One of the new features brought by Microsoft Windows Server 2008 R2 is the 'Managed Service Accounts', which are user accounts that we may assign to our services. It is well known that in our Active Directory we have assigned password expiration policies and we always have a service that does not start with a local system account or SYSTEM, with more privileges. To avoid this hassle of managing accounts with expiring passwords, or that they are vulnerable since the password is always the same and can allow someone to take advantage of that, Microsoft has released this new feature, Of course, to be able to use it, our Active Directory has to be in “Windows Server 2008 R2”.

Son cuentas que se gestionan y directamente no tienen por qué tener necesidad de contraseña, para crear una cuenta de este tipo, we will do it from the “Active Directory Module for Windows PowerShell” from a domain controller:

New-ADServiceAccount -Name NOMBRE_CUENTA -Path “cn=Managed Service Accounts, dc=DOMINIO, dc=DOMINIO”

or

New-ADServiceAccount NOMBRE_CUENTA -AccountPassword (ConvertTo-SecureString -AsPlainText “PASSWORD” -Force) -Enabled $true -Path “cn=Managed Service Accounts, dc=DOMINIO, dc=DOMINIO”

Y simplemente en el servicio que querramos asignar la cuenta, lo haremos cómo siempre (“Esta cuenta” > “Examine” > y buscamos la cuenta del servicio), yes indeed, el equipo deberá ser Windows 2008 R2 or Windows 7.