Solving the Service Account Management Challenge

One of the most daunting challenges for IT professionals is managing service accounts. These are the privileged accounts that run automated business processes and are used by applications, not people. They can be stored in services, tasks, COM objects, IIS, SharePoint, databases and applications.

A single service or process account may be referenced in multiple places. Since these accounts are interconnected, a password change can potentially lock out the account and cause cascading system failures if performed incorrectly. Knowing this, many organizations simply choose to ignore the issue, rather than risk downtime.

To manually change these credentials, you have to identify everywhere the service account is in use. But that’s only half the battle. You must also change the service account password wherever it is used.

Continuous Auto-Discovery of Service Accounts

BeyondTrust Privileged Identity can rotate service account credentials without interrupting systems and causing downtime.

Privileged Identity is able to discover every location throughout the network that a service account is referenced. And it can dynamically discover service account enumeration prior to changing service account passwords every time it executes a password change job.

In large enterprise environments, with thousands of service accounts, Privileged Identity removes the need to dedicate massive amounts of time and resources to manually maintain a catalog of managed services.

Propagation of Service Account Credentials

BeyondTrust Privileged Identity can propagate new service account credentials to all places where they are used. Discovery occurs every time the password change job runs to ensure that the items managed are up to date.

With Privileged Identity's comprehensive accuracy and coverage you can avoid the systems failures and downtime caused when service accounts are not updated with the newly changed password.

Pooled Account Rotation

BeyondTrust Privileged Identity also features industry-unique pooled account rotation. This capability prevents service disruptions that occur when systems become unreachable during password change jobs because of network issues or systems maintenance events.

When you create a password change job you can configure an "account pool" containing any number of accounts you choose. From then on, when your password change job runs, it advances through the accounts in the pool — leaving previous passwords in the pool unchanged until it’s eventually their turn to be randomized and propagated.

Any systems that can’t be reached during a password change job can still reference previous valid credentials from the account pool. This prevents service disruptions and lockouts triggered by network latency, system downtime, and other issues — even when target systems are unreachable.