Service accounts are a common attack vector for network breaches as their passwords are not changed for years at a time and are known to many people, even ex-employees.
Often teams are unaware of all the places their service accounts are being used. A typical domain account (service account) may be used on several machines for the identity of different tasks or services. An IT admin, not knowing all the places that use those credentials, may be wary of inadvertently causing service outages. So service account passwords are frequently left unchanged!
This high-risk security problem can be managed easily, and automatically
Secret Server has a feature called Manage Service Accounts which enables IT Admins to automatically change service account passwords on a configurable schedule.
Using discovery capabilities Secret Server will scan your network, locate where a service account is being used and update all the Windows services, Windows Scheduled Tasks, configuration files (.config, .ini, etc.), COM+ Applications, and IIS App Pools using that service account when the password is changed.
Secret Server will also automatically change the password on all the dependencies. Windows Services are automatically restarted by Secret Server to ensure that the new password takes effect. The order of the changes on the dependencies; whether they are restarted or not; and even propagation delays can all be configured within Secret Server.
The Enterprise Plus Edition supports PowerShell, SQL, and SSH Dependencies
Admins can upload a custom script that will run after a password is changed by Secret Server. Scheduled changes are then tracked and logged, providing a full audit trail for compliance and accountability. Admins can use SSH, SQL, and PowerShell scripts for extending Secret Server’s built in service account management capabilities.