Secret Server Demo Outline

Similar documents
Secret Server User Guide

Secret Server User Guide

Features Comparison Sheet

Features Comparison Sheet

Secret Server Frequently Asked Questions

Ekran System v Program Overview

NetIQ Privileged Account Manager 3.5 includes new features, improves usability and resolves several previous issues.

NTP Software VFM Administration Web Site

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Passwordstate User Manual Click Studios (SA) Pty Ltd

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

Monitoring Windows Systems with WMI

Citrix XenApp 6.5 Administration

Course CXA-206: Citrix XenApp 6.5 Administration

Ekran System v Program Overview

App Orchestration 2.0

User Guide. Version R94. English

User Guide. Version R92. English

NTP Software VFM. Administration Web Site for EMC Atmos User Manual. Version 6.1

DSS User Guide. End User Guide. - i -

Microsoft Exchange Server 2007 Implementation and Maintenance

NETWRIX PASSWORD EXPIRATION NOTIFIER

WMI log collection using a non-admin domain user

JIRA Integration Guide

High Availability Enabling SSL Database Migration Auto Backup and Auto Update Mail Server and Proxy Settings Support...

VMware AirWatch Database Migration Guide A sample procedure for migrating your AirWatch database

Secret Server Web Services API Guide

KYOCERA Net Admin User Guide

NetIQ Privileged Account Manager 3.2 Patch Update 4 Release Notes

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

SnapCenter Software 4.0 Concepts Guide

Vault. Vault. End User Guide END USER GUIDE. L o r e. (For Standard, Professional & Enterprise Editions)

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

2018 GLOBALSCAPE TRAINING OVERVIEW

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Verizon MDM UEM Unified Endpoint Management

NETWRIX GROUP POLICY CHANGE REPORTER

CXA Citrix XenApp 6.5 Administration

WhatsUp Gold. Evaluation Guide

LepideAuditor. Installation and Configuration Guide

Export out report results in multiple formats like PDF, Excel, Print, , etc.

Welcome to PDQ Deploy

Netwrix Auditor. Release Notes. Version: 9.6 6/15/2018

CMB-207-1I Citrix Desktop Virtualization Fast Track

ManageEngine EventLog Analyzer Quick Start Guide

ReportPlus Embedded Web SDK Guide

Secret Server SOAP Web Services API Guide

Welcome to PDQ Deploy

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide

Vendor: Microsoft. Exam Code: Exam Name: TS: Microsoft System Center Operations Manager 2007, Configuring. Version: Demo

SQL Server Solutions GETTING STARTED WITH. SQL Secure

Workplace Online Using a standard web browser, simply login at us.awp.autotask.net using the credentials you ve been given.

July 2018 These release notes provide information about the The Privileged Appliance and Modules release.

Lab Guide for Managing Hitachi Storage With Hitachi Command Suite v8.x

NTP Software VFM Administration Web Site For Microsoft Azure

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

Privileged Access Access Console User Guide 17.1

PxM Proof of Concept Configuration. June 2018 Version 3.1

CXA-204-1I Basic Administration for Citrix XenApp 6

Security Specifications

Welcome to PDQ Inventory

Cloud Help for Community Managers...3. Release Notes System Requirements Administering Jive for Office... 6

pinremote Manual Version 4.0

COURSE OUTLINE IT TRAINING

NETWRIX CHANGE REPORTER SUITE

Comodo SecureBox Management Console Software Version 1.9

StreamSets Control Hub Installation Guide

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

End User Manual. December 2014 V1.0

MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT

12d Synergy V4 Release Notes. 12d Synergy V4 Release Notes. Prerequisites. Upgrade Path. Check Outs. Scripts. Workspaces

User Manual. ARK for SharePoint-2007

Laserfiche Rio 10.3: Deployment Guide. White Paper

vsphere Host Profiles 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Mozy. Administrator Guide

Version: 4.0. Quatrix Data Sheet. January 2018 Author: Maytech

Passwordstate Security Administrators Manual Click Studios (SA) Pty Ltd

BOLT eportfolio Student Guide

Integrating Terminal Services Gateway EventTracker Enterprise

1 GENERAL. Not all changes are related to the helpdesk specifically though.

IaaS Configuration for Cloud Platforms. vrealize Automation 6.2

TeamViewer 12 Manual Management Console. Rev

BMC FootPrints 12 Integration with Remote Support

VMware Horizon Session Recording Fling:

JOB SCHEDULING CHECKLIST

Contents User Guide... 1 Overview... 1 Create a New Report... 3 Create Report... 3 Select Devices... 3 Report Generation... 4 Your Audit Report...

Introduction to Cisco UCS Central

NTP Software VFM. Administration Web Site for NetAppS3. User Manual. Version 5.1

Microsoft Architecting Microsoft Azure Solutions.

Admin Table is oftr Caoto ntr e s U ntsser Guide Table of Contents Introduction Accessing the Portal

Bomgar PA Integration with ServiceNow

ONE PRODUCT, THREE SOLUTIONS

Citrix - CXA XenApp 6.5 Administration

Notification Template Limitations. Bridge Limitations

REACH Remote Deposit Capture

Getting Started with BarTender

Developing Microsoft Azure Solutions (70-532) Syllabus

citrix MetaFrame Password Manager2.0:Adminsitration

Manage Your Inventory

Transcription:

Secret Server is a feature rich product that can be introduced to your prospects in many different ways. Below is a generic outline of several of the most important features that should be covered during a demo. Note that you will need to have a demo environment set up in order to showcase these features. This outline is subject to changes in the app. Here at Thycotic, we usually start with the Architecture diagram followed by a presentation of the application. For an example of a full recorded demo, please click here. Knowing Secret Server and being able to Demo the product to your prospects is key to closing the sales. Presentation of the Architecture Diagram ASP.NET application WEB APPLICATION (IIS) Windows Server 2008 + (and virtual machine) AES 256 encryption Microsoft SQL database (SQL Server 2005+, all editions including Express) High availability o SQL Mirroring database side o Front-end web clustering application side Role-Based Access Control Any major web browser, http or https Mobile apps, Desktop client (offline caching) Common web services API o Create, search, update Secrets o Major programming languages, i.e..net or Java o Major scripting languages, i.e. Powershell or Perl Secrets instead of passwords o Pin codes, combinations, contact information, file attachments/certificates Secret Templates o Ship with ~20, major account types (Windows, Unix, AD accounts) o Customizable Once you have information organized and stored in Secret Server, there are features available to make your life much easier and more secure in using that information. One of these features: Session Launcher o RDP, PuTTY, Custom (credentials on Secret) o Custom launcher unique any arbitrary executable (will see this shortly) Session Recording o Creates video of session, stores in audit log Authentication o Local Secret Server accounts o Active Directory accounts

o Two-factor authentication (RADIUS, email) Remote Password Changing o Many platforms supported (read some) o Devices that accept password changes via console commands over SSH, Telnet o Service Accounts Windows Services, Scheduled Tasks, App Pools, COM+ Apps, flat files Discover Windows Service, local accounts on network, import Agent o Password changing, monitoring us. on same network (web server to device) o Outside networks install on network uses 1 configurable port All action are audited o Built-in reports, custom reports, subscribe to emailed alerts o Actions: edit, view, configuration changes o Can be exported to SIEM tools in Syslog format

Presentation of the Application (Log in using your credentials) Dashboard Windows explorer (folders, Secrets, columns) Search Bulk operations (demonstrate remote password changing option) Widgets (drag/drop/add new) Tabs (drag/add new) Per-user configurable Secret View Set up a Secret and configure it to log in remotely using a launcher Show fields on the Secret (e.g: Secret Name, username/password, notes, file attachments) Icon indicating Launcher associated with this Secret Closer look View o Password copy to clipboard, unmask o Expiration will take a closer look at that shortly o Heartbeat Connects to device using credentials on Secret Manual, otherwise run on own timer o Sharing Permissions, inheritance, tabs Secret Template Note template type on example Secret, go to corresponding template Expiration explain RPC and autochange, use cases (AD) Audits Secret Audit User Audit Report (you may have a case in which a user leaves need audit trail etc.) o Difficult w/out tool like Secret Server, comprehensive audit trail

Launchers Comparison of two PuTTY launchers set up with different permissions o The first one has Session Recording icon with no possibility to copy to clipboard or unmask password o The second one has Password unmasking/copy to clipboard o Give use case for each type. (e.g.: contractors should only have a limited view of the password) Security tab review settings Launch recorded session and type whoami to show how you are logged into a separate session using the credential on the Secret Audit show video Custom launcher can be shown by launching a MS SQL Server Management Studio session, for example Custom launcher elevated command prompt run as user on Secret Remote Password Changing Dashboard acknowledge previous bulk operation password change example. Can change for individual Secrets as well. Go into a specific Secret to showcase the remote password changing capabilities and click on View o RPC tab Acknowledge Auto-change Demo change - enter password or Generate Show successfully changed password o AutoChange settings Next password Sometimes credentials on a Secret do not have rights to change the password on its own account need privileged acct Agent explain Local RPC directly from webserver to device on which the password must be changed Choose a Service Account to showcase Service Accounts management o Dependencies: how RPC handles service accounts o Changed in order order can be easily changed o Created new dependencies Privileged account may be necessary as well

Advanced Security Settings (choose a Secret that has those configurations in place) Hide Launcher Password Require Comment Requires Approval for Access optional workflow o May specify approvers (users or groups) o May include editor, owners, approvers o Administration > Manage Secret Access Requests Approve requests Specify period of time allowed for access DoubleLock o More for security, not convenience (no RPC or Heartbeat) o Set up password, used to generate encryption keys called DoubleLock o Password required to access Check Out o exclusive access mode o Change Password on Check In provides secure audit trail Unlimited Administration Mode (Break the Glass) Explain Admin, User roles Brief look at creating a role Typical administrator only has access to Secrets shared with them Unlimited Administrator receives Owner permissions for all Secrets in UA mode Common use case: only user who has access to Secrets for a few servers is gone when an emergency occurs, need to have access to reboot servers Check & balances o 2 permissions o Banner notification o Alerts (event subscription) Event Subscription Come up with a few examples (Secret is edited from specific folder, Heartbeat fails, etc.) Email recipients, users, groups Mention Heartbeat value of knowing when passwords are changed outside of SS

Discovery Local & Service accounts (for Windows services) Will scan domain-joined machines for accounts o Finds OU s, finds machines, scans using WMI for accounts o Import o Passwords Rules (Enterprise Plus) o Apply to Local accounts only o Email notifications OR just import as new Secret (or both) Reports/Scheduled Reports Large # of reports already created Look at one (Secret Template Distribution is pretty) o Email report o Schedule report Emphasize value of having daily or weekly reports (for Heartbeat, Users, etc.) Healthcheck (no data, won t send) Edit report or create new one show block of SQL Import CSV and/or XML CSV o Less error-prone (can check columns before importing) o Recommended for 1 st time imports of data o Show example of import (type fake data) XML o Better for repetitive tasks, such as bulk folder creation o Creating users/groups Backup Backs up 2 parts: 1.) Database and 2.) Application files Note network share May be scheduled Notifies users with Administer Backup role permission on failure

Web Password Filler Search for web folder Chose a web password as an example Show mapping of fields

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback