Re: Service Account Passwords
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 11/29/05
- Previous message: Paul Adare: "Re: Service Account Passwords"
- In reply to: J Burford Fields: "Service Account Passwords"
- Next in thread: J Burford Fields: "Re: Service Account Passwords"
- Reply: J Burford Fields: "Re: Service Account Passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 29 Nov 2005 10:14:51 -0500
The service has to the changing. For IUSR for instance the IIS service manages
the password, you can actually turn that capability off if you want and people
do do it if they have multiple instances of IIS on different machines running
under the same ID. If it changed in that case, only one instance would work.
Also note that IIS actually doesn't run as IUSR, it launches specific processes
as ISUR or others as necessary. Normally it runs as one of the non-userid
security contexts like localsystem.
You also mention the kerberos account. The KDC runs as localsystem as well. The
krbtgt ID is used by the KDC service but is never logged into. The password is
never changed and in fact the account is disabled.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net J Burford Fields wrote: > Are service account passwords managed and changed automatically like > IUSR_MachineName? Or should one change their passwords periodically? > I'm thinking the former, but do not recall seeing it in writing. > > tia >
- Previous message: Paul Adare: "Re: Service Account Passwords"
- In reply to: J Burford Fields: "Service Account Passwords"
- Next in thread: J Burford Fields: "Re: Service Account Passwords"
- Reply: J Burford Fields: "Re: Service Account Passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
