Overcome the Perils of “static” System Passwords

Windows Service Accounts are used by system programs to run application services and processes. These often possess privileges higher than normal user accounts, at times excessive for their needs. The result is very powerful accounts running critical business processes and services which many third-party applications, scheduled tasks or processes might also make use of, resulting in complex interdependencies.

In many production networks, it is not uncommon to find service accounts with “static” credentials. Service accounts are normally forgotten after the initial configuration. Passwords are not changed for ages due to the sheer complexity of the service account password reset process. The new password has to be updated in all the associated services or processes. Otherwise, many services will simply not work. Unless the administrator follows the best practice of meticulously maintaining a master list of all service accounts, their dependencies and associations, changing service account passwords will prove to be a formidable task.

Static service accounts make the enterprise a haven for hackers.

Malicious programs and hacking tools can decipher the service account credentials and wreak havoc on your network. Windows Security Experts often say: “service accounts are one of the simplest ways to turn a compromise of one computer system into a compromise of an entire network”.

Properly managing the credentials of Windows Service Accounts is one of the crucial aspects of protecting the Windows Network.

Manual efforts to achieve this is not only time-consuming and mind-boggling, but also error-prone. The best way to ensure security is to automate the Windows Service Account password management. ManageEngine Password Manager Pro helps achieve this with ease.

Password Manager Pro has the ability to identify the service accounts associated with a particular domain account. While resetting the password of a domain account managed in Password Manager Pro, it will find the services which use that particular domain account as service account. Then it will automatically reset the service account password when the domain password is changed. In certain cases, services corresponding to the service accounts require to be restarted for password reset to take effect. The windows service account password reset feature of Password Manager Pro helps achieve this precisely, and is fully automated.

You can create scheduled tasks to change the passwords of domain accounts and their associated service accounts in fully automated fashion, in accordance with the IT policy of your enterprise. You need not worry about the service account dependencies.

Click here to learn more about Password Management & Remote Password Reset. For further information, contact our ManageEngine Team today.

Soft Solutions Sales
Phone: 0-9-306 0450, Freephone: 0-800-733 233

Me logo