Service Accounts and Password reset – Places you should look into

Aha… yet another topic on User Accounts. Just last week or so I was discussing with a colleague of mine here at CrmXpress. It was about Service Accounts. Now we all know that if you are using a Service account [A dedicated account to run services for SQL or MSCRM or maybe even IIS], first thing you must do is during the creation of the service account itself, you MUST mark a checkbox labelled  “Password Never Expires” so that the password expiry policies are not applied to this account.

Now in case you did not check this check box and your service account password expires, it will bring down all the dependent components/services/applications. To fix this quickly here are few places you might want to look into in case you end up with a service account with expired password. You can always set the password to what it was however some organizations have a policy against that. So you would want to look into places where you can change the password for a given service account. So here is a list of all the places that you should look into :

  1. Start -> Run -> Services.msc -> Sort by ‘Log On As’ column
  2. Start -> Run -> Inetmgr -> Expand Sites -> Select a web site which is using the service account -> Under Actions Pane -> Click on Basic Settings… -> Click on Connect As… button in the popup Window.
  3. Start -> Run -> Inetmgr -> Expand Application Pools-> Select an Application Pool which is using the service account -> Under Actions Pane -> Click on Advanced Settings… -> In the popup window -> Navigate to Process Model -> Set Identity Property.
  4. Check web.config files for encrypted\plaintext impersonation details

Leave a Reply

Your email address will not be published. Required fields are marked *