Historically, IT departments were able to directly manage all their systems because they were connected to the corporate network. But in today’s mobile-first and cloud-first world, most organizations operate with many disconnected systems.
Are You Changing the Administrative Passwords on Your Offline Systems?
Even when disconnected, systems still need automatic and regular changes to the credentials on powerful administrator and root accounts. Otherwise, organizations cannot meet regulatory compliance mandates and are at risk from cyber attacks like pass-the-hash.
Privileged identity management solutions have long been able to change privileged passwords on connected systems. However, they often missed systems that were disconnected from the network.
Providing Privileged Account Management on Disconnected Systems
Now, through patent-pending technology in Lieberman RED – Rapid Enterprise DefenseTM Identity Management, organizations can automatically change the privileged passwords on all systems in the enterprise – irrespective of their connectivity to the corporate network.
With its industry-unique Disconnected Account Management functionality, RED Identity Management is the first privileged identity management solution to support both connected and disconnected servers, desktops and laptops.
An Alternative to Microsoft LAPS
Many IT professionals still rely on Microsoft Local Administrator Password Solution (LAPS) to change their Windows administrator passwords, because they don’t think there’s a better choice. Now there is. Disconnected Account Management offers all the advantages of Microsoft LAPS, with none of the limitations.
Unlike Microsoft LAPS, Disconnected Account Management is a cross-platform, enterprise-level solution. It encrypts stored passwords, is not dependent on Active Directory, offers a web interface for management and password recovery operations, and is backed by 7/24 technical support professionals.
How Disconnected Account Management Works
Install Tenant Application
- IT administrator creates different tenants (i.e. groups of systems) with different password policies
- Each tenant generates different installer packages suitable for those user machines
- IT administrator downloads a specially crafted application for each tenant
- Pre-configured application is installed in each machine
- Application automatically registers itself with either a public or private server
- Application receives policy that defines how often to change the password, and how to generate new and unique local passwords
- Application changes the root or administrator password on a regular schedule indefinitely
Share Secrets, Policies and Synchronized Clocks: Remote Application vs. Central Service
- The central service and the remote application refer to the same time clock
- Both know the policy of when passwords get changed
- A common secret defines the sequence of passwords that will be generated
Manage via Secure Web Interface
- Policies for passwords are controlled by the web portal
- Delegation of access is provided per tenant
- Authorized IT administrators can retrieve the current password being generated on a remote machine at any time
- Shows how long the current password will be valid as well as the next password to be generated
Benefits of Disconnected Account Management
- Changes administrative passwords on offline systems automatically
- Mitigates pass-the-hash attacks
- Ensures regulatory compliance requirements for password change frequency are met
- Provides management web interface
- Works connected or disconnected from the network/domain
- Supports Windows, Mac, Linux, UNIX, and more