Symantec Privileged Access Management

Expand all | Collapse all

Best Practice on Password Rotation?

  • 1.  Best Practice on Password Rotation?

    Posted 01-06-2017 02:22 PM

    Some time ago when CA was helping us solve an issue with password rotation. We were informed that a best practice would be setting up a service account to rotate passwords; rather than, a scheduled job within the CA application. 

     

    Can we get some information based on that best practice?



  • 2.  Re: Best Practice on Password Rotation?

    Posted 01-06-2017 04:36 PM

    Hello,

     

    Can you confirm that you are using CA Server Automation? This is the community for CA Server Automation. If not, can you confirm which product you are asking this question for? Based on that I will get this thread to the appropriate community.

     

    Thanks,
    Gregg



  • 3.  Re: Best Practice on Password Rotation?

    Posted 01-10-2017 11:53 AM

    Dakota -- can you confirm which product you're using?



  • 4.  Re: Best Practice on Password Rotation?

    Posted 01-18-2017 11:10 AM

    Hi all "Privilege Access Manager" - PAM.

     

    Thanks! 



  • 5.  Re: Best Practice on Password Rotation?

    Posted 01-19-2017 10:09 AM

    Changed to proper community.



  • 6.  Re: Best Practice on Password Rotation?

    Posted 01-25-2017 09:29 AM

    Hi dremenyi,

     

     

    I think you are separating two very related statements.

     

    1) Yes, we would generally recommend that you use a service account to allow for passwords to be changed on Windows, when using the Windows Proxy.

    2) Once 1 has been set up, you can then set up scheduled jobs (or use any other method of password change as required) from CA PAM.

     

    Without a properly privileged account set as the running user for the Windows PAM Proxy service it would not be able to change passwords. See the doc link below for more information on this including the permissions & account types required for various situations:

     

    Install a Windows Proxy for Credential Manager - CA Privileged Access Manager - 2.8 - CA Technologies Documentation 

     

    Let me know if you have any further questions about this.

    -Chrisitan