Remote Users / Offline Users

[bojan.jancar]

We have a lot of users (sales staff) all around the globe. All users have NO local admin rights. they rarely connect to the corporate network on a ssl vpn basis. They often work with citrix and outlook anywhere (outlook over https). Sometimes they need local admin rights to install IE plugins or small software. We then provide the password from the local administrator, so the users can install the software. Once the user knows it's local administrator password, he likeli missues it for other non work related software installation. We would like to change the local admin password on a regulary basis, so it can only be used "once". Is there a way to achieve that with random password manager? do you hava any other idea how we can solve that?

[Chris]

In it's current implementation, RPM/ERPM will go into an automatic-retry state when a system is unreachable during a password change job. If you have a relatively frequent retry policy we would be able to pick these machines up as they join your network and re-randomize the password as needed.

One of way of addressing this for your remote users right now, is to have them connect to the VPN to retrieve the local admin password for their own system. Both RPM and ERPM support a 1 to 1 relation ship called "self recovery" where you can identify that userX can recover the password for his/her machine only. Then either set a short expiration time for the password or have them check the password back in when they are done then disconnect from the VPN.

In the medium term, we are investigating other alternatives to this issue but these will of course require some kind of an agent to manage the system while it is off-line. Though for the sake of security this may be best implemented through the use of PKI (certificates).

If you would like to follow this process further we would love to discuss it with you in depth. Please email support@liebsoft.com regarding this post with your contact information.

Hope that helps.