The new Windows Remote Target Connector (supported since PAM 3.1) can be used as an alternative to the Windows Proxy. The Windows Remote Target Connector functions much like the Windows Proxy, but does not require installation (agent-less) on each target server.
I have created Target Account with Windows Remote Connector as the application type, the account belongs to local Administrators group and password can be verified, but Services or Scheduled Tasks tabs are empty. How should I configure so that I can discover local Services and Scheduled Tasks on target Windows server, so I can manage the account's password used by them?
PAM 3.1 or later
Windows 2008, 2012, 2016 servers
To be able to discover local Services or Scheduled Tasks you have to use the first Windows Remote Account to do account discovery. Once you discovered new local accounts, manage them and local Services or Scheduled Tasks belong to the accounts will be appeared on the accounts' Services and Scheduled Tasks tab.
Follow the following steps.
1. On the target Windows Server, change logon account of the Service or create Scheduled Task for the account you want to manage.
For example, I have seng user account and I change SNMP Trap service logon account to this account.
This account has also a scheduled task, named MySengTask.
2. Create Windows Remote Target Application and select both Discover Services and Discover Tasks boxed in Account Discovery tab.
In Windows Remote tab, you can either select Local Account or Domain Account. If you select Domain Account you need to fill in additional parameter related to the Domain.
3. Create the first Windows Remote Account (which has enough privilege to discover local Services and Scheduled Tasks). Check the Discovery Allowed box in Password tab and make sure Password can be verified.
4. Go to Credentials > Discovery and create Scan Profile and select the target Windows server.
5. Run the Scan Profile and once completed, select Discovered Account tab
6. Select the account who owns the local Service and Scheduled Task and click Manage button. Select Update both the Password Authority Server and the target system and key in the correct password and click OK button. When "Do you want to manage this account?" prompt appear, click Yes.
7. Now open the newly created Target Account and you will see you discovered local Service in Services tab and Scheduled Task in Scheduled Tasks tab.