Skip to main content

Hi Team,

I have a query regarding web console login: "Can we use the same user account for both Web Console login and Server RDP (MA) login? If we do, what would be the potential impact?"

I would appreciate a quick response on this matter.

Thanks!

As I know it could not possible & the password going to visible, also it will rotate the password but I just wanted to know the technical impact of these method. 


@SugunaRajalakshmi Yes, you can, but it you would not need to rotate the password as well because if you rotate, how would the user login on console if he does not have the new password.

 

The best case scenario would be you to create a new account to use as the RDP account, something like Suguna.Raja its your user and you would create a admin-suguna.raja and then this account would be the one with the RDP acess.


@Paulo144  "In this scenario, the customer is not ready to create an additional account for RDP utilities and prefers to use the existing AD-managed account for user login. Could you please clarify this situation or suggest a solution we can offer to the customer?" Can you please assist me 


@SugunaRajalakshmi on this scenario the customer is not using the recommended steps and would use less the ideal conditions on the password safe.

 

But if there is no other way, instead of using password safe to login using a managed account, you could make the case where the user would be able to have acess to “Admin Sessions” feature and then they could use password safe to acess any system using they own account, because they know the password for the accounts, on this scenario you would have the managed system but only manage the local accounts of the system, like the Administrator or Root account.

https://docs.beyondtrust.com/bips/docs/ps-cloud-admin-sessions

To be completely honest using the same account to login on the webconsole, to RDP to servers is a dumb ideia, you gain nothing in terms of security, the first scenario i described being the dedicated account route would be the best one, i mean even if they only created a admin local account for each user in every server it would still be better than using they nominal account.

 

The problem of the scenario you described is literally the usage of the nominal account, because i can’t have password safe manage that password as the user would not be able to know they own password, even logging on they own desktops would be impossible.


Reply