Hello,
I try to set the psu working in mssql database,
to set it working I must set the “Powershell Universal Dashboard” Service to run as the user has sql server permissions and not with system account.
The problem start when I try use run as account with powershell universal scripts/dashboards.
I set my environment to run with external powershell (4.6) and when I try to use RunAs it wont start the dashboard.
I set all the requiremtns to the service account:
(PS. when I run the service at local SYSTEM user, I able to use RunAs functioin at psu dashboard), It happend at version 4.x (but now im working with SQL Server configuration and I must set the psu service to tun with service account)
I set up PSU with a service account, also following the requirements in the documentation.
Additionally, our service account is a gMSA as well for obvious security reasons.
When I want to run a script with “RunAs” with a dedicated gMSA account - every script as its dedicated gMSA service account in our environment I get an error that I have to run under local system to use gMSA in RunAs.
However, I couldn’t find any restriction for that in the documentation. Also the “AI” in docs. only points out that you have limitations for vaults variables and
Additionally, when working with gMSA accounts, you must ensure that both the machine and account have been granted access to the gMSA account according to Microsoft’s guidelines.
To grant the necessary access to a gMSA account in PowerShell Universal, you must first ensure that both the machine and the service account have the necessary access to the gMSA account. Follow Microsoft’s guide to properly configure this access. Once that configuration is complete, you then need to create a new credential within PowerShell Universal’s secret management. Select the Password Not Required option and enter the gMSA account details (for example, in the format domain\user$ ). With the proper privileges assigned to the hosting account, jobs can then be executed under the gMSA account.