Configuration to make Windows Service recycle when the logon account of the service is changed

book

Article ID: 102741

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

When I installed the Windows Proxy connector on the corresponding server, I heard that password change of the account with the Windows service will also be implemented. What kind of setting do I need to do?

Environment

CA Privileged Access Manager r.3.x

Resolution

In this for example, the "cspmclientd" service is focused. This service's process on the Task Manager is "cspmclientd" process as follows.
This document provides the configuration sample.  The "cspmclientd" service's logon account is "adobeupdater" who is the domain account.
 

<Please see attached file for image>

Windows service and the process itself


Here is the "adobeupdater" account's settings.
 

<Please see attached file for image>

Target account - account tab

<Please see attached file for image>

Target account - password tab

<Please see attached file for image>

Target account - Compound Servers tab

<Please see attached file for image>

Target account - Active Directory tab


As the cspmclientd service is running by this account, the Services tab of the target account will show up the service as follows. If there is no entry here, click the "DISCOVER SERVICES" button at the right bottom in this screen.
(When the password is changed and save the target account but the Windows service is not recycled, it should try to delete the indicated service here by the X button at the right of the service and click the "DISCOVER SERVICES" button, and save the target account with the changed password)
 

<Please see attached file for image>

Target account - Services tab


When the "DISCOVER SERVICES" button works, like the below message will show up.
 

<Please see attached file for image>

Succeed to discover the Windows service


The below is the target account who is selected at the "Active Directory" tab of the "adobeupdater" target account in the above.
 

<Please see attached file for image>

Target account - account to perform the Change Process


Below some screenshots are the "Administrator" target account that is selected by the above.
 

<Please see attached file for image>

Target account - administrator account
 

<Please see attached file for image>

Target account - Administrator password tab

<Please see attached file for image>

Target account - Administrator Compound Servers tab

<Please see attached file for image>

Target account - Administrator Active Directory tab

Additional Information

- On the target server, it grants the user access to the Domain "Adminstrator" as follows. 
 

<Please see attached file for image>

User account settings on the target server

- Attached mp4 provide the movie of the Windows Service will automatically be recycled when the password is changed with the Active Directory target application's account.

Attachments

1558700832238000102741_sktwi1f5rjvs16ka6.jpeg get_app
1558700830460000102741_sktwi1f5rjvs16ka5.jpeg get_app
1558700828725000102741_sktwi1f5rjvs16ka4.jpeg get_app
1558700826843000102741_sktwi1f5rjvs16ka3.jpeg get_app
1558700824785000102741_sktwi1f5rjvs16ka2.jpeg get_app
1558700822831000102741_sktwi1f5rjvs16ka1.jpeg get_app
1558700821082000102741_sktwi1f5rjvs16ka0.jpeg get_app
1558700815599000102741_sktwi1f5rjvs16k9z.jpeg get_app
1558700813941000102741_sktwi1f5rjvs16k9y.jpeg get_app
1558700812106000102741_sktwi1f5rjvs16k9x.jpeg get_app
1558700810301000102741_sktwi1f5rjvs16k9w.jpeg get_app
1558700808330000102741_sktwi1f5rjvs16k9v.jpeg get_app
1558700806272000102741_sktwi1f5rjvs16k9u.jpeg get_app
1558536513956WindowsService-ADconnector.mp4 get_app