0
Our installer creates a specifically-named user account for a service to use. The installer generates a random password for Windows to assign to the account. The installer then creates the service with that username/password combo. The installer then discards the password so it's effectively secret.
I want to run multiple copies of the service, each with a different account. The installer can't generate a different account name so I was hoping to run the installer multiple times and just rename the accounts created each time manually. Unfortunately, when I change the account name in the service properties, I am unable to complete the password fields.
I've seen references to the Services MMC auto-filling the password fields if left blank when you browse for the account but that doesn't seem to work. Does this only apply to built-in accounts or am I just doing it wrong?
The SC.EXE command line help mentions the LSA managing service account passwords. Is that unrelated to what I'm trying to do?
In summary, I want to be able to clone the service accounts and the services themselves with just the account name being different. Is this a fruitless exercise?
[[Update]] The secret part is important for compliance. If the password was human-generated, the system would fail the security audit.
John Breakwell
Posted 2016-07-20T16:23:41.693
Reputation: 266
Well the only possible way to do what you describe is, keep track of the password to this user account, and present it to the user of your application. You can't freeze your cake and eat it too in a case like this. – Ramhound – 2016-07-20T16:29:18.020