Hello There,
We are in the process of deploying an EndPoint Detection & Response product across the whole Windows Domain with more than 1,000 endpoints.
This solution requires a service account with the following features.
1.Logon as a Service & Interactive Logon
2.Password never expires
This puts the whole domain at risk, if the service account is compromised it is like keys to the kingdom.
Is there any improvement in managing service accounts in Windows 2012 AD environment?
What is the best practice in the scenario?
Please suggest.
Thanks,
Maqsod
Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified