PDQ Deploy Service - log on account
Hi all,
We're conducting a trial of PDQ Deploy for deploying apps to domain-joined computers.
We'd prefer not to use domain admin accounts to achieve this if possible.
Initially, we used local admin account credential to deploy apps, but got the 'access to ... ADMIN$ is denied' error. This was fixed by adding the 'LocalAccountTokenFilterPolicy' registry key to the target computer - per https://support.adminarsenal.com/hc/en-us/articles/220533007.
However, on the PDQ Deploy console computer, we're finding that the 'PDQ Deploy' service needs to be logged on as a Domain Admin account, or we get the error 'Access denied to computer's service manager'.
Is there any way to have the service on the console computer log on as a local admin account, and successfully deploy to a target computer?
Many thanks in advance,
tjh
Comments
We used a Managed Service Account for the Background Service. They are super nice, but you have to be at I believe Server 2012 to leverage them.
Even without a Managed Service Account, it would be trivial to setup an account in Active Directory and delegate the appropriate access to control services on machines. I recommend going that route.
We deploy with local admin credentials for all our 500ish machines here, though there are some exceptions where we will use a domain account.
foobar
crazy test