• One of the more interesting new features of Windows Server 2008 R2 and Windows 7 is Managed Service Accounts.
  • MSA’s allow you to create an account in Active Directory that is tied to a specific computer.
  • That account has its own complex password and is maintained automatically. This means that an MSA can run services on a computer in a secure and easy to maintain manner, while maintaining the capability to connect to network resources as a specific user principal.
  • Active Directory is a service used for discovery, search and replication of user, computer, and service account information on Windows.
  • Active Directory Domain Services provide a Windows Active Directory domain(s) used to authenticate computers and users.
  • Devices are domain-joined when they are a member of Active Directory domain. Domain-joined is a device state which not only provides the device with a domain computer identity, but also lights up various domain-joined services.
  • Group Managed Service Accounts , often abbreviated as gMSA, are a type of Active Directory account that makes it easy to secure services using Active Directory without sharing a password. Multiple machines or containers share the same gMSA as needed to authenticate connections between services.

CredentialSpec PowerShell Module – This module is used to configure Group Managed Service Accounts to be used with containers. The script module and example steps are available at windows-server-container-tools, see ServiceAccount

  1. Create a gMSA
  2. Configure the service to run under (as) the gMSA domain identity
  3. Give the domain-joined host running the service access to the gMSA secrets in Active Directory
  4. Allow access to gMSA on the other service such as a database or file Shares
  5. One may also need to grant the gMSA membership in a local group (like Administrators, or Backup Operators) so it has the necessary rights to accomplish the task.

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin