Some time ago when CA was helping us solve an issue with password rotation. We were informed that a best practice would be setting up a service account to rotate passwords; rather than, a scheduled job within the CA application.
Can we get some information based on that best practice?
Can you confirm that you are using CA Server Automation? This is the community for CA Server Automation. If not, can you confirm which product you are asking this question for? Based on that I will get this thread to the appropriate community.
Dakota -- can you confirm which product you're using?
Hi all "Privilege Access Manager" - PAM.
Changed to proper community.
I think you are separating two very related statements.
1) Yes, we would generally recommend that you use a service account to allow for passwords to be changed on Windows, when using the Windows Proxy.
2) Once 1 has been set up, you can then set up scheduled jobs (or use any other method of password change as required) from CA PAM.
Without a properly privileged account set as the running user for the Windows PAM Proxy service it would not be able to change passwords. See the doc link below for more information on this including the permissions & account types required for various situations:
Install a Windows Proxy for Credential Manager - CA Privileged Access Manager - 2.8 - CA Technologies Documentation
Let me know if you have any further questions about this.