Which is recommended Managed Service Accounts or Virtual accounts to access linked servers using windows credentials?

Eudias Kifem 20 Reputation points
2023-02-02T22:15:24.1266667+00:00
  • I am currently working on a project to access linked servers only using windows credentials.
  • I have noticed that this can work for both managed service accounts and Virtual accounts in my environment.
  • I know that using MSAs will require that I change the service accounts since we are currently using virtual accounts and this requires downtime. I also know that MSAs are more secure than virtual accounts.
  • But setting them up to use virtual accounts will be just few clicks ( trusting the computer object on AD for delegation using Kerberos only and specifying the SPNs of the servers I want to access(linked servers).
  • Given that any of these can be used, what is Microsoft's recommendation.
  • Your opinion is greatly valued. Thanks
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,202 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,927 questions
0 comments
Accepted answer
  1. Thameur-BOURBITA 32,586 Reputation points
    2023-02-02T23:13:16.4933333+00:00

    HI @Eudias Kifem

    Microsoft recommend to use GMSA account as service account instead of standard user because it's more secure.

    In the following link you will find the benefits of GMSA: Benefits of using gMSAs

    Regarding SPN configuration ,you also can add SPNs on GMSA account.

    May be you will have a downtime to switch to GMSA , but you will have also a downtime to reset the password of standard user service account.

    Please don't forget to mark helpful answer as accepted

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest