Hi,
I have a node.js application running as a service under a gMSA account. When I execute PowerShell script to get printer lists(Get-Printer) of a remote machine I don’t get the list. However, If I run the application under a different service account(which has login and password) I get a full printer’s list. Although, the IT team said they have exact permission on the gmsA account same as the service account but some reason it’s not working. It’s taking longer to fix this issue. So, I would like to know how I can pass different credentials to get the printer’s list. Any advice or code example will be helpful. Thank you…
Printers can be installed at the machine level or user. If you need to see the user’s printers you can either do something like
Invoke-Command -Computername Server1 -Credentials (Get-Credential) -ScriptBlock { Get-Printer }
or you could also manually parse out HKU:<USERSID>\Printers
Just confirming: has the gMSA actually been installed on the target system(s)?
How are you trying to run the app (it may have to do with the access token used when running it).
Also, I have seen where adding the gMSA to the Local Administrators group prevents a script from running, especially in a scheduled task.
Please post sanitized code to better assist you.
Thank you guys.
The application running as a service and you can run the service 'logon as ’ gmSA account or another service account.
When the application executed PowerShell command ie get-printers -Computer it inherits all the permission of ‘logon as’ . It works with a service account but not with gmSA account. I have been told permissions has copied from the the service account to gmsA account.
Is there any way, I can run PowerShell command by a different user in a code?