Security Controls

Defining Credentials

The Define Credential dialog can be accessed anywhere a credential is used within the Security Controls interface (for example, from a machine group, from the Credentials Manager, etc.). It is used to specify a new user name and password pair that collectively define one credential. The credential is stored with strong encryption techniques. Only the administrator that creates the credential will be able to decrypt the credential and access it from within the program. If you elect to share the credential, however, it will be made available to other administrators as well as to Security Controls service components.

Credentials may be automatically defined for you during a product upgrade or when importing a machine group. Any credentials that are found during these processes are preserved and will be assigned friendly names according to their usage. The term Discovery filter is the friendly name assigned by the program to a machine group credential that it identifies during an upgrade or import process. Feel free to change the name to something that more closely reflects the usage of the credential in your organization.


Name this credential so it can be used elsewhere

Provide a friendly name for this credential that describes exactly where it should be used.

User name

Type a user name that has access to the machine(s). When specifying the user name:

If you need to specify a domain as part of the credentials be sure to include the domain name as part of the user name. For example, if you enter [email protected]<Domain>, <Domain>\User, or a fully qualified user name, Security Controls will use the domain account rights.

If you enter <Target Machine>\User, Security Controls will use the target's local account rights.

If you do not include a domain or machine as part of the user name, the name will be qualified to the target machine (<targetmachinename>\User).

Microsoft Windows .alias name formats (for example: '.\username') are supported by Security Controls.


Type the password for the user.

Verify password

Retype the password to verify you specified it correctly.

Share this with background tasks, agents, and other features

If enabled, this credential will be available to all Security Controls administrators and can be used to specify credentials for service components within the program. The service components within Security Controls that require a shared credential include the following:

Proxy service

Email service

Agent Internet proxy

Distribution servers

TrustedHost list access when running remote scripts

Why is it necessary to share a credential? Credentials are encrypted, so you must share a credential so that the service components can decrypt and access it when needed.

Example: If you select Tools > Options > Proxy and attempt to assign Service credentials, only shared credentials are available for selection. The service must have a copy of the credential in order to decrypt it.

It is recommended that you create a service account to perform these service functions rather than using a domain administrator account. See Potential Security Implications When Sharing Credentials for more information.


Was this article useful?