Service Accounts are internal accounts used by Windows services. These services provide core operating system and other functionality to the computer. You can protect these services from potential attacks by managing the service account passwords from CA ControlMinder Enterprise Management.
You can discover service accounts that manage services and scheduled tasks on Windows Agentless endpoints. Discovering service accounts lets you create multiple service accounts in CA ControlMinder Enterprise Management at the same time and assign password consumers to the service accounts. If you do not want to create password consumers for the service account, use the Create a Privileged or Service Account task to create the service account.
Note: To discover privileged accounts, use the Discover Privileged Accounts Wizard.
The Discover Service Accounts Wizard does not discover all the services on the endpoint. It discovers only services that are run by accounts for which you can change the password. For example, CA ControlMinder Enterprise Management discovers services that are run by your computer Administrator account or domain accounts, but does not discover services that are run by the NT AUTHORITY\Local Service account.
Follow these steps:
Note: Specify the user domain only if the administrative account is from a different domain than the domain in which the accounts reside.
The Discover Service Accounts Wizard can now discover service accounts that are domain accounts.
The Discover Service Accounts Wizard window opens.
Note: The value of the Endpoint Type field is Windows Agentless because SAM manages service accounts only on Windows Agentless endpoints.
A list of service accounts that match the filter criteria appears, and a list of Windows services and scheduled tasks that use the service accounts. If the wizard discovers an account from an unknown domain, a warning message appears.
Note: The process may take some time to complete. The services and scheduled tasks are listed in the Password Consumer column. The icons in this column let you see at a glance which password consumers are services and which are scheduled tasks.
The General Account Properties window appears.
The Summary window appears.
CA ControlMinder Enterprise Management submits the task and adds the service accounts if there are no errors. After CA ControlMinder Enterprise Management adds the service account, it automatically creates a password consumer for each service and scheduled task that you selected. You can use the appropriate password consumer task to view and modify the password consumers.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|