AnsweredAssumed Answered

Privileged Accounts and Automatic Password Reset

Question asked by oztoz01 Employee on Jul 10, 2015
Latest reply on Jul 21, 2015 by oztoz01

Automatic resetting of shared account passwords (on the schedule defined in the password policy) seems to be working only if the account is checked out / checked in previously.

 

Recently I've imported a set of endpoints and noticed the passwords are not being changed automatically. The event *does* fire and the task runs, but skips the accounts if they never have been checked out/in. On the ACCOUNT_PASSWORD table, I've observed that various fields are NULL, including:

 

PASSWORD_LAST_MODIFIED_BY

PASSWORD_LAST_MODIFIED_DATE

PWDCHG_INIT_BY_TASK_ID

 

This is for the accounts I've mentioned, those never been checked out/in. For other accounts these fields have values and their passwords are being changed on the schedule defined in their policy. Using the "Automatic Password Reset" task should work, but it does not allow if there's multiple accounts chosen. Gives the error:

 

"The endpoint administrative account ***** cannot be selected with other accounts for this task. Please deselect it."

 

However, it's fine if you select only one. So is this an expected behaviour, or am I missing something? I've not been able to find detailed information about the process.

Outcomes