I am deploying my company's system in a new environment, and out IT group has given me a list of service accounts to use for each of our system services. However, they've told me the accounts are Group Managed Service Accounts (or gMSAs for short) and there are no passwords since they are managed by the "Key Distribution Service".
I have not worked with gMSAs before, but the source for our installers is quite simple, but it's not working due to the lack of passwords.
var process = new ServiceProcessInstaller() {
Account = ServiceAccount.User,
Username = <username>,
Password = <password>,
};
var service = new ServiceInstaller() {
ServiceName = <code_name>,
DisplayName = <pretty_name>,
};
service.ServicesDependedOn = <dependencies>;
service.StartType = ServiceStartMode.Automatic;
service.DelayedAutoStart = true;
Installers.Add(process);
Installers.Add(service);
base.Install(stateSaver);
How can I modify my service installers to use an gMSA when no password is given. I (or another user with admin rights) will be installing the services manually.
I was able to solve this problem; there are a couple of things that I needed to change.
First, the username of the account needed to be suffixed with $, so instead of domain\sysuser it was domain\sysuser$.
Next, I had to use null as the password instead of string.Empty.