Security changes 475 Managed Service Accounts It is a well-known best practice that account passwords should be changed on a regular basis. For years, administrators have struggled with performing password changes on service accounts because changing a password usually meant making configuration changes to the service itself. For example, by changing a password on a service account for an IIS Application Pool, the administrator would then need to logon to the Web server, open IIS Manager, and change the password settings of each application pool in which that password had been set. This not only caused huge administrative overhead, but sometimes resulted in forgotten app pools and Web applications experiencing service disruptions. As men- tioned earlier in this chapter Windows Server 2008 R2 now provides the ability to setup Managed Service Accounts. Managed Service Accounts allow an administrator to change a service account password without impacting services such as IIS application pools being impacted. If an administrator changes the managed service account password, the IIS application pool will automatically update its configuration with the new