Kaseya Community

Secret Server and Remote Control Integration

This question is not answered

Hi guys,

We have Kaseya on premise on patch version, and we use the remote control feature as our primary remote control method.

Recently we've also purchased a product called Secret Server (SS) by Thycotic. This is also on premise. If you haven't used SS before, it's a central, enterprise password management tool that's web-based.

The Tl;DR version of this post is:

Can I pass parameters to the Kaseya remote access executable? E.g. Can I run the "Kaseya remote control.exe" executable with a host, username and password parameter on it? Are there ANY integration options such as an API or similar?

Background / explanation

Out of the box, SS comes with two "launchers" - RDP and PuTTY. From the end users perspective (as in the Servicedesk), you find a credential in SS, and depending on the secret type, can click RDP or PuTTY. When you click the icon, you are prompted for the IP/Hostname of what to connect to, and SS downloads PuTTY/RDP locally with the connection string built-into the RDP/PuTTY client that includes the credentials. Essentially I click the icon, and I'm connected using PuTTY/RDP to the host automatically without entering credentials. SS support any executable to be launched in this manner and has it's own variables I can pass to the executable to generate a connection string.

There are two ways to "integrate" SS with other products:

You can link into the web UI using static URL's (that points to a 'folder' such a whole customer or to an individual secret) that hides a lot of the UI elements such as header and footer. This allows a secret or a list of secrets to be visible in other applications that allow in-line iframes. I believe a K competitor (LabTech) has a "page" on the customer window that uses this iframe method to present a list of secrets for a customer within the RMM/PSA tool.

The other method, which is preferable, is to add a "launcher" into Secret Server. For example, you can add WinSCP as a launcher by uploading the winscp.exe to SS and create a launcher for it. The launcher is simply the executable that was uploaded, and then process arguments. For example:

Process name: WinSCP.exe
Process arguments: "$USERNAME":"$PASSWORD"@$MACHINE

Then when my secret template type is WinSCP, and I create a secret, I can click the WinSCP icon in the secret and 2 seconds later WinSCP is launched and should automatically be connected to the hostname stored in the secret using the credentials passed through.

So my question is, based on the above, can I do anything with the Kaseya remote control application? We have a lot of clients on our routing domain, which means we can RDP (which is my personal preference - with passthrough authentication, drive and printer redirection, better resolution and of course - copy and paste!), but about 1/2 of our clients are not on our routing domain, meaning we only have Kaseya remote control as the sole method to access their systems.

If there is a way we can get some integration between K and SS it would be a HUGE benefit for us!

Thanks - Steve

All Replies
  • Hi Steve,

    SS has an API for extracting credentials, so this data can be exposed - and you could store credentials in an encrypted view in ksubscribers - and then use an agent procedure to query the view to extract the username/password pair for passing to the managed machine.  However in my environment too many people  have access to the production DB environment and so in theory it would be possible for someone to decrypt the view and obtain all credentials in one hit - which was not a viable solution for us.