As of 11.4.1, InTrust now fully support gMSA or Group Managed Service Accounts.
Before you use a gMSA for running InTrust services, take the following steps:
1. If you haven't rebooted the InTrust server since you created the gMSA, then reboot it. Otherwise, InTrust won't be able to use the gMSA.
2. Add the account to the following computer local groups on the InTrust server. (The account should be formatted as yourdomain/gmsalogin$):
Builtin\Administrators
AMS Organization Servers
(Conditional) In the unlikely event that the InTrust server is a Windows Server 2012 R2 domain controller, note the known issues for this configuration and apply the workaround described in the Service configured to use gMSA account on a Windows Server 2012 R2-based DC doesn't start article.:
https://support.microsoft.com/en-us/help/4294429/service-using-gmsa-account-doesn-t-start-on-windows-server-2012-r2-dc
3. After this, you can reconfigure the Quest InTrust Server and Quest InTrust Real-Time Monitoring Server services to run under your gMSA.
IMPORTANT: If you decide to use a gMSA, use it on all InTrust servers. Otherwise, InTrust tasks containing jobs running on different servers will not work.
For access to the configuration database, alert database, and audit databases on SQL servers, use SQL Server authentication, because Windows authentication will not work for a gMSA on a SQL server.
In all sites where the computers cannot be accessed by a gMSA, override the access credentials with an explicitly specified account. This can be done at site level (in the site properties) or at job level, and so on.
You may find that the Log On tab in the properties of the Quest InTrust Server and Quest InTrust Real-Time Monitoring Server has become disabled. To enable it again, run the following in the command prompt:
sc managedaccount adcrpcs false
sc managedaccount itrt_svc false
Make sure the gMSA has the following user rights:
Log on as a service (this is likely set automatically)
Adjust memory quotas for a process
Replace a process level token
http://support.quest.com/technical-documents/intrust/11.4.1/system-requirements/minimal-rights-and-permissions-required-for-intrust-operations