Managing Passwords for Local Accounts

You can specify any valid local user account and password. In most cases, however, you would specify Administrator or an account with similar privileges for which you want to manage the password. If you select the Manage this credential option for an account, the Privileged Access Service handles all periodic password changes and validation for the account. You can configure a separate “proxy” account to perform these tasks on Windows systems, if needed.

For a failed password rotation attempt, which includes either a manual rotation, setting an automatic password rotation on check in, or 'enable period password rotation', PAS will start a background job that will try again in 5 minutes to try to rotate the password. If that attempt fails it will try again in 10 minutes. Continued failures result in a longer time period before trying again, and the maximum wait time to try again is 24 hours. PAS will try this a total of 40 times.

For other system types, the “proxy” account performs a similar function but is specifically used as a substitute for the root account.

For more information about password and system management for Windows systems, see the following topics:

• Managing Ports for Password Operations
• Configuring Proxy Users for Password Operations
• Password Complexity Rules
• Changing Windows System Settings
• Managing Local Accounts in SMB Mode