Way to Grant Access to Local System Account to NETLOGON Share?

Discussion in 'Active Directory' started by SteveJHU, Feb 15, 2008.

  1. SteveJHU

    SteveJHU Guest

    Hi,

    Does anyone know if there's a way to grant access to the local System
    account on our member servers to the NETLOGON share on the Domain
    Controllers, without opening the share to anonymous users?

    We're trying to get the local System accounts on our servers to run a script
    in the NETLOGON share on the DC's.

    Thanks!
    Steve
     
    SteveJHU, Feb 15, 2008
    #1
    1. Advertisements

  2. Add a permission using the kind of trustee: DOMAIN\SERVERNAME$
    To grant access to all computers except DC, useDOMAIN\Domain Computers.

    KR,
    Marc
     
    Lognoul, Marc \(Private\), Feb 15, 2008
    #2
    1. Advertisements

  3. SteveJHU

    jwd Guest

    This is not possible. The local System account is just that - local. Only
    the local SAM on the server knows about it so you cant include it in a ACL on
    a different server.

    I presume there is a reason you cant use a domain account to run the scripts?

    Best Regards
    Joe Dunn MCSE
     
    jwd, Feb 15, 2008
    #3
  4. SteveJHU

    Joe Kaplan Guest

    Don't forget that both Local System and Network Service use the credentials
    of the machine account when accessing the network, so that would be the
    computer account for a domain-joined machine. Local service on the other
    hand has no network credentials.

    Joe K.
     
    Joe Kaplan, Feb 15, 2008
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.