Versions Compared

Version Old Version 2 New Version 3
Changes made by

Mark Zuk

Mark Zuk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to the GYTPOL dsRequester Windows server.

  2. Run the following PowerShell command:

    Code Block
    Install-ADServiceAccount -Identity "gytgmsa"

  3. Test the gMSA installation:

    Code Block
    Test-ADServiceAccount "gytgmsa"

Grant the gMSA Proper Permissions

...

Assign Permissions for gMSA

Local Permissions:

  1. Add the gMSA to the local Administrators group on the GYTPOL server.

  2. Grant the "Log on as a batch job" permission on the GYTPOL server

    and add

    .

    1. Open Local Security Policy (Win + R, type secpol.msc).

    2. Go to Security Settings > Local Policies > User Rights Assignment.

    3. Find "Log on as a batch job", right-click, and select Properties.

    4. Click Add User or Group, enter the gMSA, and confirm.

Domain Permissions:

  1. Add the gMSA to the "Performance Log Users" group in the domain

    .

    Set Active Directory permissions:

    Grant the gMSA the necessary AD permissions for the GYTPOL Server to operate under its identity

    .

Reconfigure GYTPOL Components to Use the gMSA

...