ControlUp supports saving credentials for future reuse. The Credentials Store tab of the Settings window can be used to configure, validate and edit saved credentials.
Scenarios for Utilizing Saved Credentials
There are several ways in which ControlUp utilizes saved credentials:
- AD Domain Connections may be configured to use a saved set of credentials. This is useful in case your environment includes several AD domains or forests which require different credentials. When an AD connection is configured with a set of saved credentials, those credentials will be utilized when deploying or manipulating ControlUp Agent instances on computers from the respective domain or forest. For more information on AD connections, please refer to this page.
- Some management actions support choosing a set of saved credentials when executing the action. For example, when using the “Run Process As” action to execute a process on a managed computer, you can select a set of credentials to use when launching the process.
- Remote Desktop connections can be configured to use a saved set of credentials, both individually by using the connection properties, and for entire folders. For more information, please refer to the Remote Desktop Pane section.
- When configuring a hypervisor connection, saved credentials are mandatory for enabling data collection from the virtualization layer. Additionally, all ControlUp users need to save the same service account credentials in their credentials store in order to enable data collection from the hypervisors. For more information, please refer to the Connect to the Virtualization Infrastructure section.
Sharing Credentials between ControlUp Users
Your saved credentials are stored securely in your Windows user profile directory and are accessible solely using your own Windows user account, even when using shared configuration or when copying your ControlUp settings to another user.
In online ControlUp environments, credentials stay personal and are never sent to the cloud services or shared with other users. In offline environments, when the centralized configuration feature is not available, sharing the configuration tree and other organization-wide settings between ControlUp users is achieved by copying the %AppData%ControlUp folder between colleagues. It is important to note that this operation does NOT transfer saved credentials between users. When your colleagues start ControlUp with the %AppData%ControlUp copied from your user profile, they will be prompted to reconfigure all saved credentials.
ControlUp Monitor and Saved Credentials
If a ControlUp Monitor instance is configured in your organization, please note that its configuration needs to include saved credentials. They are required in order to access all managed computers in your environment. For more information, please refer to the ControlUp Monitor section.
Local Computer Credentials
When saving a set of credentials, the domain drop-down allows you to select the “Local Computer” option in order to save non-Active Directory credentials. Use this option in the following scenarios:
- You would like to save a username and password for a local (non-domain) Windows user. These credentials can be used for Remote Desktop connections and for management actions that do not require domain access.
- Your environment includes a hypervisor connection that requires the use of non-Windows credentials (e.g. XenServer root account).
- You regularly connect using Remote Desktop to computers which belong to third-se Active Directory domains, the domain controllers of which are not accessible from your local network. For example, consider an off-site server which belongs to AD domain external.com, for which you have valid AD credentials. You cannot save a set of credentials for the external.com domain in ControlUp, because the DCs for that domain cannot be accessed from your local network in order to validate those credentials. As a workaround, you can pick “Local Computer” from the domain drop-down and enter external.comusername in the User field. This way, the credentials set will be treated as local and will be saved without undergoing local validation.