Service Account Manager is a free tool offered to customers of Zeva Inc. to ease the challenge of changing passwords for service accounts. The service accounts passwords are usually stored in Active Directory and in the service that the account is used for. Zeva's tool allows you to change the passwords in AD and the service simultaneously.
However, Service Accounts pose a challenge for password policy enforcement. These accounts are used to run services or perform scheduled tasks, usually initiated by a computer, not by a user. The initiating computer must store the password for the Service Account to initiate the service. A mismatch in the passwords stored in Active Directory and stored by the calling computer results in the service not running. And if a policy exists to lock an account after several failed attempts, the Service Account will be locked.
A password change for a Service Account must be carefully planned to simultaneously change every instance where the password is stored. What companies typically do is depend on manual records or attempt to create their own automated solution for their specific environment. To avoid the risk of operational disruption, it is not uncommon for Service Account passwords to be set to never expire, resulting in violations of compliance requirements. Zeva Service Account Manager offers help for the challenges of managing and changing Service Account passwords!
How Does Zeva Service Account Manager Work?
Zeva Service Account Manager allows you to change the passwords of Service Accounts easily and without having to worry about the new passwords in Active Directory syncing with the passwords stored in computers calling these services. You can either give the software a list of machines or point it to Active Directory and tell it to get the list of machines from Active Directory. The list of machines could be a simple text file with each machine on one line. Service Account Manager then goes through every machine, looks up which service is used by a service account, looks up which scheduled tasks is used by a service account, and then provides a list of service accounts and which services and tasks use that service.
This can be used for two main things. First off, you can use this as a reporting tool to assist you with manually changing passwords. There is a button in the tool labeled “Save Report” to make it easy. The other option is to use the magic of Service Account Manager to securely change the password for a Service Account in Active Directory and the list of services and tasks. You simply select an account, type in the old password and then enter in a new one. It is quick and simple.
Service Account manager then goes and changes the password in Active Directory. At the same time, it pauses all the services and tasks, changes the password for the account and then restarts the service. No worries. No hassle.
One important aspect of Service Account Manager is that password policies located in Active Directory still apply when adding a new password. In other words, if there is a policy set for passwords in your environment that states each password must be at least 8 characters long, then the newly typed password will have to be 8 characters long. If the user types in a password shorter than 8, the program will prompt you to choose a new password.
Another significant aspect of Service Account Manager that is significant is that it uses the multi-thread method. If a program such as Service Account Manager went through the list of machines in a sequential order, it would take hours to be presented with the data. To make the program work faster, we have set up Service Account Manager to send requests to several machines at once. The default we have it set as is 10 but you can decrease or increase this number depending on your requirements. When one of the machines returns a response, it automatically starts working on the next machine. This way, you get your results quickly.
For more information on how this tool works and see it in action, watch the following instructional video:
How do I Get and Install Zeva Service Account Manager?