Services

This section is designed for managing Windows services in Axidian Privilege.

Windows services are applications that can start automatically when the operating system starts.

Add services to PAM that run under accounts managed by PAM. These services will automatically receive the current account password when it is changed via PAM.

What if I don’t add them?

The old account password will remain in the service properties.

The running service will continue to run until the next restart of the resource host. And after that, the service will not start because the account password specified in the service properties does not match the actual account password.

To start the service, you will need to connect to the resource and update the password in the service properties manually.

Prerequisites

To work with services, you need Resource Management privileges, and you also need to set up a service connection for Windows on the resource where the services are located.

Service Adding

1. Open the Services section.

2. Click Add.

3. Select a resource in the window that opens. The resource must have the status Available. The service will have the same organization unit as the selected resource.

   caution

   The resource field of the service cannot be modified once the service is created.

4. Fill in the required field Name of the service.
   The name you enter must match the name specified in the Service Name field of the Services snap-in on the resource.

   caution

   Do not use the name that is specified in the Display name field of the Services snap-in on the resource.

   Do not attempt to create a second service on the same resource with the same name. Duplicates are not allowed.

5. Optional enter a Description of the service.
   The description you enter will only be displayed in PAM, it will not change the description displayed in the service properties on the resource.

6. Enable or disable the Restart service when service password is changed option.
   

   Information

   For services with delayed start, it is recommended to leave the option disabled. The new password will be delivered to the service when the service is restarted.

7. In the next wizard window, select an account.

8. In the next wizard window, check that the entered data is correct and click Add.

Likewise, you can add a service from the Resources and Accounts sections.

Service Editing

caution

The resource field of the service cannot be modified, it is set only via service adding wizard.

The following service fields are available for editing:

• Service name
• Description
• Service restart
• Account

To edit a service, click on the service page to the right of the desired setting.

Information

Please note that no two services with the same name can exist on a resource. Do not enter the name of a service that already exists on this resource.

Service Password Changing

Services do not have their own passwords, their passwords are the passwords of the associated accounts.

There are two ways to change account passwords:

• manually
• on schedule

Setting a Password for a Service

This function allows you to initiate delivery of the current password of the associated account to its service on the resource. This allows you to synchronize the password of the account with the password specified in the service properties immediately, without the necessity to wait for the scheduled password change.

Information

If the Restart service when service password is changed option is enabled for the service, then this service will restart after performing the password setting function.

1. Open the service page.
2. Click Set a new password in the service.

Service Restart

Service restart is an option that is specified when creating or editing a service using the Restart service when service password is changed checkbox. If this option is enabled, then the service will restart when the password is changed or set.

For a service to restart successfully, the service must be in the Running state.

Information

If the service on the resource is in a state other than Running, the service will not restart. This situation creates an event with the INFO type Service restart: Not required. This scenario is considered a successful completion of the service restart. Accordingly, it does not cause new errors and resets previous ones.

If the service was in the Running state, but the error The service could not be restarted occurred, the reason may be that the timeout for waiting for the required status has expired. For more details, see the section Errors of services fixing.

Services Search

The search allows you to display only those services that meet the specified criteria. There are two types of search:

• Quick search is a search bar. You can only search by one criterion. Text input.
• Extended search is a form with several fields. You can search by several criteria at once. Dropdown lists.

Quick Search

In the search bar you can search by the following fields:

• Service name;
• Resource name;
• Service description;
• Account name.

Extended Search

You can search by one or several criteria. If you select several criteria, services that meet all of the listed criteria will be displayed. You can search by the following fields:

• Service name;
• Account name;
• Resource;
• State;
• Services with errors only checkbox.

Values of the State field:

• Managed;
• Removed.

Removed Services Search

1. Open the Services section and click Extended search.
2. Select Removed for the State field.
3. Click Search.

Errors of services fixing

Errors may occur:

• when setting a password in the service;
• when restarting the service.

An error when setting a password in the service may occur for various reasons, here are some examples:

• internet connection is lost;
• the host on which the resource is installed is frozen;
• service connection stopped working.

Restarting the service fails if the timeout expires while waiting for the required status. For example:

• the service was stopping for too long;
• the service restarted and immediately stopped.

You can find out what status was expected and what was received in the events of this service. This information will help you understand how to fix the error.

To fix the error you will need to connect to the resource. It is not possible to fix the error from the Axidian Privilege management console.

Service-removing

caution

The service cannot be restored once deleted.

You can create a new one with the same name on the same resource.

Removing from the list of services

1. Open the Services section.
2. Select one or more services.
3. Click Remove.

Removing from service page

1. Open the service page.
2. Click Remove.

Removed services will no longer appear in the Services section, but can be viewed using extended search.