-2

Our production BizTalk server have these many service accounts:

Enterprise Single Sign-On Service, Enterprise Single Sign-On Administrator, Single Sign-On affiliate User, BizTalk Host Instance Account, BizTalk Isolated Host Instance Account, Rule Engine Update Service, BAM Notification Services User, BAM Management Web Service User, BizTalk Base EDI service, BizTalk Administrator, BizTalk Server Operator User, BizTalk Server B2B Operator User, Domain Account for project.

I wanted to know that from the following list which all accounts to consider for password change and which one to leave and why?

SharePointer
  • 7
  • 5

1 Answers1

1

All Service passwords should be changed based on your existing Password Policy. There are no specific BizTalk reasons to do anything different.

Read here: http://msdn.microsoft.com/en-us/library/aa561505.aspx

Note, you must follow the steps for the Master Secret Server or you will break the group to an unrepairable state.

Also, these accounts: BizTalk Administrator, BizTalk Server Operator User, BizTalk Server B2B Operator User, should not exist as named, rather they should be actual domain users whose Password Policy is enforced at the Domain level.

Meaning, no one should logon with a generic account named "BizTalk Administrator". A person's User Account mydomain\bgates would be a member of the BizTalk Administrators Domain Group.

Johns-305
  • 10,908
  • 12
  • 21
  • I read the msdn article but this article mentions only 8 accounts. However, we have some 13 accounts. If we consider msdn article what should we do for the remaining 5 accounts means whether their password should be changed or not. – SharePointer May 28 '14 at 04:20
  • Regardless of the number of accounts you have, this statement applies: All Service passwords should be changed based on your existing Password Policy. There are no specific BizTalk reasons to do anything different. – Johns-305 May 28 '14 at 11:02