We use a service account for both NTP and NTM that has to have a password rotation every 365 days. For NTP, it’s simple where we stop the service, change the password, update the service and restart to prevent any bad passwords or lockouts from occuring.
For NTM, I’m not sure how best to do this since we have to have access to the web page to be able to update the credential. Is there a list of services that it would best practice to stop prior to a password change but would still allow access to the web interface to be able to change the service credential?
The actual services on the box are running as Local System. The service account shows up under credential manager which is used for AD Sync and we don’t have anything configured for actions.
It’s my understanding no services need to be stopped/restarted in order to change a credential in the Integrations → Credential Profiles. Those profiles are used when AD sync runs, actions, and shared folders for investigations for example. So, once you change the credential the next time the credential is used, it will use the latest password update.