Online Help > Getting Started

Security Checklist



To achieve the highest level of security, you should adhere to the following guidelines.



These recommendations are valid ONLY if the Devolutions Password Server instance is hosted on an intranet EXCLUSIVELY. You must involve a person with knowledge of Internet security to safely host any application on the Internet. You need to protect the site from Denial of Service attacks using an appliance or a security module that is external to Devolutions Password Server.




Use Windows Authentication exclusively.

Ensure all LDAP communication uses LDAP over SSL


SQL Server


Enable only the Windows Authentication Mode

Create a domain account that will be used to create the database (RDMOwner), as well as another account that will be used by the web server to connect to the database (RDMRunner). The latter must have only the minimal set of permissions for perform its tasks.

Communicate ONLY through an encrypted connection, please see Encrypting Connections to SQL Server


Web Server


Configure the application pool to use domain credentials. This account will be added to the SQL Server as a login and be granted only the permissions that are needed (RDMRunner).

Serve content through SSL (https). See Configure SSL