Security

T04 Securing Service Accounts the Modern Way

August 6th, 2019

8:00am - 9:15am

Level: Introductory Intermediate

John O'Neill, Sr.

Chief Technologist

AWS Solutions

Service Accounts are a fact of life, some services just won't run correctly under standard built-in contexts. Unfortunately, many organizations historically addressed this problem by creating dedicated user accounts. The problem is that these accounts are often forgotten, their passwords not regularly changed. This creates a sizable security hole! Microsoft addressed this problem years ago with MSAs, evolving these to GMSAs in the latest Windows Server versions. This session will explain what these accounts are, the differences between them, and when to use each. I'll also show you how to find any lingering dedicated service accounts on all the servers in your organization using a custom PowerShell script.

You will learn:

  • The differences between Managed Service Accounts and Group Managed Service Accounts
  • When to use an MSA vs. a GMSA
  • Why standard user accounts just don't work for service management