Enterprise computer systems typically include numerous machines or computer devices, such as server computers, network computing devices, end-user computer devices associated with numerous users, and other computer devices capable of accessing an enterprise's computer system. The users associated with an enterprise computer system may be associated with one or more accounts, and the user accounts may vary in the type or nature of access to system resources that may be permitted for a user within the computer system. The machines in an enterprise computer system may also include one or more accounts, some of which may be user accounts uniquely associated with the machine. The machine and/or user accounts may be assigned or associated with an authentication credential (e.g., password, key, token) used to authenticate the machine and/or user of the machine to enable access to local resources of the machine and system resources controlled or managed by the enterprise computer system. The machine may be configured to enforce or provide local authentication procedures for the accounts associated with the machine (e.g., local logon) based on a credential associated with a user, as well as to enable or support subsequent authentication procedures required by the enterprise computer system.
Many enterprise computer systems include technologies to authenticate machines and users accessing resources of an enterprise computer system, including accounts associated with the machines and users. Some enterprise computer systems may include, for example, systems for implementing enterprise-wide policies for controlling or managing accounts and authentication credentials associated with accounts, as well as for managing access to network resources. An enterprise-wide policy may define requirements for authentication credentials, such as a length of a password, or a requirement to periodically change the password. In some enterprise computer systems, a user credential used for a local logon process at a machine may also be used to access other computer system resources including information or functionality sensitive to an enterprise. Some machines may also enable local access to sensitive information on the machine. Thus, some enterprise computer systems also manage the use or provisioning of authentication credentials of one or more machines and for users of those machines to ensure sufficient security measures are implemented.
Enterprise computer systems commonly include a network administrator having privileges allowing it to access and control the plurality of machines associated with the enterprise computer system. In some systems, a network administrator may manually access a machine using a privileged or superuser/root/administrator account. Requiring a superuser to manually access machines of a computer system is not practicable, however, for managing large, complex computer systems. Indeed, due to the numerous varying types of applications, machines, and user accounts that may be implemented in an enterprise computer system, and the frequency with which the machines may change and new machines may be added to the computer system, significant complications arise when trying to manually manage policies and access for the varying types of machines and accounts.
Thus, there is a need for technological solutions to enable automation of at least some aspects of account and credential management of machines in computer systems. In particular, there is a need for technological solutions to ensure that the numerous machines in a computer system are configured according to an appropriate enterprise policy for its accounts and, moreover, there is a need for technological solutions to automate processes for updating or changing authentication credential policies and authentication credentials for each of the numerous machines and users of the computer system. Because different machines may require unique protocols for effecting an update of an account or an authentication credential of the machine, and because different accounts associated with a machine may have different credential requirements, there is also a need for technological solutions to autonomously identify or determine the various authentication credential policies and protocols for the different machines and accounts to thereby enable the automated processes for managing and controlling accounts and authentication credentials for the accounts.