In this article I am describing about the new feature in SharePoint 2010 named managed Account. To reduce the load of managing various service accounts in Microsoft SharePoint Server 2010, the concept of managed accounts has been introduced. Much like managed accounts in Windows Server 2008, they allow SharePoint Server to take control of all the service accounts we use.

To understand it more clearly let me give you a small example, Consider having an app pool account, for example called DOMAIN\SharePointAdmin.And we are using this account for a large number of web applications. Suppose if we want to change the password for that account; you would need to go into each and every web application and reset the password after the change, not to mention that the applications you haven’t changed yet will stop working. This was the scenario in SharePoint 2007. SharePoint 2010 introduces the managed account. In short, rather than specifying the user name and password on every occasion, you create a managed account and set the password there. Then, when you need to enter a user account you simply select which managed account to use and you don’t need to know the password. This also allows farm administrators to set up the service accounts so that others do not need to know the password for the account.

Managed Account credentials are encrypted using a farm encryption key that is specified when we run PSConfig[ui].exe at farm creation(SharePoint Configuration wizard).  The passphrase is stored in a secure registry location so that it can only be accessed by the farm account and encrypted so that only the farm account has access. The farm encryption key later, is stored in the Configuration Database.   This scenario is what enables farm administrators to join machines to the farm without specifying the This was the limitation with earlier SharePoint versions. Another benefit of managed account is , suppose an administrator would like to create a new Web application using Windows PowerShell or SharePoint Central Administration – the administrator only needs to specify the Application Pool account  or select the account in the SharePoint Central Administration (in the case of Central admin screen) user interface as opposed to both having to know the domain\username and associated password.

Get Managed Accounts (SharePoint Central Administration)

1. To view existing Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
2. On the Security page select Configure managed accounts under General Security.
3. The Managed Accounts page will list all Managed Accounts registered in SharePoint.

Register Managed Accounts (SharePoint Central Administration)

1. To register new Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
2. On the Security page select Configure managed accounts under General Security.
3. On the Managed Accounts page select Register Managed Account.
4. On the Register Managed Account page (see illustration below) specify the credentials and select the password change policies as desired.