Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thycotic Secret Server Privileged Password Integration
#1
Hi,

Our company has been using ASG-RD for over 6 years and we love it. We are a MSP looking after financial services clients and so password management and control is critically important.

While the ASG-RD integrated Credentials are a great, when passwords change on hosts then there is a massive amount of work to update the Credentials in ASG. We currently have under management approx. 100 different AD domains, 600 servers running Windows and Linux variants and 500 network devices.

Thycotic Secret Server is a best in class (KuppingerCole Report here: http://thycotic.com/wp-content/uploads/2...ycotic.pdf) privileged password management system which allows the automatic changing of passwords across the enterprise and managed client networks auditing and control.

Is it possible for ASG to integrate Thycotic Secret Server with RemoteDesktop?

The end result would be Thycotic Secret Server would be able to automatically change and store the end host credentials and ASG-RD would be then use that database to retrieve credentials without any manual intervention. A stunning win for security and ease password of management!

There are other products which do provide this integration, but are not anywhere as easy to use as ASG-RD. There is a published API available from Thycotic.

Many thanks for considering this suggestion.


Regards,


Richard
Reply
#2
We plan for the next major release to integrate API support - then it will be easy to integrate Pasword Manager tools
Regards/Gruss
Oliver
Reply
#3
(08-12-2015, 08:23 AM)DevOma Wrote: We plan for the next major release to integrate API support - then it will be easy to integrate Pasword Manager tools

Hi,

I was wondering if this has happened yet. We need to have this for compliance reasons. Can you help us with developing the interface needed?

Kind regards,


Richard
Reply
#4
We have a Powershell API implemented for version 2016 - please have a look at it...
Regards/Gruss
Oliver
Reply
#5
Rolleyes 
(17-03-2017, 07:57 AM)DevOma Wrote: We have a Powershell API implemented for version 2016 - please have a look at it...

I'd love to...but:

WARNING: Environment could not be connected. Powershell mode is not supported in 'Eval mode'.

Hmmm... Rolleyes
Reply
#6
Had this same issue. Re-import your license file.
Reply
#7
Here is some quick code to Create a new user.

$retCredGuid = Get-RDBaseItemId -ItemPath Credentials
$ret = New-RDBaseItem -ParentItemId $retCredGuid.Guid -ItemType credential -Text NewTestCredential
Set-RDPropertiesCredential -ItemId $ret.ItemID -Domain TEST -Password TEST -Username TestUserName
Reply
#8
Anybody have more details on how to make this work? Do we configure PowerShell from within ASG to reach out to Thycotic? Or will it start in Thycotic and connect to ASG? Confused here and could use more detail. Thanks // David
Reply
#9
Anyone have more detail to help here?
Reply
#10
I do not know the product from Thycotic - and the API from that product - perhaps you need to write a script that gets all credentials from ASG-RD and then you have to get the right password for the credential from your Thycotic API and set this password back via the Powershell API
Regards/Gruss
Oliver
Reply
#11
(16-05-2017, 08:09 AM)DevOma Wrote: I do not know the product from Thycotic - and the API from that product - perhaps you need to write a script that gets all credentials from ASG-RD and then you have to get the right password for the credential from your Thycotic API and set this password back via the Powershell API

I just looked and Thyotic has PowerShell support.  So you would need to do something like.

Read the accounts in ASG-RD, Check each account name for the password in ThyCotic, use that password to then update your account in ASG-RD.

here is an excerpt from my larger script that changes the password for an account that matches the $Account variable. Note that the connection to the Database has already been created.

Code:
Function Update-RDPassword($account, $Password)
{
    
    $parms = @{'ParentItemId'=(Get-RDBaseItemId -ItemPath "Credentials").Guid;
        'itemType'="Credential";
   }
   
    $creds = Get-RDBaseItemChilds @parms

    foreach ($Cred In $creds)
    {
        $CredText = $Cred.Text
        if ($CredText -match $account)
        {
            Write-Host "Changing Password for $CredText"
            $credGuid = $Cred.ItemID
            try
            {
                Set-RDPropertiesCredential -itemID $credGuid -Password $Password -erroraction stop
            }
            catch [System.Exception]
            {
                switch($_.Exception.GetType().FullName) {
                    'System.Management.Automation.ItemNotFoundException' {
                      Write-Error "ItemNotFound for $CredText"
                    }
                    'System.Management.Automation.SessionStateException' {
                      Write-Error "SessionState for $CredText"
                    }
                    'System.Management.Automation.RuntimeException' {
                      Write-Error "RuntimeException for $CredText"
                    }
                    'System.SystemException' {
                      Write-Error "SystemException for $CredText"
                    }
                    'System.Exception' {
                      Write-Error "Exception for $CredText"
                    }
                    'System.NullReferenceException' {
                      Write-Error "Null Reference Exception for $CredText"
                    }
                     default {
                        Write-Error "well, darn on setting the password"
                        Write-Error $_
                        }
                }
            }
            try
            {
                Set-RDPropertiesCredential -itemID $credGuid -alwaysPromptForPassword $false -erroraction stop
            }
            catch [System.Exception]
            {
                switch($_.Exception.GetType().FullName) {
                    'System.Management.Automation.ItemNotFoundException' {
                      Write-Error "ItemNotFound for $CredText"
                    }
                    'System.Management.Automation.SessionStateException' {
                      Write-Error "SessionState for $CredText"
                    }
                    'System.Management.Automation.RuntimeException' {
                      Write-Error "RuntimeException for $CredText"
                    }
                    'System.SystemException' {
                      Write-Error "SystemException for $CredText"
                    }
                    'System.Exception' {
                      Write-Error "Exception for $CredText"
                    }
                    'System.NullReferenceException' {
                      Write-Error "Null Reference Exception for $CredText"
                    }
                    default {
                        "well, darn on setting it to not prompt for $CredText"
                        Write-Error $_.Exception
                        }
                 }
             }
        }
            #sleep 1        

        $CredText = $null
    }
    
    $parms, $Cred, $creds, $credGuid, $Password = $null, $null, $null, $null, $null    
}
Reply




Users browsing this thread: 1 Guest(s)