We use 2ndAuth on certain workstations so users can logon with a shared account.
For example, they login with “SharedAccount” and then authenticate again with “TheirAccount.”
We have a GPO setup that allows “SharedAccount” and “TheirAccount” remote rights and local logon rights to certain systems.
The GPO works perfectly when they are not logging onto a system with 2ndAuth.
However, when they logon to a system with 2ndAuth using the shared account, they get an error saying they do not have permissions. We can fix this by adding “SharedAccount” to the local system’s remote properties, but this defeats the purpose of allowing this permission via the GPO.
Any idea if remote rights are granted differently in the GPO for shared accounts?