Hello,
We have been tasked with creating "service accounts" to replace a DOMAIN account used to execute CAWA-DE jobs. Initially we encountered a "allow logon" error on the server because the CAWA-DE agent uses an account named SYSTEM, then switches user to the service account.
Is there a workaround/setting within CAWA-DE that can help with this challenge? The issue can be handled by creating a Group Policy, but we have many servers and that doesn't seem to be the most efficient way of handling this. So we thought we'd ask to see if you have a best practice, or suggestion.
Here is my WINDOWS Admin's spin on the issue in case I misquoted him:
The issue that we are trying to resolve is taking a standard domain user account and allowing it to login to the machine and run the defined job in espresso / app. In order to do this we have found that editing the Security Policy in Group Policy allows the jobs to run as expected. We have multiple machines and multiple user accounts and we want to dedicate specific accounts to specific machines. They only way I can find is that we create multiple Group Policies and filter those policies to the specific machine and add the user account to the allow logon locally.
Possibly there are some advance options using Registry and File System settings in Group Policy? That's what I can think of right now without having to use multiple Group Policy objects for machines.
Thanks,
Ken Ski
------------------------------
DARDEN Corporation
Orlando, FL
------------------------------