Previous Topic: What Happens During the Break Glass ProcessNext Topic: Types of Password Consumers


Password Consumers

Password consumers are applications, Windows services, and Windows scheduled tasks that use privileged accounts and service accounts to execute a script, connect to a database, or manage a Windows service, scheduled task, or RunAs command. Service accounts are internal accounts used by Windows services. For example, Windows services may use the NT AUTHORITY\LocalService service account to log in to the operating system.

Password consumers let you remove hard-coded passwords from application scripts and enforce a password policy on an endpoint. For example, you can create a password consumer for each scheduled task on a Windows endpoint, and specify that each password consumer uses the same password policy. SAM will then change the password of each scheduled task at the interval specified in the password policy.

SAM provides privileged account passwords to password consumers in the following ways: