Automic Workload Automation

Hi Team

I received a query from one of our customers regarding Microsoft gMSA support on login objects.

I see there were previous ideas posted but I can not get any detail.

Ant feedback will be appreciated

Regards

Klaus Lintz

I added a new idea about this:

Windows Agent: add support for gMSA users

If you like the idea, please vote for it.

Many organizations are pushing towards non-human/application user's passwords expiration, and gMSA is a great alternative.

We are also looking forward to having it supported in login objects.

Original Message:
Sent: Mar 16, 2023 03:11 AM
From: Klaus Lintz
Subject: Automic login objects integrated with Microsoft gMSAs

Hi Team

I received a query from one of our customers regarding Microsoft gMSA support on login objects.

I see there were previous ideas posted but I can not get any detail.

Ant feedback will be appreciated

Regards

Klaus Lintz

We also have a very strong recommendation from our security department to use gmsa account wherever possible.

@Kaj Wierda: Any possible confirmation that Broadcom is working on implementing built-in support for gMSA accounts?
Best regards,
Thierry

Original Message:
Sent: Jun 24, 2025 04:46 AM
From: Philippe Malaise
Subject: Automic login objects integrated with Microsoft gMSAs

Many organizations are pushing towards non-human/application user's passwords expiration, and gMSA is a great alternative.

We are also looking forward to having it supported in login objects.

Original Message:
Sent: Mar 16, 2023 03:11 AM
From: Klaus Lintz
Subject: Automic login objects integrated with Microsoft gMSAs

Hi Team

I received a query from one of our customers regarding Microsoft gMSA support on login objects.

I see there were previous ideas posted but I can not get any detail.

Ant feedback will be appreciated

Regards

Klaus Lintz

Hi @Klaus Lintz

A gMSA can be used when starting Automic Service Manager that starts an Agent (or Integration) on Microsoft Windows.
In order to use this Service user, which starts the Agent also for executing a job or performing a file transfer, the OS-agent must be configured to allow anonymous executions by setting GLOBAL/logon = 0
By doing that the specified user in the Login-object that is assigned to the job is not checked.

see

• https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/24.4.0/Automic%20Automation%20Guides/Content/AWA/Admin/inifiles/admin_ini_agent_windows.htm?tocpath=Reference%7CConfiguration%20(INI)%20Files%7CAgents%7C_____12
• https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/24.4.0/Automic%20Automation%20Guides/Content/AWA/Variables/UC_HOSTCHAR_DEFAULT.htm#link1

Michael

------------------------------
Michael K. Dolinek

Engineering Program Manager | Agile Operation Division
Broadcom Software
------------------------------

Original Message:
Sent: Mar 16, 2023 03:11 AM
From: Klaus Lintz
Subject: Automic login objects integrated with Microsoft gMSAs

Hi Team

I received a query from one of our customers regarding Microsoft gMSA support on login objects.

I see there were previous ideas posted but I can not get any detail.

Ant feedback will be appreciated

Regards

Klaus Lintz

Hello @Michael Dolinek

Thank you for your reply.

We actually use anonymous jobs already as a workaround, until gMSA are supported in login objects. One of the darwbacks of anonymous jobs is that all jobs executed by all agents on a machine's service manager will also run as the same gMSA, and there are also other incoveniences.

Also we don't want to have multiple Service Manager on the same machine. Our organisation support having multiple agents in one unique Service Manager.

Any clue if gMSA will be supported in login objects any time soon as a native feature ?

Thanks.

Philippe

Original Message:
Sent: Jun 26, 2025 10:23 AM
From: Michael Dolinek
Subject: Automic login objects integrated with Microsoft gMSAs

Hi @Klaus Lintz

A gMSA can be used when starting Automic Service Manager that starts an Agent (or Integration) on Microsoft Windows.
In order to use this Service user, which starts the Agent also for executing a job or performing a file transfer, the OS-agent must be configured to allow anonymous executions by setting GLOBAL/logon = 0
By doing that the specified user in the Login-object that is assigned to the job is not checked.

see

• https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/24.4.0/Automic%20Automation%20Guides/Content/AWA/Admin/inifiles/admin_ini_agent_windows.htm?tocpath=Reference%7CConfiguration%20(INI)%20Files%7CAgents%7C_____12
• https://docs.automic.com/documentation/webhelp/english/ALL/components/DOCU/24.4.0/Automic%20Automation%20Guides/Content/AWA/Variables/UC_HOSTCHAR_DEFAULT.htm#link1

Michael

------------------------------
Michael K. Dolinek

Engineering Program Manager | Agile Operation Division
Broadcom Software

Original Message:
Sent: Mar 16, 2023 03:11 AM
From: Klaus Lintz
Subject: Automic login objects integrated with Microsoft gMSAs

Hi Team

I received a query from one of our customers regarding Microsoft gMSA support on login objects.

I see there were previous ideas posted but I can not get any detail.

Ant feedback will be appreciated

Regards

Klaus Lintz