To understand it more clearly let me give you a small example; consider having an applicton pool account, for example called DOMAIN\SharePointAdmin. And we are using this account for a large number of web applications. Suppose if we want to change the password for that account; you would need to go into each and every web application and reset the password after the change, not to mention that the applications you haven't changed yet will stop working. This was the scenario in SharePoint 2007. SharePoint 2010 introduces the managed account. In short, rather than specifying the user name and password on every occasion, you create a managed account and set the password there. Then, when you need to enter a user account you simply select which managed account to use and you don't need to know the password. This also allows farm administrators to set up the service accounts so that others do not need to know the password for the account.
Managed Account credentials are encrypted using a farm encryption key that is specified when we run PSConfig[ui].exe at farm creation (SharePoint Configuration wizard). The passphrase is stored in a secure registry location so that it can only be accessed by the farm account and encrypted so that only the farm account has access. The farm encryption key later, is stored in the Configuration Database. Another benefit of managed accounts is, suppose an administrator would like to create a new Web application using Windows PowerShell or SharePoint Central Administration - the administrator only needs to specify the Application Pool account or select the account in the SharePoint Central Administration (in the case of Central admin screen) user interface as opposed to both having to know the domain\username and associated password.This was the limitation with earlier SharePoint versions.
Get Managed Accounts using SharePoint Central Administration?
- To view existing Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
- On the Security page select Configure managed accounts under General Security.
- The Managed Accounts page will list all Managed Accounts registered in SharePoint.
Register Managed Accounts using SharePoint Central Administration
- To register new Managed Accounts using SharePoint Central Administration, select Security from the SharePoint Central Administration homepage.
- On the Security page select Configure managed accounts under General Security.
- On the Managed Accounts page select Register Managed Account.
- On the Register Managed Account page (see illustration below) specify the credentials and select the password change policies as desired.