KBI 311923 Enhancement: Argent WorldView Support Group Managed Service gMSA Account
Version
Argent WorldView R17 and above
Date
Tuesday, 27 Apr 2021
Summary
Argent WorldView now support gMSA account.
Argent Job Scheduler must be installed with gMSA before installing Argent WorldView
Group Managed Service Accounts (gMSA) is Microsoft’s free tool that simplifies service credential management.
Configuring a service only requires entering the user name, while the password field remains empty.
There is no need to enter a password, so there is no need for it to be generated and documented.
Thus, the system’s security level increases significantly.
Technical Background
Both Argent Job Scheduler and Argent WorldView now support gMSA account.
Argent Job Scheduler must be installed with gMSA before installing Argent WorldView.
Following steps has to be performed to configure Argent WorldView with gMSA
Steps to perform
1. First Argent WorldView website should be installed with Domain user to add permission to accounts, otherwise website cannot be access from gMSA account.
Argent WorldView should be installed with following service configurations
NOTE: Argent WorldView Use Group Managed Service Account (gMSA), Argent WorldView web service configuration read account from ‘Argent Job Scheduler – Scheduling Engine’ service.
But website need to install under domain user with administrator privilege for add permission to accounts, otherwise website cannot be access from gMSA account.
2. After completing the installation, add permission to users at Global Security object
3. Then upgrade Argent WorldView website with gMSA
Resolution
Upgrade to Argent WorldView R17 or above