On Windows systems, services are started with both a login ID and password. Login IDs used to run services are often privileged and their passwords are normally static.
Service accounts with static passwords are used by the Windows Service Control Manager, by the Windows Scheduler and in some cases by IIS (IIS can change virtual directory passwords periodically).
Static, privileged passwords constitute a security risk because attackers have an extended time window in which to guess them.
Using Privileged Access Manager, static service account passwords are eliminated.