A key feature of Passwordstate is being able to automatically authenticate to remote hosts, without the need for specifying your authentication credentials manually. This feature can be extremely useful when utilising contract staff to assist in supporting large fleets of servers and network infrastructure. It can be used in situations where remote 3rd Party access is required by application vendors to ensure your expensive software is up to date and functioning correctly. In this scenario, you can configure your system so the contractor doesn’t even know the password they are connecting in with.
Remote sessions are automatically audited enabling you to report on who launched a Remote Session, to which Host, from what IP Address, and using which specific authentication credentials. This can be taken to the next level by using our browser based launcher and specifying which contractors, vendors or support staff have their Remote Sessions recorded. This allows you to maintain a record of what actions were undertaken during each remote session.
How do you setup for establishing Remote Sessions without the user “needing to know” or having to remember complex credentials?
Setting up the Remote Session Launchers
If you are not familiar with how to set up the Remote Session Launchers, please refer to the following information,
- For the Client Based Remote Session Launcher: https://www.clickstudios.com.au/community/index.php?/topic/2110-how-to-set-up-the-remote-session-launcher-passwordstate-8/
- For the Browser Based Remote Session Launcher: https://www.clickstudios.com.au/downloads/version8/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf
Add an account with permissions to connect to Hosts
First, create a new Password List and give it a meaningful name. In this example I’ve created a Password List called Remote Session Launcher Accounts under a folder called Remote Access in the root of the Passwords tab. Next add a new Password Record, specifying an account with permission to connect into machines on your network. The following example uses an Active Directory account which can connect to any Windows Server or Desktop. Note, do not grant contractors, vendors or support staff permissions to see or use this Password Record!
Create a Remote Session Credential and grant access to it
Next, you’ll need to create a Remote Session Credential. To do this navigate to Hosts->Hosts Home->Remote Session Credentials and Add Credential to create a new Remote Session Credential, ensuring it’s linked to the existing Password Record you’ve created above:
Next, you need to grant your contractors, vendors or support staff access to the Remote Session Credential you have just created by selecting the action icon and clicking on View Permissions
then click on the Grant New Permissions and add the appropriate account (as per the example below) and click save
Granting access to a Folder containing the Hosts
Now you can grant access to the Folder containing the machines you want the contractors, vendors or support staff to have access to. Once done the Folder and the machines will be visible in the Host tab when they log into Passwordstate.
Now those users can simply navigate to the Hosts tab, select the host they need to establish a remote session to and click on the Auto Launch button.
This will establish the connection for them without their ever needing to know the password credentials!
As always, we welcome your feedback via support@clickstudios.com.au.