connect to using a Launcher. This can be done by specifying a list of machines or servers on a Secret in a notes field. This list can either be a whitelist or a blacklist of servers the Launcher is able to connect to.

When configured as a whitelist, a list of possible servers will be presented for users to select to launch. This prevents users from logging in to places they should not be, and adds convenience by not having to remember the name of each server.

When configured as a blacklist, this allows users to enter the machine or server name as they normally would, however would prevent them from connecting to those machines which are blacklisted. This will prevent unauthorized use of credentials in your environment.

RDP1

Enabling this feature is simple through Secret Server. Navigate to Administration, Secret Templates, then select any template with a Launcher attached such as the Active Directory Account or Windows Account Template and click Edit. There, you can select Configure Launcher, and Edit.

In the Advanced section, enable Restrict User Input by checking the checkbox, and configure accordingly. When mapping a field to Restrict By Secret Field, specify a field from the template. The values for the whitelist or blacklist will be based on that field for Secrets, and can be comma separated to specify multiple machines or servers.

RDP2

Then it’s configured.





Sneak Peek: PuTTY Launcher

11 09 2008

putty1 One of a system administrator’s must-have items in his toolbox is PuTTY. PuTTY is a small, lightweight program that is perfect for telnet and SSH connections. It doesn’t require any installation, it’s just a single EXE file and you’re good to go.

A feature of Secret Server that I personally have always found extremely useful is the launching capability that we introduced with Remote Desktop. It’s very handy for starting Remote Desktop sessions. We decided to take it a step further and extend this functionality to PuTTY.

An initial obstacle that needed to be overcome was figuring out how to make sure PuTTY was on the client’s machine. The creators of PuTTY are generous, and fortunately they allow us to distribute PuTTY with Secret Server. Since the Remote Launcher capability is a Microsoft ClickOnce application, it seemed reasonable to distribute PuTTY with our application. This would avoid the need for users having to tell our application where to look for PuTTY, or us requiring that you have it in a certain location on the machine.

putty2 However, PuTTY is 500 kilobytes, and the initial application was a mere 12 kilobytes. 500K is small in today’s high tech world, but to reduce corporate bandwidth use, we only distribute it when you need it for the first time. That means when you make your first launch of PuTTY, we’ll download the application for you from your Secret Server installation, thus not needing an outside Internet connection, but after that it’s cached so you only need to download it once.

putty3Once PuTTY is downloaded successfully, the application will automatically start already logged in at the prompt. For the first release of the PuTTY launcher, we will only support SSH.

If you want to see additional launchers built into Secret Server, make sure you stop by our forums and let us know!

– Kevin








Follow

Get every new post delivered to your Inbox.

Join 30 other followers