Secret Server allows users to automatically change service account passwords on a configurable schedule. Secret Server will scan your network and find where a service account is being used and update all the Windows services, Windows Scheduled Tasks, configuration files (.config, .ini, etc.), COM+ Applications, and IIS App Pools using that service account when the password is changed. The Enterprise Plus Edition supports PowerShell Dependencies. An admin can upload a custom PowerShell script that will be run after a password is changed by Secret Server. Scheduled changes are then tracked and logged, providing a full audit trail for compliance and accountability.
Teams often don't know all the places that their service accounts are being used.
For example, a typical domain account (service account) may be used on several different machines
for the identity of different tasks / services. An admin attempting to change the password for a
particular service account may not know all of the places that use those credentials. This
makes service accounts less secure, as they are changed infrequently by admins wary of inadvertently
causing service outages.
Service accounts have been a common attack vector for network breaches since their passwords are
not changed for years at a time and are known by many people (even ex-employees).
Secret Server uses discovery capabilities to scan the network to locate any dependent services. When
the service account's password is changed, Secret Server will automatically change the password on all
the dependencies. Windows Services are automatically restarted by Secret Server to ensure that they new
password takes effect. The order of the changes on the dependencies, whether they are restarted and
even propogation delays can all be configured within Secret Server.
Next Role Based Access Control