Service account is not secure in its current configuration

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

First published on MSDN on Aug 28, 2015

Used to secure the following MIM PAM Service Accounts



  • Application Pool ( For Rest API )

  • PAM Component Service

  • Privileged Access Management Monitoring Service


Issue:


When installing the "PAM" Privileged Access Management Features you are presented with one or all of the below warnings about the service accounts to be used. This is a warning and will not prevent you from continuing but it is recommended to secure the accounts at your earliest availability. See Resolution



Images:



  • Rest API Application Pool account is not secure in its current configuration




  • Component Service account is not secure in its current configuration




  • Monitoring Service account is not secure in its current configuration




Cause:



  • Prior to installing the PAM Feature the Service Accounts to be used were not secured.


Resolution:



  1. On the server that the PAM Features will be installed on or has already been installed on:

    1. on the server that host the Forefront Identity Manger Synchronization Service open up Local Security Policy

    2. Expand Local Polices

    3. Click on User Rights Assignment

    4. Scroll down to locate the following policies

      1. Deny log on as a batch job

      2. Deny log on locally

      3. Deny access to this computer from the network






Questions? Comments? Love FIM / MIM so much you can't even stand it?



EMAIL US>EMAIL US<



## http://blogs.msdn.com/connector_space ##

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.