If your company has a large number of computer systems, you've probably devised an efficient way to configure a new system and get it online fast. Maybe you use a script to give the local administrator account the same password on each machine. If so, you might want to rethink your strategy. You're opening up all your systems to a disgruntled employee or someone from the outside who gains physical access to just one of your computers. If that person has the password for one computer in your organization, he or she can authenticate to any of your computers with administrator authority.
Lieberman Software's Random Password Manager is a possible alternative approach. It generates strong passwords (you specify the characteristics of how strong) and replaces passwords as often as you like. It stores the passwords in an encrypted Microsoft SQL Server database. Random Password Manager also works with Linux and UNIX passwords, SQL Server sa passwords, and Cisco and some other device account passwords.
When administrators or designated users need to recover an administrator password to perform some task on a machine, they use a Web interface over a Secure Sockets Layer (SSL) connection to do so. The password will work for an amount of time that you specify, then the password will be re-randomized. While administrators and users have a password "checked out," all their activities on the system are logged.
Chris Stoneff, product manager, told me that Lieberman's average customer for Random Password Manager has 10,000 to 15,000 systems. As you'd expect, government regulations such as SOX, HIPAA, and PCI with their requirements for companies to keep tabs on who does what on their systems, are prompting more interest in Random Password Manager from companies "in every industry."
Another factor driving interest, according to Stoneff, is Windows Vista and its User Access Control (UAC) feature. Lieberman customers and potential customers that are planning Vista migrations are anticipating increased Help desk calls when users encounter UAC prompts and can't perform tasks as they used to. Random Password Manager could be used to give users temporary access to administrator privileges as needed.
For more information, go to http://www.liebsoft.com/index.cfm/products?id=270.
