This video looks at some of the new features in Windows Server 2008 R2 and Windows 7 that can automate the management of service accounts. If your application supports it, using managed service accounts means that the password of the service account is automatically changed periodically without any interaction from the administrator.
What is a service account
A service account is a user account that is created to run a particular service or software. In order to have good security, a service account should be created for each service/application that is on your network. On large networks this will mean a lot of service accounts and the management of these service accounts can become difficult, thus this is where Managed Service Accounts can help.
Computer Accounts
A computer account is like a user account in that it has a password. The difference is that the password for a computer account is automatically updated by Windows with no interaction from the user. Managed Service Accounts uses the same process to manage the password for a Managed Service Account.
Refer here for information about computer accounts http://itfreetraining.com/70-640/comp...
Managed Service Accounts Passwords
The password that is associated with a Managed Service Account (MSA) is automatically changed every 30 days. It is a random string of 120 characters so it offers better security than standard passwords even if the standard password uses upper and lower case letters combined with non alphanumeric characters. Unless of course the administrator wants to use their own 120 character password which is difficult for an administrator to work with. Like a computer account, the Managed Service Account is bound to one computer and thus cannot be used on a computer that it was not designed to work with. This provides additional security.
Requirements
In order to start using Managed Service Accounts you need to meet a few requirements.
Domain Functional Level: This needs to be Windows Server 2008 R2 or above.
Forest Functional Level: Does not require any particular forest level.
Schema changes: The schema needs to be up to date. Run ADPrep /ForestPrep to update the schema to the latest version using a Windows Server 2008 R2 DVD or above.
Client: The Managed Service Account can only be used on Windows Server 2008 R2 or Windows 7.
Software components: .Net Frame work 3.5 and Active Directory module for Windows Powershell are required for Managed Service Accounts.
Supported Software
Not all software will work with a Managed Service Accounts. Managed Service Accounts do not allow the software to interact with the Desktop. Thus a Managed Service Account cannot be used to login and cannot be used to display GUI based Windows. Listed below are common software and if they can use a Managed Service Account.
Exchange: Yes, but the Managed Service Account cannot be used for sending e-mail.
IIS: Yes, can be used with application pools.
SQL Server: Some people have got Managed Service Accounts to work with SQL but Microsoft does not support it.
Task Scheduler: No
AD LDS: Yes, Active Directory Light Weight Service works with a Managed Service Account, however a special procedure does need to be followed in order to get it to work.
Description to long for YouTube. For the rest please see http://itfreetraining.com/70-640/mana...
See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube.
References
"Service accounts step-by-step guide" http://technet.microsoft.com/en-us/li...
"Managed Service Accounts Frequently Asked Questions (FAQ)" http://technet.microsoft.com/en-us/li...
Keywords: "Managed Service Accounts" "MSA" "Active Directory" 70-640 MCITP MCTS ITFreeTraining
MCITP 70-640: Managed Service Accounts | |
| 39,118 views views | followers |
| 152 Likes | 152 Dislikes |
| Education | Upload TimePublished on 21 Aug 2012 |
Không có nhận xét nào:
Đăng nhận xét