One of the neglected security holes in a Windows network is the local administrator password for your users’ desktop machines. Many organizations synchronize these, so that the same password can be used for each. This makes it much more efficient for IT personnel to maintain and modify those machines. Of course, it also means that everybody knows the password – someone will eventually tell a user what it is, or let a user watch them type it in. In any event, it really is a “shared secret,” shared by most of the organization, and probably a few outside of it. Even periodic changing of the password only protects the systems for a short time until the secret is out once again.

Alternatively, you could establish separate, distinct passwords for each machine and empower the user to change it periodically. Or send around members of your staff to make the changes. But what happens when you need to maintain that machine, and the person who last changed the password isn’t available? Maybe you could create a spreadsheet of all the passwords …

Lieberman Software thinks it has a better way. Random Password Manager (RPM) addresses what the company calls the “common accounts credentials” dilemma. The accounts it refers to are those, like the local administrator account, that are on multiple systems within your network.

RPM works by periodically randomizing the local administrator passwords throughout the enterprise. All of your systems maintain unique account credentials, preventing one compromised password from threatening the security of your entire network. RPM also allows remote recovery of passwords on demand, so your delegated users can safely retrieve the temporary administrative credentials required to accomplish routine systems management operations.

Randomization is managed from a central console based on schedules you establish. Users can quickly access a unique password for their systems through a delegated Web interface and, once they have completed their administrative tasks - such as installing applications or device drivers - the password is checked in and automatically spun to create a new, unique account. That’s a real boon for remote or after-hour workers who do not have immediate access to the help desk. Of course it also reduces the expenses and demands of 24/7 remote systems administration.

Whitepapers

• Advancing the Economics of Networking
• Enterprise Data Center Network Reference Architecture
• Implementing HA at the Enterprise Data Center Edge to Connect to a Large Number of Branch Offices
• File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper

View more SECURITY whitepapers

Webcasts

• PoE Plus: Impact on the PoE Market
• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports