KBI 311919 Argent Products Support Group Managed Service gMSA Account

Version

Argent Advance Technology 5.1A-2104-A and above

Argent Commander 5.0A-2103-A and above

Date

Wednesday, 24 Mar 2021

Summary

Argent Advanced Technology and Web products now support gMSA account.

Group Managed Service Accounts (gMSA) is Microsoft?s free tool that simplifies service credential management.

Configuring a service only requires entering the user name, while the password field remains empty.

There is no need to enter a password, so there is no need for it to be generated and documented. Thus, the system?s security level increases significantly.

Technical Background

Both Argent Advanced Technology and Argent Commander now support gMSA account.

Following steps has to be performed before installing Argent Advanced Technology to work with a gMSA Account.

Steps to perform

1. Install Active Directory Powershell Modules Run PS command

Install-WindowsFeature RSAT-AD-PowerShell

2. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Administrators group

3. Configure the account ANYTIME-SUPPORT\gMSAAccount in the Security section in SQL Server Management Studio for the product database

Argent Advanced Technology fresh install

Add following option to implement Group Managed Service Account in Argent Advanced Technology.

The setup program will test validity of gMSA before proceeding.

No need to specify password for gMSA account.

Switch Existing Argent Advanced Technology Service to gMSA

It can be done using Service Control Manager by changing service account to GMSA.

The most critical step is to specify the GMSA account with a trailing ‘$’ and leave password field blank

Argent web products read the configuration from Argent Advanced Technology and configure application pool and product services automatically.

Resolution

Upgrade to Argent Advanced Technology 2104-A or above and Argent Commander 2103-A or above