This is easy. Your remove domain admin from your service accounts. That is unacceptable, insane...really bad. Take your pick. If they need more than local admin on the box they are running then you dig in and give them the perms they need.
Any vendor that says we need domain admin for a service is shown the door around here. From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Wednesday, January 17, 2018 12:01 PM To: [email protected] Subject: [NTSysADM] domain admin account passwords management I know we have LAPS for local admins. What is everyone doing for domain admin account passwords management and compliance? We are being asked to change passwords every 90 days and most of the domain admins are service accounts? So...what does everyone else do to automate/management this? David McSpadden Systems Administrator Indiana Members Credit Union P: 317.554.8190| F: 317.554.8106 [Description: imcu email icon]<http://imcu.com/> [Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [Description: twitter email icon] <https://twitter.com/IndMembersCU> [Description: email logo] [Image result for mcp logo]<https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwirvOT_m8fTAhVM1xoKHVbUA2kQjRwIBw&url=https://mssqlhub.wordpress.com/2013/09/23/pathway-for-microsoft-certification/&psig=AFQjCNHf-4M9Isb1398vr-wswZ04wRJObQ&ust=1493471205430002> This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
