Service Accounts on Windows
Service Accounts allow for programatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs or any automated function that would need resource access. Check the Admin UI Guide to see how to create Service Accounts. The rest of this guide will cover how to authentication with a service account.
Standard Windows installation
For most users following the windows installation guide, you can authenticate with service account token using the followings steps.
- Start the SDM GUI client
- At the login window, hit
- This should change the login window to say
service account token.
- Paste in the token and click continue.
Windows Service Account Installer
In the case where you don't want to use the GUI, or you just wish to automate the installation process, you can use the Windows Service Account Installer. This package works on Windows 2008R2 and later
Download the package
This installer can also be downloaded from the Admin UI by clicking
Download in the top right menu and searching for
Windows Service Installer.
Choose a folder to save and unzip the package.
Run the installer
- Open a PowerShell terminal as an administrator.
- Navigate to the directory containing the binary we unziped in a previous step:
- If prompted, type
ythen hit enter. (Newer versions of Windows will correctly determine administrator privileges and will not show this prompt.)
- Paste in the service account token that has been assigned to this system and hit enter.
- Customize the installation path and data path, or hit enter twice to accept the defaults. A successful install will look like the screenshot above. If the install fails, please verify that you are running PowerShell as an administrator.
Test the setup
Open a new PowerShell window as admin and run
sdm status. You should see something like the screenshot below.
Some older versions of Windows do not update the PATH until the system is rebooted. If you get an error like in the screenshot below, you can use the existing
sdm32.exe rather than
sdm. For example:
.\sdm32 status. In this situation, the path will be set properly after a Windows reboot.
If you have trouble authenticating with your service account, please contact email@example.com with details.