New Feature Highlights - PowerBroker Password Safe 6.2
Quickly Connect to RDP Sessions with DirectConnect
Connecting to a webpage to request access to an RDP session is an unnecessary step for administrators that primarily work with desktop connection managers.
PowerBroker Password Safe
version 6.2 introduces a new method of connecting to RDP sessions without having to log onto the Password Safe portal. Connection strings may be defined and saved as shortcuts on the desktop, or by using popular desktop connection managers such as Microsoft RDP Manager, or Devolutions Remote Desktop Manager.
To connect, the user builds a connection string with the following syntax (for example):
btlab\user@Administrator@systemx in the User name field
passwordsafeproxy : port in the Computer field
In this example, when passing the connection string to the Password Safe proxy, the user will be prompted for the password of his or her own account (btlab\user), then directly logged onto an RDP session running as Administrator on systemx.
No agents need to be installed on the hosts, and connection to any RDP system is supported.
Password Safe RDP DirectConnect allows sessions to be easily established via your existing desktop tools without having to initiate via a web interface.
Note: Password Safe RDP DirectConnect will be available January 2017.
Capture Every User Action with RDP Enhanced Session Audit
Oftentimes, an RDP session can consist entirely of clicking on controls, with no keystrokes audited. When recording keystrokes alone, this leads to an audit deficit.
Available for both RDP and RemoteApp applications, the new enhanced session audit records every click within the interface to ensure that every action is accounted for.
All actions are indexed and searchable, along with any keystrokes recorded.
Clicking on an action will immediately jump you to that index point of the recording. Users now have the ability to display time stamps, as well as toggle between keystroke only display or keystroke plus actions.
Improved User Interface
- Status Column – displays current usage of the managed account
- Favorites – contains any account marked as a favorite for fast, easy access
- Account Description (with Search) – any account with a description will be displayed with an information icon that can be used to show the contents
- Workgroup Column – contains the workgroup that the managed system/account is a member of
- Most Recently Used – displays the last 60 accounts used for quick access
- Improved Filtering (?) – Each view will initially be empty for improved performance. Search and filtering controls will display managed accounts
- OneClick Conditional Display – If OneClick is not available due to access policy, the button will be grayed out and non-selectable
- Improved Application Filtering – new filtering options on the application screen allow conditional display of applications against linked systems
Expand Access Control Capabilities With SSH Connection Profiles
PowerBroker Password Safe now enables real-time email alerts on user activity, as well as command block, lock, and termination of SSH sessions.
Connection Profiles are a set of discrete rules that may be applied to specific access policies. For example, a firecall admin accessing a set of privileged accounts from a remote location overnight may have a different command profile than if the same admin logged in during daylight hours from an office location.
- Real-time Activity Alerts – you can send email notifications to a range of email addresses based upon keyword, hostname, or IP address.
- Command Blacklisting – keywords and simple regex values may be defined to determine a specific course of action: Block command, Lock Session, Block and Lock Session, or Terminate Session
- Hostname or IP Address Monitoring – upon accessing defined system names / addresses, actions may be set to automatically Lock Session, or Terminate Session.
Utilize Login Accounts in Restricted Shell Access Environments
As a security measure, many organizations restrict shell access to the root account in order to limit remote access to privileged accounts. In this type of scenario, a user would normally logon as a non-privileged account, and then ‘su’ to the root account.
PowerBroker Password Safe version 6.2 now supports environments that restrict shell access to root by adding Login Account capability.
When a session is opened to a managed root or other privileged account, the Login Account is used transparently in the background to open the remote shell session to the host, and an ‘su’ is made to the managed account automatically.
PowerBroker Password Safe version 6.2 also includes the following enhancements to further improve usability:
- Enhanced SAML protocol support
- Support for AD groups not in logon domain
- Support for AD binds at DC level
- ITSM ticket support for JIRA
- Custom platform – alternate test option
- Clone/Editing of built in platforms
- Improved SSH key enumeration
- Database instance enumeration
- Workgroup support (multi-tenancy)
- Scheduled Task enumeration
- Database user enumeration
- Support for password management of AD accounts with different UPN suffix
Session Management Enhancements
- Addition of Max Concurrent Password Requests
- New Password Age filters
- New Email action for Managed Accounts
- Snapshot feature for exporting frames to jpeg
- Application name in RDP window title
- Keystroke search of active sessions
- DirectConnect – performance improvements
- DirectConnect – Remove dependency on API enabled account
- SSH DirectConnect – Approvals and enhanced feedback (Jan)
- Performance improvements
- psrun v2 with API program factors
- 2-Factor Auth Support
- Approvals Support
- API Samples Library (?)
- Various enhancements