Skip to main content
Skip table of contents

Windows Account Password Change error - Access is Denied

Problem Statement

Errors occur while performing the password rotation on Windows Local Account.

Error: “Access is Denied”


This error occurs in two cases:

  • Case 1: The current password of management account is not updated in system or the management account is not having required permissions to change and reset password as per the pre-requisites.
  • Case 2 In some cases the IIS Pool of PAM application running in Local System Account does not contain impersonated rights to connect target Windows server remotely to change or reset password of an account.


  1. Troubleshooting considering Case 1 issue:
    • To update the current password of Management account follow below steps:
      • Login to PAM as admin
      • Go to Configuration> Account Defaults> Search for the Asset Type on which the Password rotation is being executed. For instance, the Asset Type is Windows Server the System Defined management account is Administrator

        Note: A management account is basically the built-in Administrator account or an account with Administrative rights to change and reset password on target servers. The account name is by default Administrator if you have renamed this account you can accordingly update the custom Management Account name on existing System Defined configuration by following above process.
      • Go to Manage> Search the Asset on which the Management account password is required to be updated> Update the latest password for Management account on the Asset.
  1. Troubleshooting considering Case 2 issue:
    • Create a local Admin account on the PAM Application Server.
    • Open Internet Information Service (IIS) on the PAM Application Server.
    • Go to> Application Pool and select SpectraPAM pool
    • Select Advanced Setting option from the right-hand side panel
    • Search for Identity in the Process Model it will show  LocalSystem>  Click on the options button.
  2. Below popup will open>
  3. Slect the Custom account option and enter the Local Admin details.

  4. After entering the credentials> Click on OK and the Identity will be changed to the specified account.
  5. After above steps, Recycle the SpectraPAM and test the password change for Local Windows Account.

Please contact us with any issues, questions or comments at:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.