Welcome to our new portal experience - if you need any assistance or have questions, please click here.

Login
Support home
support home Knowledge Base Discovery

Device42 Windows gMSA

Modified on: Tue, 31 Mar, 2026 at 4:08 PM

Summary

  • Group managed service accounts (gMSAs) can be used in Device42 as a means to perform credential-less discovery of Windows devices via WMI. 
  • By using a gMSA, you will not need to store Windows user account credentials in Device42. 
  • This is achieved by configuring the WDS to run under the gMSA and permissioning the gMSA as you would normally for Windows discovery. 
  • See Benefits of gMSAs for information on the advantages of using a gMSA. 

Architecture Diagram

Assumptions

  1. You have designated a Windows host to install the Windows Discovery Service (WDS) on. 
    1. Please note that the host must meet the following requirements:
      1. OS must be at Windows 8.1  Windows Server 2012 R2  Windows Embedded 8.1 Industry Enterprise  Windows Embedded 8.1 Industry Pro) or above
      2. OS must be on the latest OS patch level
      3. Host must be domain joined
  2. You have administrator privileges to a domain controller in order to create the KDSRootKey (if one does not exist already) and configure the gMSA and/or any related security groups

Procedure

  1. On a domain controller, create a KDSRootKey using PowerShell (if one does not exist already): Create the Key Distribution Services KDS Root Key | Microsoft Learn
  2. Configure the gMSA: Getting Started with Group Managed Service Accounts | Microsoft Learn
  3. Install the WDS: Windows Discovery Service Installation - Device42 Documentation
  4. Stop the WDS service
    1. Open services.msc and look for ‘Device42 Discovery Service’. Right click -> Stop. 
  5. Change the service to log on as the gMSA. 
    1. Right click -> Properties. -> Log On. Change to ‘Log on as’ and browse for the gMSA
    2. After you have it selected, replace the password fields with ~ 
      1. This means that the password must be obtained from AD.
  6. Start the WDS service
    1. Right click -> Start.
  7. Create a new Windows discovery job 
    1. From your Device42 Main Appliance. Navigate to Discovery -> Hypervisors / *nix / Windows -> Add Hypervisors/*nix/win for Autodiscovery
    2. Select your WDS and ensure you have the option ‘Use Service Account Credentials (only Applies to WDS)’ set to true.