Skip to main content

How to ensure that even Admin session should be recorded. There should not be an option to avoid Recording.

Hello ​@naidu_jsts 

If you go to Configuration | Global Settings you can hide record checkbox for ISA and Admin sessions. Once hidden users will not be able to toggle off recording if its enabled in the Access Policy.

Regards,

John


There is now a kb article with this information:

How to hide the Record Session option - How to record all sessions

https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0021957


I m referring to those which are accessed from passworsafe and not through admin session


@naidu_jsts i understand your point, but that is a option only available to administrators, unless you have more then one user as a extra admin on the console, that is not a issue, because even if the session is not recorded its still audited on the password safe session report.


How to ensure that even Admin session should be recorded. There should not be an option to avoid Recording.

One thing that could be done to prevent this, is having policies and procedures in place where Password Safe administrators do not do these types of actions to start with. If you have admin access on your normal day to day account, have this broken off into a completed separate account. 

The way that I’ve always advised setting the system up…

Normal Day to day account logs in, checks out password for a managed accounts. That managed account then logs into Password Safe and has administrative rights to the system.  This ensures a couple things…  If your normal day to day account gets breached its not providing those elevated rights into the system. If your administrative account password gets breached, its on a systemic rotation based on checkout time like any other managed account, limiting the amount of time its viable.

 

This method does not affect your licensing as BT recognizes the need for these safeguards and considers a User license based on Heartbeat, not based on account that has access to the system, at least this is what has been told to me by our Account rep and Customer Success Manager.

 

You can still use the report that was mentioned above to audit the account usage and then if you catch Admins accessing systems and avoiding session recording you can handle them internally using the policies and procedures that were put in place.


Reply