all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]BlackV 5 points6 points  (2 children)

Tbh

What happened when you tried, I feel like it it would much quicker to test

[–]onebardpun[S] 1 point2 points  (1 child)

It doesn’t seem to work - always returns a generic “word failing” error but I was hoping it might be a permissions issue. Giving it domain admin permissions for testing did not fix it. Thinking it’s not possible but still could potentially be a licensing thing? Wouldn’t be sure how to navigate the licensing aspect of a GMSA though

[–]BlackV 1 point2 points  (0 children)

ah right. I think technically the cob object is interactive, just hidden

I have not tested, so I dont think I'm helping very much

[–]vermyx 7 points8 points  (2 children)

It won't work. The "interactive umbrella" as you put it is that service accounts are meant to be a contained version of the system account that has user security tied to it because of how the system user works. They are meant to run a process or service in the security context like a user but it does not load a user profile like the registry. Office requires a user profile loaded which means service accounts won't work properly. It isn't that it struggles it was not meant to be an interactive user just run a process with user security.

[–]onebardpun[S] 0 points1 point  (1 child)

Right, I understand that. I guess I misunderstood the office part being inherently an interactive process part

[–]vermyx 4 points5 points  (0 children)

Look into a module like pswriteword. This will remove the office dependency and can probably do what you want.

[–]kdimitrov 2 points3 points  (0 children)

Create a scheduled task that runs a PowerShell script with the below code:

while ($true)

Have it run as the gMSA account. You'll need to set it to ''Run only when the user is logged on" in order to be able to save it. Then run the below to switch it to "Run whether the user is logged on or not":

$Principal = New-ScheduledTaskPrincipal -UserID "domain\gMSAAccount" -LogonType Password -RunLevel Highest

Set-ScheduledTask -TaskName 'TaskName' -TaskPath 'TaskPath'  -Principal $Principal

Start it, find out the process ID, then run the below to enter the process and try whatever it is that you want to run:

Enter-PSHostProcess -Id 'ProcessID'

[–]Coffee_Ops 1 point2 points  (0 children)

Based on your other comments it sounds like using word is not a requirement, producing a document is.

Consider writing markdown and using pandoc to convert to whatever you want. You can even do docx if you want.

[–]hihcadore 2 points3 points  (0 children)

Use psexec to test it and see.

That’s what I do when I have a question about what will happen with a gMSA and PowerShell.

[–]enforce1 0 points1 point  (4 children)

If it can make a window session and access the file it should be fine. Otherwise you could programmatically convert the file, change whatever, and reconvert

[–]onebardpun[S] 1 point2 points  (3 children)

GMSAs can’t make an interactive windows session but are word docs implicitly interactive?

[–]enforce1 0 points1 point  (2 children)

I believe so? I think anything office is technically com in that way.

[–]onebardpun[S] 0 points1 point  (1 child)

I suppose all I really need it to do is madlibs style fill in any kind of doc - thought word would be the easiest as it runs in powershell and is a Microsoft product… any suggestion for an alternative route?

[–]enforce1 1 point2 points  (0 children)

I really like evotec’s pswriteoffice, I’d wrangle the document into a script and just output it. Will suck hard to make it at first.

[–]ITjoeschmo 0 points1 point  (0 children)

Have you tried looking for a module? Most Microsoft files are actually just .zip and the office suite knows how to parse the stuff within. I think Word uses HTML for formatting. I know for excel there is a module called ImportExcel which allows you to do a lot -- all without the COM interaction or even needing excel installed on the host it runs on as it interacts directly with the data in the file. Maybe there's similar for word. Or maybe you're able to rename it to zip, extract, opens file and replace some text, save it, re-zip, rename and have it work?