One of the neglected security holes in a Windows network is the local administrator password for your users’ desktop machines. Many organizations synchronize these, so that the same password can be used for each. This makes it much more efficient for IT personnel to maintain and modify those machines. Of course, it also means that everybody knows the password – someone will eventually tell a user what it is, or let a user watch them type it in. In any event, it really is a “shared secret,” shared by most of the organization, and probably a few outside of it. Even periodic changing of the password only protects the systems for a short time until the secret is out once again.
Alternatively, you could establish separate, distinct passwords for each machine and empower the user to change it periodically. Or send around members of your staff to make the changes. But what happens when you need to maintain that machine, and the person who last changed the password isn’t available? Maybe you could create a spreadsheet of all the passwords …
Lieberman Software thinks it has a better way. Random Password Manager (RPM) addresses what the company calls the “common accounts credentials” dilemma. The accounts it refers to are those, like the local administrator account, that are on multiple systems within your network.
RPM works by periodically randomizing the local administrator passwords throughout the enterprise. All of your systems maintain unique account credentials, preventing one compromised password from threatening the security of your entire network. RPM also allows remote recovery of passwords on demand, so your delegated users can safely retrieve the temporary administrative credentials required to accomplish routine systems management operations.
Randomization is managed from a central console based on schedules you establish. Users can quickly access a unique password for their systems through a delegated Web interface and, once they have completed their administrative tasks - such as installing applications or device drivers - the password is checked in and automatically spun to create a new, unique account. That’s a real boon for remote or after-hour workers who do not have immediate access to the help desk. Of course it also reduces the expenses and demands of 24/7 remote systems administration.
RPM uses Microsoft SQL Server and/or Microsoft SQL Server Desktop Engine. The standalone package retails for approximately $29 per managed system. Discounts are available. $29 per system, what’s protecting your assets worth?