Is it possible to use the New-Service command to create a service using a gMSA account? I tried creating the credentials with a blank password but it fails because ConvertTo-SecureString expects the string to not be empty.

$password = ConvertTo-SecureString "" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ("DOMAIN\dev-user$", $password)
New-Service -Name Service -BinaryPathName C:\Service -StartupType Automatic -Credential $credential
Start-Service -Name "Service"

I then tried setting the string to just a to see if it even cared about the password since this is a gMSA account and I got this error.

New-Service : Service '(Service)' cannot be created due to the following error: The account name is invalid or does not exist, or the password is invalid for the account name specified

EDIT: I know there are other ways I could accomplish this like Wmi-Object or sc.exe but I wanted to see if there was a means to do this via New-Service just to see if I am missing something or doing something wrong.

CodePudding user response：

I found an answer for how to make a new blank SecureString and this worked

$credential = New-Object System.Management.Automation.PSCredential("DOMAIN\dev-user$", (New-Object System.Security.SecureString))
New-Service -Name Service -BinaryPathName C:\Service -StartupType Automatic -Credential $credential
Start-Service -Name "Service"

This answer assisted me in figuring out how to do this.

CodePudding user response：

Nice explanation and HOW TO assign gMSA account to a Service, here