+6
Pending Review

Personal 'send to screen' credentials

Ano Niem 2 years ago updated by Trevor Schmidt 1 year ago 5

Hello, 

Currently we have unattended access on about 85 servers. But we see more and more that our technicians are getting personal logins to servers because of security reasons. 

Is it possible to have a personal 'send to screen' button with credentials linked to the logged in user?

We would like to see this :). 

Available in Version:

Hi Brian, 


Your tech's personal logins can be stored and sent in manage credentials, in the same way that a guest's credentials can be stored and sent. Each access session can store a max of 1 set of credentials. 


Hope this helps!

Hi Caitlin,

Thanks for your reply. 

Thats not what I mean. If we store our personal creds in the 'prompt storage' box. Other users that have access to that machine will be able to 'send to screen' with my credentials.

The purpose is that only my login is available for me and me only. Not for other techs. So 'Send to screen' is a personal to the users that is logged in on ControlWise Control.

@Caitlin do you have a update for this?

Hi Brian, 

For your use case, we suggest a password manager as opposed to our in-product credentials storage. We have an integration with Passportal that you can get from the extension marketplace. Give that a try!

Caitlin 

It would be nice that when the stored credentials are hashed and stored locally on the endpoint, that it could be prefixed (or however you wish) with the technicians unique userid.

This will ensure that the credentials I stored for a server (which are Windows domain account) are NOT available to every other junior technician who should only have regular user access.

As you have it configured, for any server that I might share with my junior technicians, I cannot store credentials if they have a different level of Windows security to myself.


I totally understand that ManageStoredCredentials is a permission added per user role, and I want them (and I) to save credentials, so removing the global right for them is not the answer.

It would be a nice enhancement if you could encrypt and save the credentials on a per technician basis and not store them as one-for-all, as you do now.