Financial services client undergoing SOC 2 audit. Auditor asked: "Can you prove no plaintext passwords are stored on employee workstations?" Client had password manager deployed, but couldn't prove users weren't also keeping passwords in Excel files or text documents. Needed to scan 67 endpoints.

Even with password manager policy, users create "backup" files. These files are goldmines for attackers with endpoint access. SOC 2 requires demonstrating control over credential storage.

Deploy scan across all endpoints to find files with password-related names. Uses Windows Search index for speed, falls back to filesystem traversal. Reports findings to RMM or sends alerts.

Scans all user profile directories. Excludes system folders and application caches. Reports full path, file size, and last modified date for each finding.

Scan completed in 12 minutes across entire fleet. Found 23 files, 8 contained actual credentials (banking logins, vendor portals, shared service accounts). Worked with users to migrate to password manager and securely delete files. Provided auditor with remediation report.

This script identifies potential credential exposure but does not read file contents. Review findings manually to confirm actual credential storage. Handle results as sensitive data - findings themselves reveal security gaps. Securely delete password files after migrating to proper credential management.

Preparing for compliance audit? We perform security assessments that identify credential exposure and policy violations.