Step 6.5. Password Rotation using Windows Connector

Password Rotation using Windows Connector

When you are configuring password rotation using WIndows Connector, it could be necessary to make some changes in the local computar policies.

The Local Computer Policies on the target Windows server mentioned below:

User Account Control: Admin Approval Mode for Built-in Administrator Account
User Account Control: Run All Administrator in Admin Approval Mode

Need to be disabled for PAM application to connect target server and reset password of privilege accounts. If the Policies are originally in ‘Enabled’ mode, then after disabling them a system restart may required for the Policies to get applied on target servers properly.

To check the User Access Policies on servers, follow below mentioned path:
Open group policy editor Run > gpedit.msc > Local Computer Policy > Windows Settings > Security Settings > Local Policies > Security Options > select policy ‘User Account Control: Run all administrators in Admin Approval Mode’ and ‘User Account Control: Run All Administrator in Admin Approval Mode’ and select Disabled and apply > OK.

Step 3.1. Launch network discovery

Step 3.2. Account repositories

Step 3.3. Entry point

Step 4.1. Add database (Optional)

Step 4.2. Create an agent (Optional)

Step 4.3. Reconcile (Optional)

Step 5.1. Account management

Step 5.2. Change account type

Step 5.3. Publish on Password vault

Step 5.4. Assign the password

Step 6. Passwords rotation

Step 6.1. Create User type

Step 6.2. Create Password policy

Step 6.3. Assign password policy

Step 6.4. Enable Task

Step 6.5. Password Rotation using Windows Connector

Step 7. Just in time privileges

Step 7.1. Define an approval workflow

Step 7.2. Define XACML policy set to use a workflow

Step 7.3. Configure XACML PEP

Step 8. Behavior analysis

Step 8.1. PAM Rules

Step 8.2. PAM Policies

Step 8.3. Assign PAM policy

Step 6.5. Password Rotation using Windows Connector

Password Rotation using Windows Connector