Learn about unmanaged service accounts and how to mitigate this type of identity-related risk.
Unmanaged service accounts are ordinary user accounts that have been configured to
run services
and applications. These accounts are commonly found in organizations because they
are easy to set
up. However, unmanaged service accounts pose a number of security risks, including
weak passwords
and overly broad permissions.
By contrast, Managed Service Accounts (MSAs) offer a wealth of advantages over unmanaged
service accounts and should be used to host services whenever possible. In particular,
MSAs
cannot perform interactive sign-ins, cannot be locked out, and have passwords that
are managed
automatically by the operating system, so no person ever needs to know the password
or remember
to change it.
To mitigate the risk of unmanaged service accounts, Trend Micro
recommends migrating unmanaged service accounts to either standalone or group Managed
Service
Accounts.