It may be off the subject a bit, but doesn't Citrix Best Practices include disabling those accounts that are created automatically? I'm going off my less-than-reliable memory, but that error and account name seem familiar to me. From what I recall, the account(s) weren't used and could simply be removed from the offending policy.
- Sean On Thu, May 28, 2009 at 10:45 AM, Free, Bob <[email protected]> wrote: > The operative question is does it work? Is the particular account granted > the logon right if you test it? > > The warning makes perfect sense and your research is correct. I believe I > tried this years ago and as long as the local account names were the same it > still worked. > > -----Original Message----- > From: Joe Heaton [mailto:[email protected]] > Sent: Thursday, May 28, 2009 7:48 AM > To: NT System Admin Issues > Subject: Log On as a Service question > > I have two local accounts that have been granted the Log On as a Service > permission, within a GPO. This is causing Event ID 1202 errors, from > SceCli. The main description is as follows: > > "Security policies were propagated with warning. 0x534 : No mapping between > account names and security IDs was done." > > > From what I'm reading, this error is because the GPO can't map the accounts > to SIDs. Is there a way around this using these local accounts, or do I > have to figure a way to substitute a domain account for these purposes? > > Thanks, > > Joe Heaton > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
