Managing services

Many organizations use domain or local accounts to run applications such as Windows services and Windows scheduled tasks or domain accounts used for IIS application pools on computers throughout the network. For security and auditing compliance, passwords for these types of accounts should be rotated periodically, but are often left unmanaged because of the difficulty involved in updating passwords manually on multiple computers and the potential disruption of critical business services.

You can greatly improve security for the accounts used to run services by storing and managing these accounts and their passwords in the Zero Trust Privileged Access Service. After you identify the services that run using a local or domain service account you can automate password rotation without interrupting service availability.

In most cases, you add service and service account information to the Privileged Access Service by running discovery jobs that scan your network for information about computers in Active Directory domains. You can also manually add services and service accounts globally or on a system-specific basis.

For more information about managing service settings for the accounts used to run Windows services or scheduled tasks or in IIS application pools or how to configure the multiplexed accounts that are used to rotate the password for service accounts, see the following topics: