Configuring a service only requires entering the user name, while the password field remains empty.

There is no need to enter a password, so there is no need for it to be generated and documented. Thus, the system?s security level increases significantly.

Technical Background

Both Argent Advanced Technology and Argent Commander now support gMSA account.

Following steps has to be performed before installing Argent Advanced Technology to work with a gMSA Account.

Steps to perform

1. Install Active Directory Powershell Modules Run PS command

Install-WindowsFeature RSAT-AD-PowerShell

2. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Administrators group

Click For Full Size

3. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Security section in SQL Server Management Studio for the product database

Click For Full Size

Click For Full Size

Click For Full Size

Click For Full Size

Click For Full Size

Argent Advanced Technology fresh install

Add following option to implement Group Managed Service Account in Argent Advanced Technology.

The setup program will test validity of gMSA before proceeding.

No need to specify password for gMSA account.

Click For Full Size

Switch Existing Argent Advanced Technology Service to gMSA

It can be done using Service Control Manager by changing service account to GMSA.

The most critical step is to specify the GMSA account with a trailing ‘$’ and leave password field blank

Click For Full Size

Argent web products read the configuration from Argent Advanced Technology and configure application pool and product services automatically.

Resolution

Upgrade to Argent Advanced Technology 2104-A or above and Argent Commander 2103-A or above