A privileged account is a login ID on some system which has elevated security rights -- i.e,. is able to perform more tasks and/or access more data than a regular user can do. Privileged accounts are also often shared accounts -- i.e., they do not belong to just one user, but rather are shared by multiple users, who are usually system administrators, database administrators, network managers and the like.
There are broadly three types of privileged accounts in common use:
There are accounts, often shared by multiple IT users, which are used to establish interactive logins to systems and applications. These logins are used to manage those systems -- apply patches, change configuration, manage users, retrieve log files, etc. Examples include Administrator on Windows, root on Unix/Linux, sa on SQL Server, SYSTEM on Oracle databases, and many others -- at least one per platform.
These accounts are used by one application to connect, identify and authenticate to another. Common examples include applications used by a web application to connect to a database server, object broker or directory.
These accounts provide a security context in which to run unattended processes, such as scheduled tasks, services or "daemons." In the context of this document, we are mostly concerned with the management of Windows service accounts, because -- unlike on other platforms -- on the Windows operating system, to start a process in the security context of a given account, the password for that account must be provided. This creates the need to manage passwords for service accounts on Windows (on other platforms, service accounts normally do not have a password).
Hitachi ID Privileged Access Manager secures privileged accounts on an enterprise scale: