(Feature available only in Premium Edition)
Windows Service Accounts, used by the system programs to run application software services or processes often possess higher or even excessive privileges than normal user accounts. These are indeed very powerful accounts that run critical business processes and services. Many third-party services or scheduled tasks or processes might make use of the same service account, resulting in a complex interconnection.
Typically, specific windows domain accounts are used as service accounts in services running in Windows servers, that need network access. Password Manager Pro has the ability to identify the service accounts associated with a particular domain account. While resetting the password of a domain account managed in Password Manager Pro, it will find out the services which use that particular domain account as service account. It will automatically reset the service account password when the domain password is changed.
In certain cases, you will require to restart the services for the service account password reset to take effect. The windows service account password reset feature of PMP helps achieve this precisely, fully automated.
For every Windows domain account for which the service account reset is enabled, PMP will find out the services which use that particular domain account as service account, and automatically reset the service account password if this domain password is changed.
Prerequisite: Before enabling windows service account reset, ensure if the following services are enabled in the servers where the dependent services are running:
(1) Windows RPC service should have been enabled
(2) Windows Management Instrumentation (WMI) service should have been enabled
Work flow Summary: Setting up Windows Service Account Password & Scheduled Task Password Reset
For enabling Windows Service Account Reset, you need to do the following:
Now, when the domain account password is reset
Add the Domain controller as 'Windows Domain' resource type. Make sure that you specify the DNS name and Domain name.
Add the domain administrator account to this 'Windows Domain' resource.
Add the service account which is used as logon account to this 'Windows Domain' resource.
Add each machine in which services are running as individual resource with resource type 'Windows'.
Create a resource group which contains all these windows machines. For example: Service Account group.
Click "edit" button of the 'Windows Domain' resource and select the domain administrator account which you added in the 'Supply credentials for remote synchronization' section. Refer to the screenshot below:
Click "edit" of the service account and move the resource group which you created to the box on the right side and save. Refer to the screenshot below:
Check the checkbox for service account which you added in the 'Windows Domain' resource and click on the service account tab-> select Supported service accounts tab. Services which uses this service account as log on account will be listed. When you reset the password, it will be reset in the service running in the remote machine as well.
In certain cases, there would be requirements for stopping and starting the services during domain account reset. In such cases, through "General Settings" you can configure PMP to wait for a specified time period (in seconds) between stopping and starting the services. By default, PMP waits for 60 seconds. You may configure it in accordance with your needs.
For any windows domain account (for which you have enabled Windows service account reset), you can view the list of associated service accounts, scheduled tasks and information on whether the service accounts and scheduled tasks were reset upon the corresponding domain account reset.
To view this information,
Go to "Resources" tab click the name of the resource
Select the domain account of the resource for which you wish to know the status of service account reset
Click "Service Account Status"
(1) Whenever the password of the domain account is changed, the windows service account associated with it will also be changed. In case, you have created schedules for rotating domain accounts, the service account reset will also follow the schedule.
(2) Once you create Windows Service Account Reset, the passwords of the Windows scheduled tasks associated with the service accounts will also be reset.
© 2014, ZOHO Corp. All Rights Reserved.