SharePoint 2010 New Feature: Managed Accounts

The following is an excerpt from the third issue of the SharePoint 2010 Beta series of USP Journal:

Another new feature of SharePoint 2010 is managed accounts. Consider having an application pool account, for example called DOMAIN\sp_user. You use that account for a large amount of web applications. Imagine the pain when changing the password for that account; you would need to go into each and every web application and reset the password after the change, not to mention that the applications you haven’t changed yet will stop working.

SharePoint 2010 introduces the managed account. In short, rather than specifying the user name and password on every occasion, you create a managed account and set the password there. Then, when you need to enter a user account you simply select which managed account to use and you don’t need to know the password.

This also allows farm administrators to set up the service accounts so that others do not need to know the password for the account.

Oh, but there’s more. Service accounts are usually left out of the password expiry policy for the very reasons stated above. However, this is a bad security practice, because the password for such service accounts is often weak or known by multiple people. Keeping a password unchanged for years also means that an attacker would have more time to break the password encryption.

So, SharePoint 2010 also introduces automatic password change. Simply set the managed account to change the password a number of days before the password expires, and SharePoint will keep and maintain the password for the service account without you having to do anything.

You can also set up alerts so that you are notified before the password expires, and what’s even better, SharePoint will automatically detect password expiration policies that are defined for you.

Neat? Methinks so…

.b

Found this article valuable? Want to show your appreciation? Here are some options:

a) Click on the banners anywhere on the site to visit my blog's sponsors. They are all hand-picked and are selected based on providing great products and services to the SharePoint community.

b) Donate Bitcoins! I love Bitcoins, and you can donate if you'd like by clicking the button below.

c) Spread the word! Below, you should find links to sharing this article on your favorite social media sites. I'm an attention junkie, so sharing is caring in my book!

Pin It

Published by

Bjørn Furuknap

I previously did SharePoint. These days, I try new things to see where I can find the passion. If you have great ideas, cool projects, or is in general an awesome person, get in touch and we might find out together.

4 thoughts on “SharePoint 2010 New Feature: Managed Accounts”

  1. Looks nice, but with that automatic change, how on earth will I know what the password is when I need it?

    I also wonder what the implications are for people not having to know the password but just the managed account. Would that make it easy to write an app that has elevated privileges without any admin ever knowing the app exists?

  2. This for just security purpose !
    do not check the option if you feel to need password in future.
    sevice accounts ?

Leave a Reply

Your email address will not be published.