Enable Credentials to "Log on as a Service"

4/26/2018 3231 Contributors

Any credentials used in PDQ products (to deploy software or run an inventory scan on target computers) must be granted the right to "Log on as a service". PDQ Deploy or PDQ Inventory will automatically attempt to grant this right to the deploy or scan credentials used on target computers.

If granting this right fails then you will need to enable this right either locally (on the target machines) or via Group Policy.

To enable on the local machines go to the Local Security Policy under Control Panel > System and Security > Administrative Tools OR simply run the following command from Start > Run or a CMD window:

secpol.msc

In the Local Security Policy window go to Security Settings > Local Policies > User Rights Assignment > Log on as a Service and add the appropriate credentials to this right. Verify that this account has NOT been added to the "Deny log on as a service policy".

LogonAsAServiceLocal.png

 

To add the account via Group Policy open your Group Policy editor and edit the appropriate Group Policy. Go to Policies > Windows Settings > Security Settings > Log on a service

LogonAsAServiceGPO.png