How to impersonate the gatekeeper managed service account for troubleshooting
If you are an administrator using Specops Authentication, and you want test a reset as the managed service account, this article will walk you through how to use PsExec.exe to impersonate that account.
- Download PsTools from https://download.sysinternals.com/files/PSTools.zip
- Unzip the content and copy PsExec.exe to C:\Windows\System32
- Open a Command Prompt as admin and enter the command below:
Psexec.exe -u {yourdomain}\{yourgatekeeperserviceaccount} -I cmd.exe
By using PsExec.exe you will open the new Command Prompt in the System Context and the account doing all the operations will be the gatekeeper service account.
When prompted for a password, leave it blank and hit Enter
This will launch a new window in which you can utilize the command below to confirm you are using the gMSA
whoami
You will then want to launch powershell to be able to reset the password
powershell
then you will type in the command to reset to test user password reset
Set-ADAccountPassword -identity username -reset
It will then ask you to type in the password and confirm and it will reset