Manage Local Accounts for not domain joined servers

1 vote

Published a year ago

We have Windows DMZ servers which are not domain joined. With the PAM module you can manage local accounts with WinRM but this is now not possible to do this with ssl. When ssl is supported it is difficult to manage.

Our previous PAM solution use a agent on the DMZ server. The PAM solution communicate on a secure (SSL) way with the DMZ server to rotate passwords for local accounts and change group membership on the DMZ server. This was a very lightweight solution and very stable.

Is this a possible idea to manage local accounts on DMZ servers in stead of WinRM?

All Comments (1)

Luc Fauvel

Published a year ago

Hi Freddy,

Unfortunately, WinRM is required to manage Windows local accounts because we run PowerShell scripts to do this. An alternative solution, however, would be to use the Devolutions Gateway for the WinRM communication. You can deploy the Gateway in the DMZ and set the provider to use it to access the servers within the DMZ.

If you would like any assistance with setting up the Gateway, you can reach our support department at service@devolutions.net

Best regards,

Luc Fauvel