Jump to content
Jasper

Manually selecting accounts to be managed automatically

Recommended Posts

Hi,

 

I am wondering if there is a best practice for this situation:

We want to use discovery and automated password management for local admin accounts and resources (service accounts and so on), but unfortunately not all systems can handle automatic password changes.

 

Is there a way to use discovery and manually selecting the accounts that can be managed by the password reset scripts?

 

Thanks in avance,

Jasper

 

 

Share this post


Link to post
Share on other sites

Hi Jasper,

 

Unfortunately we don't have a feature where you can do this, but it's something we plan on in the future.

 

With the Local Administrator Account discovery, there is a feature to exclude certain named accounts, but we don't have this for the Resource Discovery. When you mention not all systems can handle automatic password changes, are you referring to applications here, or at the OS level? We're not aware of any issues with our reset feature, so I can only presume it must be an application issue.

 

Also, if you go to the Hosts screen, you can set certain Hosts to Unmanaged, and then no password resets will be executed for them - or they will also be excluded from any Discovery Jobs. Maybe this is an option?

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Thanks for your reply. Good to hear that you are planning a feature like this. 

It's quite common that you want to use discovery without activating automatic password management. Especially when setting up Password State in a larger network environment, you might want a more careful strategy.

 

With systems I meant applications and yes, these are application issues, changing the serviceaccount requires a change in the configuration of the applications.

 

//Jasper

Share this post


Link to post
Share on other sites

Thanks for the detail Jasper - we appreciate it.

 

Would you prefer a section called Something like 'Unmanaged Accounts' where you can select which accounts to manage and which Password Lists to put them in, or what if we had the option where it could import into a Password List, but not have the 'Managed Account' option checked, as per the screenshot below. Which would be your preference?

 

post-1-0-18755600-1448267177_thumb.png

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

The screenshot looks really fine.

 

This way, it's possible to run a discovery and than manually add it to the managed accounts.

With this option in place, a report to list unmanaged accounts would be a great so that we can follow up and reduce the number of unmanaged accounts.

 

/Jasper

Share this post


Link to post
Share on other sites

Thanks Jasper.

 

So what we would expect to happen here is a customer has a Password List called something like 'Discovered Accounts', and records are dropped in here but with the Reset option unchecked. When they are ready to start managing this account, they can check the option, and move to another Password List as required.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...