Potential Security Implications When Sharing Credentials with Background Services

When you share a credential with background services, that credential becomes available to all other administrators for use with Security Controls service components. For example, say Administrator A creates a credential, enables it for sharing with background services and then assigns it to the proxy service. Administrator B is now free to assign that same credential to other service areas of the program.

Therefore:

  • Only enable sharing with background services on those credentials that are needed by Security Controls service components.

  • DO NOT enable sharing with background services on credentials that allow access to secure areas of your organization.

It is recommended that you create a service account to perform background service functions rather than using a domain administrator account.