Service account management

Owned by Anonymous
Last updated: Feb 10, 2016 by Max Pinion (Deactivated)
2 min read

One of the challenges in password policies is managing domain user service accounts. Service accounts are the credentials with which a service logs on and is typically configured as the Local System account. For services that need access to Active Directory resources, a domain user can be configured. Local Security Solution can be used to automate the identification of services running with domain user service accounts, change the password on service accounts, and update service configuration.

Steps for configuring service account management:

  1. Configure Active Directory credentials in the Symantec Management Platform
  2. Configure Active Directory Domain resource(s)
  3. Synchronize Active Directory resources
  4. Run a Windows Service Inventory
  5. Reporting on services with domain users
  6. Change service account passwords
  7. Reconfigure services

Configuring Active Directory credentials and domains

Follow the steps in Active Directory Domains to configure Active Directory Credentials and Domains.

Synchronize Active Directory resources

Follow the steps in Synchronize Active Directory to import users and groups from Active Directory for use with Arellia products. This task should be schedule to run periodically to import new users and groups.

Windows services inventory

A Windows services inventory will run via policy as configured at the Configuration tab under Settings > Agents/Plug-ins > Arellia > Local Security > Local Security Agent Configuration > Windows Service Inventory Policy.

A Windows services inventory can also be run manually via the Inventory Windows Services task. This policy or task will identify Windows services on computers and the Log On user.