Configuring service authentication & account policies in Windows Server 2016


Many apps and services that you install on Windows Server run in the security context of a user account, known as a service account. In Skill 2.1 from Exam Ref 70-742 Identity with Windows Server 2016, learn how account policies enable you to control fundamental security features and how these features help secure your network—and the apps and services that run within it.



Many apps and services that you install on Windows Server run in the security context of a user account, known as a service account. Like all user accounts, it is important that these service accounts are not compromised. Windows Server 2016 provides Managed Service Accounts (MSAs) and Group Managed Service Accounts (gMSAs) to help you more easily manage service accounts.

Account policies enable you to control fundamental security features, such as password complexity, length, expiration, and lockout. You can use these features to help secure your network, and the apps and services that run within it.

This section covers how to:

  • Create and configure MSAs and gMSAs

  • Manage SPNs

  • Configure Kerberos Constrained Delegation

  • Configure virtual accounts

  • Configure account policies

  • Configure and apply Password Settings Objects

  • Delegate password settings management

Read Skill 2.1 here.

Skip to main content