Rotate the Credential of a Windows Service
Overview
The following code snippets update the credential on a Windows Service running as a Service Account after its password has been rotated via Keeper Rotation.
Using PowerShell Scripts
Prerequisites
To use these scripts, PowerShell 7 must be available on the target machine and should be set up and configured to enable remoting using PowerShell 7 using Enable-PSRemoting.
Pulling Parameters from the Record
The data in the record being rotated is made available to your script via a BASE64-encoded JSON string. This is passed into your script for consumption. When your script has finished execution, Clear-History is executed to ensure that the record data is not available for future PowerShell sessions.
Using Batch Files
Prerequisites
The Remote Procedure Call (RPC) and Windows Management Instrumentation services should be enabled and running on the target server to run the scripts in the examples below.
To rotate the credential of a service account, the user (which in this case is the Gateway's user account) will need to be part of the Administrator's group on the target machine. This means the Gateway must run as a Service account that is assigned the appropriate level of privilege to achieve this and not run as the default SYSTEM user.
This example uses the commonly used tool jq, for parsing the JSON data passed to the script containing the records data. This example assumes you have it installed and the jq command is in PATH.
Pulling Parameters from the Record
The data in the record being rotated is made available to your script via a BASE64-encoded JSON string. This is passed into your script for consumption.
Last updated