2ndAuth - Authentication for Shared Accounts
For PCI DSS compliance, as well as other policies and regulations, systems are often required to uniquely identify the individuals accessing the system. This is usually read as requiring individual accounts, and an absence of shared accounts.
For service accounts, though, this is generally infeasible - services will often need to be administered and configured by a person logged on to the service account, and then the service will run unaided in the background. For each service, there are normally several administrators and operators who may interact with, and configure, that service.
So we came up with the idea of 2ndAuth - a second authentication step to be applied to shared accounts.
Simple in its operation, this program waits for logons whose name matches your chosen criteria (begins with "shared", or contains "svc", for example), and in between the logon and starting up the shell, inserts its own dialog, asking for authentication from a non-shared account. This second authentication is logged in the Windows Event Log, so that an audit will disclose who was logged on for access to the shared account. Also logged are attempts to log on to the shared account where the second authentication was not performed.
Supported platforms: Windows XP, Windows 2000, Windows Server 2003.
Coming Soon: Windows Vista and Windows Server 2008.