Use-case 19: Do You Monitor Your Service Accounts In Your Active Directory

Use-case 19: Do You Monitor Your Service Accounts In Your Active Directory

Service accounts are dedicated Active Directory accounts used to manage Windows Services. Based on the service account, the service has privileges over applications, resources and network access. A service account is created and added to a few administrative groups, following the principles of least privilege. (least privilege means giving the minimum or least of permission to the account. For example, an service that performs replication would not require access for installing softwares).

A few facts on service accounts,

1. The are three types of service accounts, local system account, a dedicated user account and managed service accounts.

2. A local system account is an inbuilt account that is a part of the local administrators group. It access network resources with the credential of the host machine and has unlimited access to local resources. If LSA is compromised, it can provide access to malicious user and make changes on the security aspects of a service, run a bug, damage the system. Imagine, if such service accounts run applications on the DC, they can bring the entire enterprise network down.  

3. Running services with a dedicated user account is far better than the LSA. However, user account needs too be administered with the right privileges and the right groups to run the service. In this way, if the account is compromised, we can minimize the damage as the user will have limited access rights. Like any user account, there would be password expiry and hence, the service will not function. Also, the service would redundantly try to authenticate causing the account lockout and eventually, failure of other services linked with this account. 

4. Managed Service Accounts is a feature introduced in the Windows 2008 Server Edition. They behave like a user/computer account and their passwords are automatically managed and reset. 

ADAudit Plus provides reports on services running on a specific computer, on a real-time basis, with information pertaining to the service, service account, service status.

Step 1: Kindly go to Reports --> User Management --> User Services.

Choose the Domain,  and  Computer.(this would give me the list of service on that computer and their info.)

Choose the User and a few Computers.(this would give me the list of services and their info., a user is authenticated to run from the selection of computers.

 

#TheAD+Experience
Shane Clinton
ManageEngine ADSolutions Team
Direct
: +1 408-916-9891

Toll Free
: +1888-720-9500          
How To | Forum | File Permission Management
   
ADManager Plus | ADAudit Plus | ADSelfService Plus | Exchange Reporter Plus | Recovery Manager Plus | AD360

              New to ADManager Plus?

                New to ADSelfService Plus?