SERVICE ACCOUNT MANAGEMENT
Secure and automate service account management with Thycotic Privileged Access Management solutions
WHAT’s the challenge
Service accounts are privileged accounts used by many different applications across IT systems. Local service accounts typically interact with a variety of Windows components which makes coordinating password changes on these accounts extremely difficult.
WHY it’s important
System administrators can easily leave passwords unchanged, and lose track of the details for service accounts. This creates a significant risk since unchanged service account passwords can be readily hacked by cybercriminals and used by malicious insiders to escalate privileges.
HOW we solve it
Thycotic delivers comprehensive Privileged Account Management and Security solutions that manage privileged account passwords while discovering and updating all dependent services.
PRIVILEGED PASSWORD SECURITY
Service accounts pose significant vulnerability
On a given day, thousands of application services run on a typical corporate network using service account passwords. These application services include Windows Services, scheduled tasks, batch jobs, Application Pools within IIS, and they often have a high level of network privilege, connecting across the network to databases, file systems, and network services.
Although recent improvements in Windows Server 2012 R2 allow access to these accounts without the use of passwords, most organizations have not yet upgraded to Windows Server 2012 R2, leaving a bulk of potential accounts at high risk for attack or abuse.
OF COMPANIES STILL MANUALLY MANAGE THEIR PRIVILEGE ACCOUNTS.
Control managed service accounts to minimize risks
Service accounts are high-risk privileged accounts used by many different applications, and system administrators struggle in properly managing these accounts. This creates a major difficulty in meeting security compliance requirements because:
- They can’t ensure strong password strength across all accounts.
- They can’t control access to service account passwords.
- They can’t change passwords on service accounts without knowing the applications that are dependent on that credential for daily operation.
Flexible security for all your service account passwords
The first step of service account management is to inventory all service accounts and where they are used. This can be done using Thycotic Secret Server’s Service Account Discovery. Discovery for service accounts needs to be an ongoing, automated process to maintain an accurate inventory because administrators may deploy new services at any time using new or existing service accounts.
Once the inventory of service accounts is complete, it is important to change service account passwords. This can be easily automated by Secret Server. Once Secret Server is configured to change service account passwords, it will automatically update all of the inventoried locations and even restart each dependent service, and execute any custom scripts needed for legacy applications, to ensure all applications dependent on the service accounts are properly updated.