16. Self Service

The Self-Service feature allows you to specify individual computers that a user will have permission to retrieve the Administrator password for.

For information on defining Self Service users see Managing a User’s Self Service Computers.

If a user has Self Service computers assigned to them, they will receive an additional menu item (note: if the user has no other Active Directory permissions, then the Browse button will not be available to them).

Accessing Self-Service
Accessing Self-Service

Computers can be assigned to users in one of two ways when setting up Self Service for that user/group:

  1. By manually and individually adding the computers,
  2. By enabling one of the options in the Managed by tab.

The latter option will allow the user (or users if the OVERLAPS user is a group) to access the passwords for computers which they are individually identified as the owner of through the Active Directory “Managed By” option.

Note that adding a group as the Managed By value in Active Directory will not currently display those computers for a member of that group, this is a limitation of Active Directory which we are currently searching for a workaround for.

For more information about setting up Self Service users/groups, see Managing a User’s Self Service Computers.

When they log in, or click Self-Service menu button, the user will be shown their list of Self-Service computers and a button for displaying the current Local Administrator password.

Self-Service Computer
Self-Service Computer

All the user needs to do is click the View Password button to display that computer’s password.

If the Self Service user has the option checked to require Authorisation, then they will follow the same procedure as regular users requiring Authorisation (see Requesting Permission to Access a Password).

If the Self-Service access granted to the user has an expiry date and time, this will be displayed to the user.

Note that Self Service users cannot manually expire computer passwords. However, Rate Limits still apply and anyone monitoring the computer’s container will receive a Notification that the password has been read.