- A Cloud Guru
Create and Deploy a Group Managed Service Account (gMSA)
In this hands-on lab, you will learn how to create and deploy a group Managed Service Account.
Table of Contents
Configure the Environment
Log in to both VMs and then join the
Configure the KDS Root Key
Next, we need to configure our KDS root key.
Helpful Hint: Keep in mind that you have to set it back 10 hours or it won't take effect when you need it to.
Create a Global Group
Create a global group named
SandyGroupand add both servers into this group.
Create a New gMSA
We are ready to create the group Managed Service Account. In this objective, create a gMSA and include
SandyGroupas the principal allowed to retrieve the managed password.
Test the gMSA
Finally, we will test the gMSA by creating a task in the scheduler that opens
Notepad.exeusing the gMSA instead of standard computer privileges.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.