Devolutions ForumDevolutions Forum

Linked account for Propagation properties - PAM Service account password rotation

Linked account for Propagation properties - PAM Service account password rotation

1 vote

avatar
kseay1

In the PAM Windows Service Account properties, there is a field for EndpointUserName and EndpointPassword. These are static fields. We would like to have the option to use a linked account to a PAM user similar to what is done for PAM Providers.

All Comments (4)

avatar
François Dubois

Hello,

Thank you for your request. We plan to add a way to run the propagation script with a "Run As" configuration. It would allow you to specify where you want to run the script. We will keep in mind that it would be useful to be able to reuse a PAM account as credentials. I don't have an ETA for such a feature, but we will post back here once we have an update.

Best regards,

François Dubois

avatar
antoinedentan

Hello,
I would be very interested too by this feature. Having a password propagation done by a PAM account with a himself a rotated password seems to be a top feature.
Also, one of my customers is using autologon on windows 11 devices. All these devices are for a specific usage (computers shared by many people in hospital medical units) and are up 24/7. The autologon credentials are in the registry and of course never changed because « it works ». I expect a possibility to integrate these accounts in PAM and propagate the password rotations to the devices.
Have you already processed this kind of request ?
Best regards
Antoine DENTAN

avatar
julestechconsulting

Hello,
I am also very interested in this request. I think it would be more efficient to be able to choose for the "Run As" account:

  • Either an account in the PAM vault as proposed
  • Or the account linked to the PAM Provider associated with the target system

In the current state, we are forced to hardcode in the propagation instance credentials which are most likely residing in the PAM vault, i.e. we would break the propagation if we rotate their password and do not manually update the propagation. Using an account in the PAM vault would solve this issue.
Thank you.

avatar
Luc Fauvel

Hi all,

We've recently added the "PowerShell Settings" section to the propagation configurations, this allows you to specify the credentials used for powershell remoting in the propagation scripts, but at this moment it's still not possible to link credentials from a vault. I've added linking to our todo list and we'll update this thread with more information when it will become available.

Cheers,

Luc Fauvel