search cancel

Local account not adding in PAM


Article ID: 228864


Updated On:


CA Privileged Access Manager (PAM)


An target account is defined with Application type Windows Proxy.

In the "Windows Proxy" configuration tab for the target account definition, the option to "Use the following account to change the password" is selected and an account with administrative privileges, defined for the same Windows Proxy application type is specified.

The goal is to have a service account to change or rotate the passwords of the unprivileged local accounts residing in the machine running Windows Proxy

However, on saving the target account, it fails to save and to update the password at the target server.


CA PAM all versions


By default and unless specified PAM will try to save/synchronized the account created with whatever password has been typed in the password field under Account, or whatever password has been generated in the same section of the Target Account definition.

It will not try to use the Windows Proxy application to force the password change if the password specified in that field does not match the real password of the target account at the target server, unless the option to "Force password change" is selected in the Windows Proxy section of the Target Account definition


Make sure that the Force passsword change checkbox

is selected in the Windows Proxy section whenever defining the target account to be managed through another account.