Well...

​

I was helping a client deal with an ancient Windows Server 2003 domain over the last week and while working with some of the service accounts, I noticed the below. This just maid me laugh at the way this was handled. It really made my day as I was dealing with my own active directory nightmare (having to rebuild the entire environment from the ground up for my personal systems that I use for medical reasons is NEVER FUN) in my downtime which is stressful to say the least. this however made me chuckle when I found it today.

​

​

Screen captured 2024.02.29: Service Account password stored at user properties > Telephones tab > Notes Field in AD... *ME TO CLIENT *: 1-900-YOUR-BAD! *CLIENT*: Just in case something goes up in smoke!

​

Seeing this made me curious: How do you all deal with service account passwords? I know that many documentations say to not let the account password expire and do not allow the user to change it... so make it long and strong for sure; but storing it in AD? NO that just defeats the purpose! Additionally can anyone think of any reason that any person would ever need that password after the service account was set up and the app that uses it is confirmed working?

​

What do you think of this situation? How could service account passwords be better handled? Did this make you laugh?

View Poll