Our application installs the Windows service along with install process. By default we configure the service to run under "Network Service" account, it is configured in AI project.
However, we treat this as default installation and recommend (though not requiring) customers to use gMSA service accounts to increase security. We can manually configure the host and service to utilize gMSA, no problems with it. The problem arises when we deploy an upgrade and MSI resets custom identity back to default identity (Network Service). Is it possible to retain the identity configured in service during upgrade?
If it is relevant, here is actions configuration: