We use a service account to run our applications. The Service account is a corporate level account on the corporate domain (corp.world). My location is running it's own domain forest (local.pri) that the corporate account does not normally have permissions for.
Historically, when I first configured the deploy server, I configured it in my domain (local.pri) with a service account in my domain. So I started with local.pri\service-account. I then added local.pri\service-account to a security group to access the file location where I keep our installs. Now this has worked very well.
Corporate has taken over the PDQ process to expand its usefulness. Because we had to move it to a corporate server, we have to use a corporate service account (corp.world\service-account). I had my windows admins make a Domain Local security group for the file share that my installs are stored. I added the Domain Local security group to my file location and added corp.world\serivce-account to the Domain Local security group. This fails. I'm not sure why this fails.
When I add Corp.world\service-account directly to the folder location, deploy work correctly. My question is, there something about Domain Local security groups that is blocking the service account from reading the file location? If so, why does my local service account work in a security group then?
Please sign in to leave a comment.