Is it possible to use the New-Service command to create a service using a gMSA account? I tried creating the credentials with a blank password but it fails because ConvertTo-SecureString expects the string to not be empty.
$password = ConvertTo-SecureString "" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ("DOMAIN\dev-user$", $password)
New-Service -Name Service -BinaryPathName C:\Service -StartupType Automatic -Credential $credential
Start-Service -Name "Service"
I then tried setting the string to just a to see if it even cared about the password since this is a gMSA account and I got this error.
New-Service : Service '(Service)' cannot be created due to the following error: The account name is invalid or does not exist, or the password is invalid for the account name specified
EDIT: I know there are other ways I could accomplish this like Wmi-Object or sc.exe but I wanted to see if there was a means to do this via New-Service just to see if I am missing something or doing something wrong.
I found an answer for how to make a new blank SecureString and this worked
$credential = New-Object System.Management.Automation.PSCredential("DOMAIN\dev-user$", (New-Object System.Security.SecureString))
New-Service -Name Service -BinaryPathName C:\Service -StartupType Automatic -Credential $credential
Start-Service -Name "Service"
This answer assisted me in figuring out how to do this.
EDIT: Wanted to add this did not working on 2012r2 but worked on Windows 10 and 2016