Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

PDQ Deploy Service - log on account

Hi all,

We're conducting a trial of PDQ Deploy for deploying apps to domain-joined computers.

We'd prefer not to use domain admin accounts to achieve this if possible.

Initially, we used local admin account credential to deploy apps, but got the 'access to ... ADMIN$ is denied' error.  This was fixed by adding the 'LocalAccountTokenFilterPolicy' registry key to the target computer - per https://support.adminarsenal.com/hc/en-us/articles/220533007.

However, on the PDQ Deploy console computer, we're finding that the 'PDQ Deploy' service needs to be logged on as a Domain Admin account, or we get the error 'Access denied to computer's service manager'.

Is there any way to have the service on the console computer log on as a local admin account, and successfully deploy to a target computer?

Many thanks in advance,

tjh

 

 

0

Comments

3 comments
Date Votes
  • We used a Managed Service Account for the Background Service. They are super nice, but you have to be at I believe Server 2012 to leverage them. 

    Even without a Managed Service Account, it would be trivial to setup an account in Active Directory and delegate the appropriate access to control services on machines. I recommend going that route.

     

    We deploy with local admin credentials for all our 500ish machines here, though there are some exceptions where we will use a domain account.

    0
  • foobar

    0
  • crazy test

    0