What are the steps to configure all the services used by ITSS to run as Group Managed Service Accounts (gMSA)?
As of version 11.6 of ITSS Group Managed Service Accounts (gMSA) are supported to run as the Log On account in the ITSS Windows services, but they cannot be used in Data Source Connectors, there is an existing enhancement request with ID 265132 that was logged by the product team for review and consideration on a future product release. To configure gMSA with ITSS services, you will need to understand the requirements for each service component of the application:
To set up a gMSA to run IT Security Search services, you need to perform a few configuration procedures, as explained below.
Your gMSA must have local administrative rights on the computer where IT Security Search is installed. Make sure the gMSA is in the local Administrators group on the computer.
You need to use PowerShell to allow your gMSA to retrieve the managed password from the domain controller.
In the PowerShell prompt, run the following commands (assuming that the name of your gMSA is my_gmsa):
Add-WindowsFeature RSAT-AD-PowerShell
Install-ADServiceAccount -Identity my_gmsa
The following steps need to be taken for each of the following services:
To set the gMSA for a service
Finally, configure the InTrust Server service (adcrpcs) and InTrust Real-Time Monitoring service (itrt_svc) to use this gMSA, as described in the following KB article:
https://support.quest.com/kb/4222094
NOTE: If you can't find the "adccfgdb.exe" ADC Support Tool in the path specified, this means you will need to manually install the "ADC_SERVER_RESOURCE_KIT" InTrust Server component on the ITSS host depending on the InTrust version you see in Control Panel > Programs and Features. You can get this from the InTrust installation files that you can download from the Quest Support portal:
https://support.quest.com/intrust/download-new-releases
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center