lke the topic says.
lke the topic says.
Hello,
Yes, KACE Desktop Authority support managed service accounts. Please review the following articles.
What are the service names and their functionality? link: https://support.quest.com/kace-desktop-authority/kb/sl3769/what-are-the-service-names-and-their-functionality?kblang=en-US
How to update all the passwords link: https://support.quest.com/kace-desktop-authority/kb/100700/how-to-update-all-the-passwords?kblang=en-US
Do not set the deny log on locally for these accounts.
Jorge C.
That link doesnt say much about using MSA accounts to be used, and how to be used. MSA accounts dont use passwords...
That link doesnt say much about using MSA accounts to be used, and how to be used. MSA accounts dont use passwords...
Hello,
I apologize I misunderstood your post. It's not recommended to use MSA accounts due to some features those accounts have. As I know the basic idea is that the password for these accounts is completely managed by Active Directory. A complex password with a length of 240 characters is automatically generated for them, which changes automatically (by default, every 30 days). Only Kerberos is used for authentication (no NTLM security issues), interactive logon isn’t allowed, the password is not known to anyone, and is not stored on the local system. Another thing is when you change the password for the DA services user account you need to update the password everywhere in DA. See How to update all the passwords link: https://support.quest.com/kace-desktop-authority/kb/100700/how-to-update-all-the-passwords?kblang=en-US
Jorge C.