-
Title
Marking the Password Manager service account as "Account is sensitive and cannot be delegated" -
Description
For security reasons, it might be desirable to mark the Password Manager service account as Account is sensitive and cannot be delegated in Active Directory.
Will this negatively impact Password Manager functionality?
-
Cause
No.
-
Resolution
Core Password Manager functionality does not require integrated authentication and will not be negatively impacted by preventing delegations of the Password Manager service account.
It is possible to configure Reporting in Password Manager to use integrated authentication in order to access SQL Server Reporting Services (SSRS). If the Password Manager service account is marked as Account is sensitive and cannot be delegated then the credentials used to access SSRS must be entered manually or a SQL Server credential must be leveraged.