Can anyone confirm that they have seen this working with this option set up on the network access account?
It seems to clearly not work with the account logon restriction set. [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Burke, John Sent: January-26-17 11:48 AM To: [email protected] Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Microsoft says it should work. I’m wondering if we are talking about the same thing though. They created the service account and on the account tab within users and computers - the “log on to” and locking that down to the sccm servers and the dcs. That is how it was set up but it failed. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kim Oppalfens Sent: January-19-17 6:37 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. I’ve handled the scenario you’re after with setting deny user rights, which worked without issues. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Burke, John Sent: donderdag 19 januari 2017 15:19 To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Actually opened a ticket and sent logs off to Microsoft. The event viewer even 4625 “an account failed to log on” “User not allowed to logon at this computer” This server is clearly listed in the logon to list. As soon as they change it to be allowed to log in to all domain computers it works and I get the success event. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: January-17-17 2:35 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Have you reviewed the security logs on the DP it was communicating with? J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Burke, John Sent: Monday, January 16, 2017 8:28 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] Network Access Account - restricted logon to with server in the list and unknown OSD Fails.. Hi, I have this scenario in our new CB. While trying to test OSD deployment of an unknow, it kept failing. It looked like it was failing due to access. I got them to look at the network access account and it has the “log on to” set for the account and all the sccm servers are in it, including the DP in question and the DC’s. I got them to change it to allow it to log onto all computers and it worked right away. Set it back and it failed. Can anyone explain this behavior? That whole logon within ad should work and network access account should work right? I see nothing odd about the account. Is a member of the domain and so on. Users have rights to the dp itself.
