Pending Review

CW Control report on computers that have stored credentials

crshovrd41 2 years ago updated by Hayden-Grant 1 year ago 6

This is a giant security gap that I have no way of knowing which computers have stored credentials. Please let us run a report to see which computers have credentials stored. 

Thank you for your request. It is important to note that the credentials are encrypted and stored locally on the end user's computer and are only accessible during that single support or access session. The password is never visible to the technician.. Given that, I don't know that we would be able to gather a list/report of machines with stored credentials, but we will review if it is possible.

Thanks @swhite.

This is helpful to know. Hopefully there will be a way to track this because Control somehow knows it has stored credentials and will allow you to send them. 

Hey there! Any update here?

It's unlikely that we'll be able to fetch this information outside of a session as the credentials are stored locally and not in the session or security database without a product change. This is a reasonable feature request and we will see what we can do in the future, but there is no guarantee when we may make this available.

I see. Well, is there some kind of script we can run to populate an EDF in Automate that determines if creds have been stored by Control? For example, when Control stores the creds, it uses some kind of well-known identifier that relates back to Control being the creator of the credentials? We can then run a monitor against that and fill in an EDF check box on which we can run a report. Long way around, but doable if it's possible to check the local computer for the credentials created specifically by Control.


Example solution for this via powershell...
Basic error handling included, add/remove to meet your needs.

Image 1135