joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Managed Service Accounts and Group Managed Services Accounts?

by @ 6:13 pm on 5/3/2015. Filed under tech

Do you or don’t you?

I am trying to gauge use/interest in the MSA technology so thought I would reach out and ask.

Please respond to these polls if you get a chance. If you don’t see your answer please feel free to add an answer or respond in the comments. If you visualize some specific functionality in the management space around MSAs and gMSAs please let me know in the comments or emails to support@joeware.net. I am starting to visualize a tool or tools in this space.

joe

 

[yop_poll id=”11″]

—-

[yop_poll id=”12″]

Rating 3.00 out of 5

2 Responses to “Managed Service Accounts and Group Managed Services Accounts?”

  1. Joe Alcorn says:

    MSAs were awesome, but way too limited. GMSAs fixed some of the issues, but the documentation is way too sparse if you are looking for a good understanding end to end. Well, either that, or my search ability sucks.

    The real 800 pound gorilla in the room is, IMHO, that the PowerShell cmdlets used to create/manage them aren’t part of the base set of cmdlets you get in a plain vanilla server install. Having to install part of the AD management tools on a SQL box just hurts me.

  2. Patryk says:

    IMO gMSA is generally a step in the right direction, given that people might not be comfortable with 3rd party agent(password vault) messing around their configuration all the time and changing password. What is missing in gMSAs is easier integration with non-windows systems – SSL VPNs and many other solutions that use LDAP bind to perform some operations will require you to type in the password in the respective field and won’t really trigger anything to change the password later on. This is a caveat that might stop some enterprises from adoption of this feature, unless MS or other vendors collaborate in this field.
    Another side of the story is that many companies have not raised DFL even if they could. Heck, many still have WS 2003 or event NT domains 🙂

[joeware – never stop exploring… :) is proudly powered by WordPress.]