Hi all,I’m in the process of onboarding over 100 local Linux servers into BeyondTrust Password Safe, and I’m looking for a more efficient way to handle FA (Functional Account) assignment during setup.Steps I’ve taken so far: Added all 100+ servers to an Address Group Created an asset-based Smart Rule Set the assets within the Smart Rule to be Managed by Password Safe However, when I try to enable Automatic Password Change Options, I’m only able to assign one FA (From smart rule). Since each server requires a unique FA, manually creating individual Smart Rules for each server would be highly inefficient.Question:Is there a way to automate or bulk assign one FA per server without having to create a separate Smart Rule for each one?Thanks in advance for your help!

Hi,I recently came across a similar use case involving the management of over 50 non-domain joined Windows systems. In that scenario, the following approach was implemented:A local functional account was created on each system, all using the same username and password.A single local functional account was then added to Password Safe, with Automatic Password Management enabled.This Functional Account was applied to each onboarded system. While the username remained consistent across systems, Password Safe managed unique passwords for each system.This method proved to be significantly more efficient than creating and managing individual functional accounts within Password Safe for each system.

How to enable "Automatic Password Change" for local Linux servers?

Hi all,

I’m in the process of onboarding over 100 local Linux servers into BeyondTrust Password Safe, and I’m looking for a more efficient way to handle FA (Functional Account) assignment during setup.

Steps I’ve taken so far:

Added all 100+ servers to an Address Group
Created an asset-based Smart Rule
Set the assets within the Smart Rule to be Managed by Password Safe

However, when I try to enable Automatic Password Change Options, I’m only able to assign one FA (From smart rule). Since each server requires a unique FA, manually creating individual Smart Rules for each server would be highly inefficient.

Question:
Is there a way to automate or bulk assign one FA per server without having to create a separate Smart Rule for each one?

Thanks in advance for your help!

Page 1 / 1

Hi,

I recently came across a similar use case involving the management of over 50 non-domain joined Windows systems. In that scenario, the following approach was implemented:

A local functional account was created on each system, all using the same username and password.
A single local functional account was then added to Password Safe, with Automatic Password Management enabled.
This Functional Account was applied to each onboarded system. While the username remained consistent across systems, Password Safe managed unique passwords for each system.

This method proved to be significantly more efficient than creating and managing individual functional accounts within Password Safe for each system.

Hi,

I recently came across a similar use case involving the management of over 50 non-domain joined Windows systems. In that scenario, the following approach was implemented:

A local functional account was created on each system, all using the same username and password.
A single local functional account was then added to Password Safe, with Automatic Password Management enabled.
This Functional Account was applied to each onboarded system. While the username remained consistent across systems, Password Safe managed unique passwords for each system.

This method proved to be significantly more efficient than creating and managing individual functional accounts within Password Safe for each system.

Hi Paul,

Thanks for taking the time to answer my query — that approach could definitely help resolve several challenges we're facing.

As a follow-up: is there a way to verify that the credentials are being rotated individually for each server, even though we’re assigning the same local Functional Account across all systems at the start?

Just want to make sure that Password Safe is managing unique passwords per server as expected.

Appreciate your guidance!

Password will be uniquely generated based on the Password Policy even though you are using the same local FA.

Apart from View Password, I don't think there is an option to check the uniqueness of the each password.

FYI, only sync accounts will have the same password, rest of the managed accounts will always have a unique password.

Hi,

To echo Prudhvi’s point, the password is uniquely generated in accordance with the Password Policy assigned to the Managed System. Currently, there is no method to verify these credentials through the user interface. However, I am unsure whether this capability is available via the API.

For Managed Accounts, password verification can be scheduled using the Test Agent. Please note that this functionality is not supported for Functional Accounts.

Sync Accounts are particularly beneficial when working with local scan credentials. For instance, you can create a single Managed Scan Credential using subscriber local accounts that share the same password. This allows one Scan Credential to be used across multiple local systems within the same scan job. That said, Sync Accounts are not recommended for use with Functional Account

Reply

Badge Earners

Reply

Badge Earners

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded