Hi dremenyi,
I think you are separating two very related statements.
1) Yes, we would generally recommend that you use a service account to allow for passwords to be changed on Windows, when using the Windows Proxy.
2) Once 1 has been set up, you can then set up scheduled jobs (or use any other method of password change as required) from CA PAM.
Without a properly privileged account set as the running user for the Windows PAM Proxy service it would not be able to change passwords. See the doc link below for more information on this including the permissions & account types required for various situations:
Install a Windows Proxy for Credential Manager - CA Privileged Access Manager - 2.8 - CA Technologies Documentation
Let me know if you have any further questions about this.
-Chrisitan