asked on
ACL Settings for a Managed Service Account
I want to give accessrights to am gmsa via Powershell. I know how it works with a regular domain account, but this dosent work with a group managed service account.
This is an Excample of my try:
$rootfolder="C:\Admin"
$username="gMSA_Excample$"
$permission="FullControl"
$Folders = (Get-ChildItem -Directory $RootFolder -Recurse).FullName
foreach ($folder in $Folders)
{
$Acl = Get-Acl $folder
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule($username,$permission,'ContainerInherit,ObjectInherit', 'None', 'Allow')
$Acl.SetAccessRule($Ar)
Set-Acl $folder $Acl
}
ASKER
You're right, now there is no error code, but the acl s not set. Its like the hook to set, when you try to choose the account. You have first to check the square "service accounts"
The SAM is in all likelihood just gMSA_SVC-P$, but you can run this to verify:
Open in new window