KBI 311926 Enhancement: Argent Job Scheduler And Argent Queue Engine Support Group Managed Service gMSA Account
Version
Argent Job Scheduler 2105-A and above
Argent Queue Engine 2105-A and above
Date
Monday, 3 May 2021
Summary
Argent Job Scheduler and Argent Queue Engine now support gMSA account.
Group Managed Service Accounts (gMSA) is Microsoft’s free tool that simplifies service credential management.
Configuring a service only requires entering the username, while the password field remains empty.
There is no need to enter a password, so there is no need for it to be generated and documented.
Thus, the system’s security level increases significantly.
Technical Background
Both Argent Job Scheduler and Argent Queue Engine now support gMSA account.
Following steps has to be performed before installing Argent Job Scheduler and Argent Queue Engine to work with a gMSA Account
1. Install Active Directory Powershell Modules Run PS command
Install-WindowsFeature RSAT-AD-PowerShell
2. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Administrators group
3. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Security section in SQL Server Management Studio for the product database
Argent Job Scheduler install and upgrade
Added the following option in Argent Job Scheduler setup to implement Group Managed Service Account in Argent Job Scheduler and Argent Queue Engine.
No need to specify password for gMSA account.
Switch Existing Argent Job Scheduler and Argent Queue Engine Services to gMSA without upgrading
It can be done using Service Control Manager by changing service account to GMSA.
The most critical step is to specify the GMSA account with a trailing ‘$’ and leave password field blank
Resolution
Upgrade to Argent Job Scheduler 2105-A or above
Upgrade to Argent Queue Engine 2105-A or above