I am looking to implement Netwrix bulk password reset in a small but highly secure workgroup environment. I have been asked about the security of this solution. How does it communicates with the remote workstations, does it stores it/catches passwords? Where can I find this information?.
Posted 03 August 2016 - 12:16 PM
Bulk Password Reset stores credentials in a flat file in the install directory using a proprietary encryption. When resetting passwords on remote machines RPC is used which has it's own security built in.
Posted 03 August 2016 - 03:43 PM
Would you know what type of encryption it is, and how secure?. What credentials are saved in the file (those being sent to the remote machines?) and how long are they stored for - ie. do they get overwritten at the next change?).
On another line, I can't seem to find an encrypted flat file on the install directory on the machine I have installed the trial - I can see hidden files as well as 'protected Operating System' files.
Posted 08 August 2016 - 01:08 PM
Q: Would you know what type of encryption it is, and how secure?.
A: We use DES encryption (which is a part of Microsoft Cryptographic Service Providers i.e. MS CryptoAPI)
Q: What credentials are saved in the file (those being sent to the remote machines?) and how long are they stored for - ie. do they get overwritten at the next change?).
A: When the “Specify the administrator’s credentials” checkbox is checked Bulk Password Reset stores the account name in the BPR.cfg file located in the product installation directory. The account is stored in the BPR.cfg until the new account is specified.
The BPR.cfg file contains the account name only, while the specified password is DES encrypted and stored and related resource files (managed by OS Crypto API)
In other cases when “Specify the administrator’s credentials” is not checked Bulk Password Reset uses account which it is ran under (or which the scheduled task is set under).