<div>
Thanks for your reply.<br />
<br />
So for backup exec will I create a local user or will I use MachineName\Administrator account?
</div>


<div>
create User on AD &amp;&nbsp;assign the local admin rights on servers whose backup you want to take
</div>


<div>
would the account need to be a member of Domain Users security group
</div>


<div>
McKnife,<br />
<br />
thanks for this.<br />
<br />
I have tried the Managed Service Accounts for a few things and it works.<br />
<br />
I guess there is no easy way to audit where the Administrator account is being used? I will have to go through each of my servers 1 by 1 and create the Managed Service Accounts as necessary?<br />
<br />
Many Thanks!<br />
<br />
jack
</div>


<div>
Quite easy is to use a tool that scans servers from remote and finds out what services and what tasks use such domain admins accounts: <a href="http://www.cjwdev.com/Software/ServiceCredMan/Info.html" rel="ugc">http://www.cjwdev.com/Software/ServiceCredMan/Info.html</a>&nbsp;(free)
</div>


<div>
thanks.. very useful!<br />
<br />
I am having an issue with Scheduled Tasks.<br />
<br />
When I try to set them to the MSA it says it cannot find the account.<br />
<br />
is this normal?<br />
<br />
thanks<br />
<br />
jack
</div>


<div>
<a href="http://blog.simonw.se/using_standalone_managed_service_accounts_for_scheduled_tasks/" rel="ugc">http://blog.simonw.se/using_standalone_managed_service_accounts_for_scheduled_tasks/</a> has an explanation and solution.
</div>


<div>
thanks - I did see this.<br />
<br />
on the DC I create the MSA as follows:<br />
<br />
New-ADServiceAccount -Name MSA -Enable $true -DNSHostName MSA.DomainName.local<br />
<br />
Set-ADServiceAccount -Identity MSA -PrincipalsAllowedToRetrie<wbr />veManagedP<wbr />assword Server1$,Server2$,Server3$<wbr /><br />
<br />
so I have not been using the Add-ADComputerServiceAccou<wbr />nt &nbsp;command line - could this be the problem.<br />
<br />
I have been able to use the cmd code: schtasks /Change /TN ScheduledTaskName /RU &quot;domainMyRunAsAcount$&quot; /RP &quot;&quot;<br />
<br />
BUT when I edit the service and try to save it - it will not let me save it as it says the account is not recognised<br />
<br />
<br />
thanks again
</div>


<div>
The article says: &quot;In Windows Server 2012, these accounts can also be used as RunAs account on scheduled tasks but it can’t be configured in GUI.&quot; Only that is the problem, the GUI was not designed with that account type in mind, while powershell can work with it and so can schtasks.exe.
</div>


<div>
thank-you. working though and using MSA accounts where-ever possible
</div>


<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
we recently had a security hack in our network - and I want to tighten up the password policy by using group policy to have a minimum password criterion.<br />
<br />
I am a little worried that if I change the administer password I will start to get a lot of issues with programs not running on my server.<br />
<br />
is there a good way to Audit what would be affected if the Domain Administrator account gets a new password?<br />
<br />
Will it affect things like Exchange Server or Lync Server? in Services these use either a Local System or Network Service Account.<br />
<br />
My Backup Exec 15 server using the Domain/Administrator account as the account that runs its services. I assume that I will just need to change the password in Services? Or should I create an account just for Backup Exec Server in AD? If I created an account would it need to be part of the Administrators Group?<br />
<br />
thanks for your help
</div>
</div>


Hi,

we recently had a security hack in our network - and I want to tighten up the password policy by using group policy to have a minimum password criterion.

I am a little worried that if I change the administer password I will start to get a lot of issues with programs not running on my server.

is there a good way to Audit what would be affected if the Domain Administrator account gets a new password?

Will it affect things like Exchange Server or Lync Server? in Services these use either a Local System or Network Service Account.

My Backup Exec 15 server using the Domain/Administrator account as the account that runs its services. I assume that I will just need to change the password in Services? Or should I create an account just for Backup Exec Server in AD? If I created an account would it need to be part of the Administrators Group?

thanks for your help

Changing Administrator Account Password on Domain

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Windows Server 2012

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.