Service account is not secure in its current configuration


Used to secure the following MIM PAM Service Accounts

  • Application Pool ( For Rest API )
  • PAM Component Service
  • Privileged Access Management Monitoring Service

Issue:

When installing the “PAM” Privileged Access Management Features you are presented with one or all of the below warnings about the service accounts to be used. This is a warning and will not prevent you from continuing but it is recommended to secure the accounts at your earliest availability. See Resolution

 

Images:

  • Rest API Application Pool account is not secure in its current configuration

  • Component Service account is not secure in its current configuration

  • Monitoring Service account is not secure in its current configuration

 

Cause:

  • Prior to installing the PAM Feature the Service Accounts to be used were not secured.

Resolution:

  1. On the server that the PAM Features will be installed on or has already been installed on:
    1. on the server that host the Forefront Identity Manger Synchronization Service open up Local Security Policy
    2. Expand Local Polices
    3. Click on User Rights Assignment
    4. Scroll down to locate the following policies
      1. Deny log on as a batch job
      2. Deny log on locally
      3. Deny access to this computer from the network

 

Questions? Comments? Love FIM / MIM so much you can’t even stand it?

 

EMAIL US>EMAIL US<

 

## http://blogs.msdn.com/connector_space ##

Comments (0)

Skip to main content