ITM Windows Install using gMSA Account

Installing ITM system Group Managed Service Account (gMSA) aims to improve the security on each ITM component in your environement.

During the installation process of ITM components, you will be able to define the user account as a service account.

Prerequisites

Downloads

Download the latest version. (See Downloading the Latest Version.)

Download psexec: Download PsTools from Microsoft Sysinternal. This includes psexec file that you need ( https://learn.microsoft.com/en-us/sysinternals/downloads/psexec).

User Set Up

You must configure a Security Support Provider Interface (SSPI) user and Domain for the endpoint. For example Proofpoint\Autouser$.

PSexec Setup

Since a gMSA user is a service account, this file allows the gMSA user to run the installation.

You must run this setup for each component (Application Server, Web Console, Website Categorization Module and Screenshot Storage Optimizer).

Download and copy the PSexec to the desktop ( https://learn.microsoft.com/en-us/sysinternals/downloads/psexec).

  1. Run PowerShell as Administrator.

  2. Type "cmd" to start the command line

  3. Type:  Type:  PsExec.exe -i -u [Domain]\GMSA_User]$ -p ‘’ Path to Installer (Copy the path by right-clicking on the MSI and copy as path.)

  4. Click Agree in the end-user license agreement (EULA).

Component Setup

Add the gMSA parameter to each component. See the following for details:

Installing ITM On-Prem (ObserveIT) Application Server

Installing ITM On-Prem Web Console

Installing the Screenshot Storage Optimizer

Installing the Website Categorization Module

 

Database SQL Server

  1. Make sure the gMSA user (Autouser$) is part of the administrator group for the Database SQL Server.

  2. Add the gMSA to the SQL Server instance's dbcreator server role and save.

  3. Follow steps to install Database SQL server, (see Installing the ITM On-Prem (ObserveIT) Databases).

Related Topics:

Custom Installation Steps

Back-end Components Prerequisites