This feature is also in the Vault page of the Webapp and it harvests Local Admins from the machine(s) that have an Evo Credential Provider installed on them.
Requirements
- Evo Admin User must have the proper Role-Based Permissions:
- Endpoint must have the NEW 2.1.x Evo Credential Provider installed. You can download the latest Evo Credential Provider from your portal on the "Applications" page:
New Evo Credential Provider
Once downloaded and installed, you’ll notice there are different features and functions on the Evo Settings Editor :
Clicking the Administrator Sync button will sync any found Local Admins that are associated with the endpoint that it is installed on, and similar to the LDAP agent, if you hold CTRL + click, it will do a complete and total replace/resync of the local administrators.
Clicking the Local Administrators button will display another window that shows all the Local Admins found.
Here, you will have a list of all found Local Administrators as well as some options you can enact:
- Query- This will Query for any found Local Admins
- Save- This will save the list of Local Admins as a JSON file
- Load – This will load a list of Local Admins from the saved JSON file
- Copy- This will copy the list of Local Admins
-
Details – This is greyed out unless you select a Local Admin. Once selected, clicking this button will reveal details about that Local Admin
Using Local Accounts
NOTE: In order to utilize Local Account functionality, the account must be successfully rotated at least once. If saving a "Rotation Frequency" for the account does not trigger a successful rotation within 5 minutes, select the "Rotate Once Now" button in either the edit window or action dropdown to force a rotation.
Now that we’ve gone over the Credential Provider, let’s head back to the Portal and look at functionality here that we have so far
Here, we’ll see a list of Local Admins that have been harvested and synced over from the new Credential Provider.
Classifying Accounts
You can classify the discovered Local Admins by selecting one or multiple accounts, hitting the "Actions" Button and selecting "Change Account Type":
This will allow you to filter or sort by that Account Type for easy management. There are currently four account types you can classify Local Admins as:
- New - Default Account Type when Local Admins are discovered via the Evo Agent.
- End User - A Local Admin Account used by an End User.
- MSP - A Local Admin Account used by the MSP or Service Provider
- Service - A Local Admin Account used for services.
NOTE: Account Types are not assigned automatically. When discovered, they will be labelled as "New" and at that point you can select and change as necessary.
Password Rotation
There’s a bit of functionality that we can see here, such as Copying the username, as well as copying the Password or clicking the “eye” icon to reveal it (in progress)
Clicking the Edit button will reveal more options that you can enact on the Local Admin that you’ve selected.
Here, you’ll see detailed information about the account you’ve selected, as well as the ability to set a Rotation Frequency for rotating the password, the option to Rotate immediately (with Rotate Once Now) and the option to stop rotating. We also provide a password history so that Admins or Techs can view any historical data referencing this account.
If you select the checkbox infront of the account(s) in question, an action dropdown menu will display.
This gives you the option to rotate a password immediately of the selected administrators, or you can apply a rotation frequency in bulk. Clicking that button will display another modal.
Much like the edit menu, the Rotation Frequency can be saved here, as well as the Rotate Once Now button to immediately rotate the selected account(s).
Elevating into Local Accounts
An exciting feature baked into Local Account management is the ability to elevate into a local administrator account much like Elevated Access works for domain accounts (shared accounts), however you do not need to set-up and Elevated Access group. The prerequisites are quite straight-forward:
- The privileged user must have an Elevated Access license attached.
- The new 2.1.x version of the Evo Credential Provider must be installed on the endpoint.
- The local admin account(s) in question must be detected and synced to the Local Accounts tab on the Vault page.
- The password(s) of those local admin account(s) must have been rotated at least once.
After these steps have been completed, attempt an Elevated Login on the endpoint with the privileged user in question:
Once these credentials are accepted, you will receive a push notification as you normally would. Once accepted (or you enter you 6-digit OTP), you'll be presented with a list of those local administrator accounts detected by the Evo Credential Provider. Select the local administrator you wish to elevate into, and you're done!