Manage Service Accounts

Manage Service Accounts

Service accounts have been a common attack vector for network breaches as their passwords are not changed for years at a time and are known by many people, even ex-employees.

Often teams are unaware of all the places their service accounts are being used. For example, a typical domain account (service account) may be used on several machines for the identity of different tasks or services. An admin, not knowing all the places that use those credentials, may be wary of inadvertently causing service outages. So service account passwords are frequently left unchanged.

Using Secret Server’s Manage Service Accounts feature admins may automatically change service account passwords on a configurable schedule.

Using discovery capabilities Secret Server will scan your network, locate where a service account is being used and update all the Windows services, Windows Scheduled Tasks, configuration files (.config, .ini, etc.), COM+ Applications, and IIS App Pools using that service account when the password is changed.

Secret Server will also automatically change the password on all the dependencies. Windows Services are automatically restarted by Secret Server to ensure that the new password takes effect. The order of the changes on the dependencies; whether they are restarted or not; and even propagation delays can all be configured within Secret Server.

The Enterprise Plus Edition supports PowerShell Dependencies

Admins can upload a custom PowerShell script that will run after a password is changed by Secret Server. Scheduled changes are then tracked and logged, providing a full audit trail for compliance and accountability.

ServiceAccountFull