Re: Cluster services with expiring passwords

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Carlos Felipe França da Fonseca" <carlosfelipefranca@xxxxxxxxx>
• Date: Sat, 16 Aug 2008 17:18:50 -0300

---

Meinolf,

The corporate auditing requires that service accounts have their passwords
expired in 90 days. Believe... lol
I have a two-node SQL Server clustering and I'm looking for a way to
automate the process of changing the password in Active directory and in the
service settings few days before complete 90 days.
I'm worried about have disruptions in the future if we forgot to change the
password.

Thank you for your reply,

Felipe

"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb66a69ed8cacdcad7fb6240@xxxxxxxxxxxxxxxxxxxxxxx

Hello Carlos Felipe França da Fonseca,

If your policy requires to change the passwords make sure you change them
on all places where the service account is used. Then it should still run.
For service accounts i would choose really long strong passwords and would
check "Password never expire" on the account properties. Even if there is
a policy, i would talk to the policy makers and suggest them only for
service accounts, to change them once or twice a year. Also service
accounts should only run with the minimum permissions they need. DO not
make them domain admins or equivalent.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

The corporate auditing requires that all accounts' passwords expire,
including service accounts... even clustering service accounts!!!
Does anybody know if it's possible to automate this process?
If I change the service accounts' passwords in Active Directory and
afterwards in the services settings, will I need to recycle those
services?
Thanks,

Felipe

.

---

• References:
  • Cluster services with expiring passwords
    • From: Carlos Felipe França da Fonseca
  • Re: Cluster services with expiring passwords
    • From: Meinolf Weber

• Prev by Date: 32-bit to 64-bit Print Server Cluster Migration
• Next by Date: Re: 32-bit to 64-bit Print Server Cluster Migration
• Previous by thread: Re: Cluster services with expiring passwords
• Next by thread: comprimes de achat ampicillin achat ampicillin belgique commande en ligne acquerir acheter ampicillin en France soft acheter votre achat ampicillin canada dans commande achat ampicillin corpus
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Domain Password Policy ... Create service accounts with REALLY strong passwords. ... expire, if you need to. ... (microsoft.public.windows.server.general) Service accounts with password expiration ... If I modify passwords for clustering service accounts, ... keep running with no disruption? ... (microsoft.public.security) Re: Manage user account service password ? ... it is typical to configure service accounts to have ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... an easy solution to change service passwords every 3 months for example? ... (microsoft.public.windows.server.active_directory) Re: physical security ... You do not need tools to hack the dit-db, and ipsec just helps you to ... To retrieve the passwords I'll just need to start ... To prevent him to get the other accounts ... as passwords for your service accounts you can use very ... (microsoft.public.windows.server.active_directory) Re: Set password restrictions ... created a separate OU for these accounts. ... make my service account passwords expire b/c they must authenticate from ... service accounts should have EXTREMELY long and complex ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.clustering  > 2008-08