Help Center

Follow

Enable Credentials to "Log on as a Service"

Any credentials used in PDQ products (to deploy software or run an inventory scan on target computers) must be granted the right to "Log on as a service". PDQ Deploy or PDQ Inventory will automatically attempt to grant this right to the deploy or scan credentials used on target computers.

If granting this right fails then you will need to enable this right either locally (on the target machines) or via Group Policy.

To enable on the local machines go to the Local Security Policy under Control Panel > System and Security > Administrative Tools OR simply run the following command from Start > Run or a CMD window:

secpol.msc

In the Local Security Policy window go to Security Settings > Local Policies > User Rights Assignment > Log on as a Service and add the appropriate credentials to this right. Verify that this account has NOT been added to the "Deny log on as a service policy".

LogonAsAServiceLocal.png

 

To add the account via Group Policy open your Group Policy editor and edit the appropriate Group Policy. Go to Policies > Windows Settings > Security Settings > Log on a service

LogonAsAServiceGPO.png

Was this article helpful?
2 out of 3 found this helpful
Have more questions? Submit a request

4 Comments

  • 0

    I was having an issue with PDQ Deploy and Inventory: 'Service is not Running' upon application start-up. However, I could click User>>Change then OK and the services would start.

    So after a couple of weeks of this issue, I finally submitted a trouble call to PDQ's fine support forum. After performing several tasks to resolve this issue, Shane advised me to check the 'Log on as a service' in the applicable GPO. Our GPOs had recently been modified. Apparently, the admin user account Rights had not been added back into the proper GPO under 'Log on as a service'. PDQ Deploy and Inventory apps are smart enough to where they would automatically add the Rights after doing the 'click User>>Change then OK' step mentioned earlier.

    Once the admin user Rights had been added to the correct GPO, the error was no more.

    If anyone gets this type of error, ensure you perform the following:

    Ask your AD admin or check it yourself, if authorized:

    1. Has any policies been modified recently? And/or

    2. Is the admin user Rights in the 'Log on as a service' GPO and under the correct policy?

    See examples provided to check the computer's local GPO settings.

  • 0

    Thanks for posting that, Terrence.

  • 0

    Hi Shane and Terrence,

    The user account did have Log On as a Service right, but it turns out that during a domain migration some of the SID's didn't translate over correctly, so the account wasn't being granted the right. After I fixed that the problem went away. Thank-you!

  • 0

    Good to know, Sdzur. Thanks for taking the time to share. Great troubleshooting!

Article is closed for comments.
Powered by Zendesk