There are two main password management issues when passwords are required to perform automated or administrative tasks in services or scripts without user interaction:
- Passwords that are hard-coded into scripts are vulnerable to any user who can open the script can see the password displayed as plain text.
- Passwords that are changed periodically to adhere to an organization’s security policies require all scripts to be updated periodically to set the new password.
With Privileged Access Service, you can address both of these issues by doing the following:
- Download the Centrify Client package.
- Identify the computer’s service account passwords that need to be stored securely.
- Identify which client computers are allowed to access the stored server account passwords.
- Enroll the server and client computers as systems in the Privileged Access Service.
- Grant the Agent Auth permission to the local and service user accounts that are allowed to access the stored and managed account passwords.
- Modify or create scripts on client computers to replace plain text passwords with calls to the cgetaccount command included in the client package.
For more information about managing passwords used to access services and in scripts, see the following topics: