The Self-Service feature allows you to specify individual computers that a user will have permission to retrieve the Administrator password for.
For information on defining Self Service users see Managing a User’s Self Service Computers.
If a user has Self Service computers assigned to them, they will receive an additional menu item (note: if the user has no other Active Directory permissions, then the Browse button will not be available to them).
Computers can be assigned to users in one of two ways when setting up Self Service for that user/group:
- By manually and individually adding the computers,
- By checking the Include Computers Managed by the User(s) checkbox.
The latter option will allow the user (or member users if it is a group) to access the passwords for computers which they are identified as the owner of through the Active Directory “Managed By” option.
For more information about setting up Self Service users/groups, see Managing a User’s Self Service Computers.
When they log in, or click Self-Service menu button, the user will be shown their list of Self-Service computers and a button for displaying the current Local Administrator password.
All the user needs to do is click the View Password button to display that computer’s password.
If the Self Service user has the option checked to require Authorisation, then they will follow the same procedure as regular users requiring Authorisation (see Requesting Permission to Access a Password).
If the Self-Service access granted to the user has an expiry date and time, this will be displayed to the user.
Note that Self Service users cannot manually expire computer passwords. However, Rate Limits still apply and anyone monitoring the computer’s container will receive a Notification that the password has been read.