BeAnywhere values top security. So, in order to increase the global protection policy of the BASE infrastructure, users can setup a Master Password on all computers where BeAnywhere Agent is installed. This is an extremely important feature that should not be overlooked, because it reduces security breaches that are related with incorrect system configurations or with the leak of BeAnywhere credentials. On machines with sensitive information or that perform important key roles on their respective networks, it is important to set up a Master Password to increase security. This feature can be used combined with locking Windows at the end of each BASE session.
To setup a Master Password, one must open the BeAnywhere Agent configuration window on the remote machine and right click on the corresponding icon, choosing the Restore option. In case the remote user is not running with Administrator privileges, the user must click on the Manage option. Once clicked, a message will pop up, warning the user that the configuration program will have to be restarted with Administrator permissions. By selecting Yes, a Windows UAC prompt will be showed, and, if the process is completed properly, the program will restart. When the program is restarted, the user must click on the Security option.
On the new window, BeAnywhere offers the user three different types of authentication for that particular computer, such as None, BeAnywhere Password and Windows Account. The first option, None, will disable the feature and, by default, the computer will be accessible by all the technicians that can access unattended computers. As another layer of security, BeAnywhere locks Windows at the end of each remote support session. The second option, BeAnywhere Password, allows users to choose a password with at least 8 characters, including letters, numbers and symbols. The last option available, Windows Account, uses Windows authentication, allowing the session to be authorized on the basis of a valid local or domain based Windows account. As always, BeAnywhere wishes to provide the most secure solution, so only accounts which already have a profile created on the local machine will be properly authenticated.
The user can also permit restricted accounts to login to the server, however, by leaving this option unchecked, only local or domain administrators can login to the computer through BeAnywhere.