I’ve handled the scenario you’re after with setting deny user rights, which worked without issues.
From: [email protected] [mailto:[email protected]] On Behalf Of Burke, John Sent: donderdag 19 januari 2017 15:19 To: [email protected] Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Actually opened a ticket and sent logs off to Microsoft. The event viewer even 4625 “an account failed to log on” “User not allowed to logon at this computer” This server is clearly listed in the logon to list. As soon as they change it to be allowed to log in to all domain computers it works and I get the success event. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: January-17-17 2:35 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Have you reviewed the security logs on the DP it was communicating with? J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Burke, John Sent: Monday, January 16, 2017 8:28 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Hi, I have this scenario in our new CB. While trying to test OSD deployment of an unknow, it kept failing. It looked like it was failing due to access. I got them to look at the network access account and it has the “log on to” set for the account and all the sccm servers are in it, including the DP in question and the DC’s. I got them to change it to allow it to log onto all computers and it worked right away. Set it back and it failed. Can anyone explain this behavior? That whole logon within ad should work and network access account should work right? I see nothing odd about the account. Is a member of the domain and so on. Users have rights to the dp itself.
