반품
-
제목
Does InTrust support Group Managed Service Accounts? -
설명
Does InTrust support Group Managed Service Accounts? -
해결 방안
InTrust fully support gMSA or Group Managed Service Accounts.Before you use a gMSA for running InTrust services, take the following steps:1. If you haven't rebooted the InTrust server since you created the gMSA, then reboot it. Otherwise, InTrust won't be able to use the gMSA.2. Add the account to the following computer local groups on the InTrust server. (The account should be formatted as yourdomain/gmsalogin$):Builtin\AdministratorsAMS Organization Servers3. After this, you can reconfigure the Quest InTrust Server and Quest InTrust Real-Time Monitoring Server services to run under your gMSA.IMPORTANT NOTES:- If you decide to use a gMSA, use it on all InTrust servers. Otherwise, InTrust tasks containing jobs running on different servers will not work.
- If you are using Windows Authentication for access to the configuration, alert, and audit InTrust databases to the SQL Server where these are hosted, the InTrust services Authentication type must be changed to SQL Authentication because Windows authentication will not work for a gMSA on a SQL server. Use the KB article below as a reference for changing the SQL login 'sa' account password (mainly for the "InTrust_Cfg_DB" database):
https://support.quest.com/kb/4329972
- In all sites where the computers cannot be accessed by a gMSA, override the access credentials with an explicitly specified account. This can be done at site level (in the site properties) or at job level, and so on.
You may find that the Log On tab in the properties of the Quest InTrust Server and Quest InTrust Real-Time Monitoring Server has become disabled. To enable it again, run the following in the command prompt:sc managedaccount adcrpcs falsesc managedaccount itrt_svc falseMake sure the gMSA has the following user rights:Log on as a service (this is likely set automatically)Adjust memory quotas for a processReplace a process level token -
추가 정보
http://support.quest.com/technical-documents/intrust/system-requirements/minimal-rights-and-permissions-required-for-intrust-operations