Imprivata Privileged Access Management Product Update 2.3.201911242316

November 24, 2019

PAM Update: Adds support to automate management of Windows IIS WEB Containers Application Pool Owner accounts

This update adds support to automate the management of Windows IIS WEB Containers Application Pool Owner accounts and upgrades system infrastructure components.

Added support to automate the management of Windows IIS WEB Containers Application Pool Owner accounts

The new update added support to update IIS Application Pool Owner accounts after resetting local or domain account passwords.

Password reset for the IIS Application Pool Owners requires updating application pools using this account often across multiple computers.

As a result, system administrators tend to rarely if ever update application pool owner accounts passwords leaving more opportunities for malicious agents to penetrate the network.

This update automates the procedure of changing the password of the application pool owner accounts following the update of dependent IIS services using this account.

Use out-of-the-box script “Windows Remote Reset Dependent Services” to automate the management of domain application pool owners.

Use out-of-the-box script “Password Reset Remote Windows with Service Dependencies” to automate password reset and management of local application pool owners.

Note that management automation of IIS application pool owner accounts added in addition to already existing automation of management of service owners and scheduled tasks run-as accounts for services and tasks distributed between network computers.

Upgraded system infrastructure components

The update upgrades system infrastructure components including OpenJDK version 13 and Apache Tomcat WEB Container version 9.

All new deployments will use new versions of the infrastructure components. While current deployments will not be updated automatically, they could be updated following the procedure outlined in the article Updating Existing PAM Deployment to OpenJDK 13 Framework and Tomcat 9.0 WEB Container.

Until further notice, subsequent system updates will be compatible with both old and new infrastructure components.

As a result, there is no pressure to update existing deployments quickly. However, we recommend using newer system and infrastructure components for security, performance and maintainability reasons.