We have a requirement to set our products windows service to use a Virtual Service Account. Going to services.msc and enter in the "NT Service\MyServiceName" is not an option for us because we need to do this programatically, from within a script.
So after trying everything under the sun in powershell... i finally broke down and used:
net user NT Service\MyServiceName /ADD /Y
Which is fine, as a workaround, but due to the space in the 'NT Service" it shows up in the users panel as 'NT' and cuts off there. I've tried;
net user 'NT Service\MyServiceName' /ADD /Y
net user "NT Service\MyServiceName" /ADD /Y
Neither work.
Ultimately, i'd love to have a Powershell solution. But if someone has an idea on how to do it with net user, without the name being cut off, i'd LOVE to hear from you.
Microsoft's over-distributed but under-exampled link about VSA's: https://technet.microsoft.com/en-us/library/Dd548356(v=WS.10).aspx
I don't think you actually ever need to create those virtual service accounts. When the service is installed, a matching account is automatically created/provisioned. You can use the account without creating it first.
icacls .\file.txt /grant "NT Service\MyService:(M)"
or
sc.exe config MyService obj= "NT SERVICE\MyService"
this is for local service accounts, I haven't done much with them in a domain.