Close
logodocs

Service Accounts on Windows

Service Accounts allow for programatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs or any automated function that would need resource access. Check the Admin UI Guide to see how to create Service Accounts. The rest of this guide will cover how to authentication with a service account.

Standard Windows installation

For most users following the windows installation guide, you can authenticate with service account token using the followings steps.

  1. Start the SDM GUI client
  2. At the login window, hit <esc> three times.
  3. This should change the login window to say service account token.
  4. Paste in the token and click continue.

Windows Service Account Installer

In the case where you don't want to use the GUI, or you just wish to automate the installation process, you can use the Windows Service Account Installer. This package works on Windows 2008R2 and later

Download the package

https://app.strongdm.com/releases/cli/windows

This installer can also be downloaded from the Admin UI by clicking Download in the top right menu and searching for Windows Service Installer.

Choose a folder to save and unzip the package.

Run the installer

  1. Open a PowerShell terminal as an administrator.
  2. Navigate to the directory containing the binary we unzipped in a previous step: sdm32.exe.
  3. Run .\sdm32 install
  4. If prompted, type y then hit enter. (Newer versions of Windows will correctly determine administrator privileges and will not show this prompt.)
    Admin privileges required
    Admin privileges required
  5. Paste in the service account token that has been assigned to this system and hit enter.
    Service account token
    Service account token
  6. Customize the installation path and data path, or hit enter twice to accept the defaults. A successful install will look like the screenshot above. If the install fails, please verify that you are running PowerShell as an administrator.

Test the setup

Open a new PowerShell window as admin and run sdm status. You should see something like the screenshot below.

SDM status
SDM status

Some older versions of Windows do not update the PATH until the system is rebooted. If you get an error like in the screenshot below, you can use the existing sdm32.exe rather than sdm. For example: .\sdm32 status. In this situation, the path will be set properly after a Windows reboot.

If you have trouble authenticating with your service account, please contact support@strongdm.com with details.

User Guide — Previous
Service Accounts on macOS and Linux
Next — User Guide
Connect to Resources