Reputation: 31
assign permission to group managed service account
I have been advised that it is better to run a scheduled task as a Group Managed Service Account (gMSA) rather than as a domain user account. I can find plenty of information about how to create the gMSA, and how to configure the scheduled task to run as that gMSA, but all of the tutorials and training I have found stop there. I can't find any information on how to assign permission to that gMSA.
For example, a scheduled task needs permission to write to a folder. Normally, if the scheduled task is running as a domain user, I would go into the properties for that folder and set the security so that the domain user has write permission. But I am finding that I cannot give a gMSA permission in the same way.
What am I misunderstanding about gMSAs?
Upvotes: 3
Views: 4179
Answers (2)
Reputation: 11
But I am finding that I cannot give a gMSA permission in the same way.
Right click folder > Security > Edit > Object Types... > Service Accounts > OK.
When selecting a principal you have to first set "Object Types..." to include Service Accounts, by default it doesn't include them in your search. Then you should be able to use it as a principal for your your file system access controls.
Upvotes: 1
Reputation: 1
I have not find a way to assign permissions to a GMSA directly to the file system. My workaround is to add the GMSA account to an AD group and then assign permissions to the group.
Upvotes: 0
Related Questions
- Error running a Windows Scheduled Task under System Account
- How can I access group members with a service account?
- run scheduled task with highest privileges
- Deploy gMSA account as task scheduler user account
- How to create a scheduled task under SYSTEM user account with SCHTASKS
- c# : Create windows scheduled task as a different user
- What permissions are needed for Register-ScheduledTask?
- Scheduled task fails to run, no error code
- Scheduled task not working when set to run as SYSTEM account
- Give IIS privileges to edit scheduled Task