Introducing Secret Server 8.5 Pt. 5: PowerShell 3

17 04 2014

Secret Server 8.5 adds a number of new features and functionality. These new features are pretty awesome, so we decided this release deserves a little extra showcasing. Each Thursday post since the 8.5 release highlighted a new Secret Server feature. Check out our previous posts to learn how 8.5 will increase your team’s overall security and productivity. This week we’re finishing up our series with the benefits of PowerShell 3.

Secret Server has an  increasing list of built-in password changers for a wide variety of platforms, including Active Directory, Windows/Unix/Mac, networking devices, databases, and any platform that can connect with an SSH/TELNET connection. Also, Secret Server can update many service/application account dependencies out-of-the-box.

However, there can be unique password changing dependencies, such as when actions have to be daisy-chained after a password change, like restarting a specific device or application. For those situations, PowerShell provides additional flexibility to save time and maintain security.

With the 8.5 release of Secret Server, and the upgrade to .NET 4.5, Secret Server now makes use of the full PowerShell 3 capabilities. The main benefit of this upgrade is eliminating PowerShell’s “Double-Hop” issue, where PowerShell did not allow users to log into one platform (in this case Secret Server) and then jump to another server with those credentials. Now, PowerShell scripts can authenticate Active Directory credentials over multiple connections. This allows you to run PowerShell with an Active Directory Secret to perform multiple tasks across the network. This will be useful for organizations that need to update custom dependencies after a password change, such as SharePoint and IIS metadata. Get full instruction on avoiding PowerShell Double-Hop here.

Want to learn more about using PowerShell with Secret Server? Check out instruction for using PowerShell with Secret Server.

We hope you’ve enjoyed the latest enhancements to Secret Server with our latest release. Of all the 8.5 features, which is your favorite? Let us know in the comment section below. If there is still a Secret Server feature you still wish to see, be sure to cast your vote here.





Don’t Just Store, Actively Manage Your Passwords! Create Custom Password Changers for All Devices

28 01 2014

 

You just purchased a new network device or server and realized that Secret Server doesn’t contain a specific password changer for it. You figure the best you can do is store the static credentials in Secret Server, but there’s no way Secret Server could actively manage password changing, right? Think again! Secret Server has a variety of ways you can customize password changers, no matter how complex your environment.

SSH

SSH password changers can change passwords for ANY of your SSH-compatible devices. Modify an existing SSH password changer or create your own. Enter the SSH commands in Secret Server, replacing actual credentials in the commands with values that reference the credentials stored in the Secret. The same will work for any device accessible for password changes over Telnet.

HP iLO Account Custom Password Changer Template

A few examples:

  • Configure a Dell DRAC password changer:

http://support.thycotic.com/KB/a166/how-to-manage-drac-passwords-with-secret-server-using-ssh.aspx

  • Use the built-in Cisco password changer (customizable):

http://support.thycotic.com/KB/a251/heartbeat-and-remote-password-changing-for-cisco-accounts.aspx

  • Use the built-in Unix Root account password changer:

http://support.thycotic.com/KB/a369/heartbeat-remote-password-changing-unix-root-accounts.aspx

LDAP

Secret Server comes with several LDAP password changers configured for Active Directory, DSEE and OpenLDAP. You can either customize the existing password changers or use one as a template to create your own custom configurations, for example to change passwords for 389 Directory Server. Customizable settings include enabling SSL, method of authentication, and username authentication format. See the article below for details:

  • Use and configure custom LDAP password changers:

http://support.thycotic.com/KB/a183/ldap-password-changing.aspx

Web Passwords

Secret Server’s web password management includes Remote Password Changing for Amazon Web Services, Google, and Windows Live accounts. Configure these options under the Remote Password Changing tab for any Secret using the Web User Account password changer.

Remote Password Changing for a Windows Live Account

Password Changing for Additional Account Types

Secret Server contains password changers for many other account types as well. While these are not all customizable, they include many commonly used account types such as Oracle, SQL Server, SonicWall NSA and more. A full list of included password changers can be accessed here.

See the Secret Server User Guide for more info on creating and testing custom password changers.

Did you create your own custom password changer? Share it with others on our forum.

Send us your ideas and suggestions any time. Post new feature requests and see what other customers have requested at feedback.thycotic.com.








Follow

Get every new post delivered to your Inbox.

Join 30 other followers