I just want to post a little new feature I found a couple of days ago as a small NYE treat!
It is now possible to set a “global” Run As account on a hybrid worker group!
This feature removes any difference between SMA and AA Hybrid Workers, meaning that you can transfer any runbooks directly! (Contact me if you need help)
By Default the Hybrid Workers run as “LocalSystem”, while SMA runbook workers run as a specified service account.
It is possible to change the service account for the Microsoft Monitoring Agent, but that is not best practice and could impact other services than the Hybrid Worker.
Now with the new setting we can define a service account, selected from the asset, for each of the Hybrid Worker groups! Great Stuff!
To Setup a run as account for a Hybrid worker group:
- Logon to the azure portal at http://portal.azure.com
- Navigate to your Automation Account
- Select Hybrid Workers
- Select a Hybrid Worker groups
- Click “All Settings”
- Select “Hybrid Worker Group Settings”
- Change the Default to Custom
- then select a credential from the assets
Now your runbooks will execute as this account.
Make sure it has the necessary permission to execute in your environment!
Happy New year!
And lets make 2016 even better than the amazing 2015!
[…] Hybrid Worker registered. Note that you since a couple of weeks can run your Hybrid worker with a other credentials then local system, which is really nice in our particular case. Since I will use Tao […]
Hi,
Did you ever look into how to set this programatically? Via REST/PowerShell etc?
Whenever I try to set a run as account, the next time I check the settings it has reverted back to using default settings (running as the computers system account). How can I troubleshoot this?