Add a Windows Proxy Connector

The Windows Proxy connector manages Windows accounts. To use the Windows Proxy connector, you must install the connector on a remote server in your target domain.
capam32
HID_ProxyPanel
The Windows Proxy connector manages Windows accounts. To use the Windows Proxy connector, you must install the connector on a remote server in your target domain.
The following graphic shows where the Windows Proxy resides in your environment.
Windows Proxy architecture
Windows Proxy architecture
Two other Windows connectors are available:
Use the Windows Proxy connector to manage passwords for:
  • Active Directory accounts
  • Local Windows accounts
  • Windows services 
  • Windows scheduled tasks
The Windows Proxy Connector uses Windows APIs to make updates to these passwords. The connector queries one or more DNS servers to find domain controllers. The Windows Proxy connector uses HTTPS and AES encryption for secure communications.
The permissions that are required for the Windows Proxy are affected by several architectural deployment decisions:
  • The type of accounts being managed by the proxy: local, domain, or both.
  • Whether passwords on services and scheduled tasks are also being managed
  • Whether the proxy is deployed on each server, or whether one proxy is deployed for the domain.
To manage only local accounts, you deploy the proxy on each managed server and run the proxy in the "local system" context. This scenario allows successful updates to the local accounts, services, and scheduled tasks.
If you deploy a proxy to manage multiple servers, it must operate under an account with privileges to manage the accounts, services, and scheduled tasks. If you use the Active Directory connector to manage the domain accounts, then the proxy must run with a domain account that has those privileges.
As a result, the service account that is used for the proxy can limit its privileges to a Domain User. To enable "local system" management, the service account must be a member of the Local Administrator group on the managed Target Account server.
To use the Windows Proxy to manage Domain accounts, add the service account to the domain Account Operators group. The proxy can then reset passwords in Active Directory.
Next Steps