WriteSPN

WriteSPN allow the principal who has the right over the target to write a Service Principal Name (SPN) in order to try to crack (or do more obscure stuff) to the account. For the sake of realism, in this demonstration I'll create a new group named "Service Account Managers" who will have this right over the previously generated gMSA account.

ADSI Edit

Same as we did previously, browse to your service account and go to the security tab and click on advanced. Select the "Write servicePrincipalName" box.

I haven't managed to configure this through PowerShell. If you do, contact me on Discord!

Written by ruycr4ft