Security Basics mailing list archives
Windows Service Accounts and Password Expiration
From: Jack Mogren <mogren () mayo edu>
Date: 28 Apr 2005 15:46:21 -0000
Our security policies and standards have always required passwords to expire, requiring account owners to change the passwords on a specific periodic basis. We also have standards for when generic or trusted accounts are acceptable. For instance, we deem the use of generic accounts acceptable in purely machine - to - machine batch processes. Still we require certain criteria, including password expiration. In the Windows server world there are generic accounts called "Service" accounts. "A rose by any other name ......." Until recently, so-called "service" accounts have slipped by this requirement. But system admin folks have become more security aware (thank you very much) and some are starting to ask the question. Should Windows "service" accounts be required to have password expiration? I'm getting good arguments from both sides of the issue. Application availability VS adherance to standards, industry best practices, etc. Keep in mind that we are in a patient care environment. Any thoughts from the list? - Jack
Current thread:
- Windows Service Accounts and Password Expiration Jack Mogren (Apr 28)