Step 6.5. Password Rotation using Windows Connector

Password Rotation using Windows Connector

When you are configuring password rotation using WIndows Connector, it could be necessary to make some changes in the local computar policies.

The Local Computer Policies on the target Windows server mentioned below:

User Account Control: Admin Approval Mode for Built-in Administrator Account
User Account Control: Run All Administrator in Admin Approval Mode

Need to be disabled for PAM application to connect target server and reset password of privilege accounts. If the Policies are originally in ‘Enabled’ mode, then after disabling them a system restart may required for the Policies to get applied on target servers properly.

To check the User Access Policies on servers, follow below mentioned path:
Open group policy editor Run > gpedit.msc > Local Computer Policy > Windows Settings > Security Settings > Local Policies > Security Options > select policy ‘User Account Control: Run all administrators in Admin Approval Mode’ and ‘User Account Control: Run All Administrator in Admin Approval Mode’ and select Disabled and apply > OK.

Revision #2
Created 21 February 2025 13:22:08 by pgarcia@soffid.com
Updated 21 February 2025 13:24:00 by pgarcia@soffid.com