Challenges / Solutions Service Account Passwords
Hitachi ID Facebook Page Hitachi ID Twitter Page Find us on Google+

Service Account Password Changes - Hitachi ID Privileged Access Manager

Business Challenge
Hitachi ID Privileged Access Manager Solution

On Windows systems, services are started with both a login ID and password. Login IDs used to run services are often privileged and their passwords are normally static.

Service accounts with static passwords are used by the Windows Service Control Manager, by the Windows Scheduler and in some cases by IIS (IIS can change virtual directory passwords periodically).

Static, privileged passwords constitute a security risk because attackers have an extended time window in which to guess them.

  • Privileged Access Manager can randomize service account passwords frequently -- normally every day.
  • After randomizing service account passwords, Privileged Access Manager can update the Windows Service Control Manager, the Windows Scheduler, IIS or a third party program with the new password.
  • The secondary update is fault tolerant and will be retried if it initially fails.

Using Privileged Access Manager, static service account passwords are eliminated.