Devolutions ForumDevolutions Forum

Individual credentials por admins without view them

Individual credentials por admins without view them

avatar
Hector Garcia de Llano

Hello.

We have been using RDM from 2015, always with a unique combination of usr/pwd configured in the sessions, so we all connect to servers with the same user.
Now, it is time to add a "security plus" (or better said, "auditing plus"), so everyone of us (4 admins, not so much for +750 entries in RDM) will have an "admin account" and we will need to use that admin account to connect to servers.
I think that I could do a Batch Edit -> Edit Sessions (User Specific Settings) to change usr/pwd only for my RDM user; idem for my colleagues.
But when we'll change our passwords (admin accounts stay at Active Directory), we'll have to do that same task every time.

So we are thinking to create a Credentials entry for each one of us and then use the Batch Edit option to select our credential, so when we need to change our admin passwords, we only have to change them in our credential.
We don't have at this time an external password manager (like LastPass or so), so to test we have created one credential for one of us (New Entry -> Credentials -> Username/password)... but every other admin can not only view the credential in the sessions pane but also view the username and password inside the credential.

Until now, we only have 2 groups in RDM: Newbies, that can't view nor edit passwords, and Admins; now, all of us are in the Admins group, but although we change permissions at credential entry to Never (view, edit,...) for Admins group, we all keep viewing username and password.

Perhaps, I'm missing some "little detail" because I think that this is how big companies work (one "admin account" for every administrator, so you can track and audit every modification in critical systems), but just now I can not find a solution.

Please, can you shed some light over this problem and tell me what could be the best option to use individual credentials without an external password manager?
Can we do that with "Username/password" credential, but with different permissions?

Thanks in advance.
Regards,
Héctor

All Comments (1)

avatar
Jeff Dagenais

Hello,

I suggest creating an Username / Password credential entry in your Private Vault (which is unique to all users) and enable the User Specific Settings to override the credential of the session by using this entry from your Private Vault.
https://help.remotedesktopmanager.com/view_navigation_privatevault.htm

Another thing, if your child sessions are set to Inherited, then, just enable the User Specific Settings at the folder level. No need to enable the User Specific Settings on all sessions in that case.

Best regards,

Jeff Dagenais