Best way to setup deployment user for "Log On As a Service"?

Comments

1 comment

  • Shane Corellian

    Hi Brad,

    Assuming you are deploying with Admin rights the Log On As A Service right will be granted as part of the deployment. This is why most folks don't need to worry about it. However if you have a policy (usually enforced via GPO) that denies this right to all but certain accounts then you'll need to change the policy to add the Deployment User account(s). 

    This right is needed because all deployments are actually carried out by a Windows Service that is created as part of a deployment. This service is called PDQDeployRunner-n. (The n is usually 1 but it could be 2, 3, 4 etc. depending on other deployments taking place on the machine). This is why PDQ Deploy doesn't need an agent. The service is created at the beginning of the deployment and then the service logs on as the Deploy User. When the deployment is completed the service gets deleted.

    It sounds like your environment will require that this be resolved from the Domain level. If you look at the comments in the forum post below you'll see that one PDQ Deploy user had a GPO that actually stripped out accounts that had been given this right. Sounds like a similar situation to yours.

    http://support.adminarsenal.com/entries/23498127-Enable-Credentials-to-Log-on-as-a-Service-

    0
    Comment actions Permalink

Please sign in to leave a comment.