Service Accounts are different from normal user accounts, in the sense that these are used by the software or services to log into the system to perform particular tasks instead of being used by the actual human users to log in. Service Accounts are founded on the principle of providing the least privileges, only enough privileges are assigned to service accounts to get the particular task done by a service or software.
Creating service accounts is easy and not very time-consuming, It is the privilege of administering and managing part of it that is complex and time-consuming. Service account passwords are often set to never expire and subsequently remain unchanged year after year. It represents a significant security risk because service accounts often have access to sensitive data and systems. But again manually fulfilling the task of service account management is counter-productive and inefficient much so when there are solutions capable of doing.
Delinea Secret Server is a Privileged Access Management solution that has capabilities to Discover, Manage, Monitor, and Audit service accounts out of the box. Delinea Secret Server not only hardens organizations’ assets security but also helps satisfy compliance and other regulatory needs. Using Delinea Secret Server you can easily discover service accounts and remotely rotate their password using an easy to navigate and intuitive UI.
Using the Delinea Secret Server RPC or Remote Password Changing can be performed on service accounts where the dependent services are automatically updated and restarted as the service account password is changed.
- IIS application pools,
- IIS application pool recycle, (The application pool recycle only recycles the specified application pool, it does not update the password of the service account running the application pool. )
- scheduled tasks,
- windows services,
- passwords embedded in text files (Example: .ini, .config),
are the dependencies supported Out-Of-The-Box.
Secret Server also allows custom dependencies. This customization is built using scripts and must be either SSH, PowerShell, or SQL executable scripts. By default, RPC uses the credentials on the secret option but a privileged account can also be assigned to the service account secret which can be used to unlock and rotate the password of a locked service account.
How SecurDI Can Help?
At SecurDI, our team of seasoned and certified professionals can help build accelerators and scripts to optimise and automate your Delinea Secret Server. We will help identify appropriate use cases, set up a roadmap, and achieve your PAM goals in an efficient and cost-effective manner.
– Authored by Suneet Singh