Logon GPO for Shared Accounts

Home Forums Microsoft Networking and Management Services Active Directory Logon GPO for Shared Accounts

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    blashmet
    Member
    #164360

    We use 2ndAuth on certain workstations so users can logon with a shared account.

    For example, they login with “SharedAccount” and then authenticate again with “TheirAccount.”

    We have a GPO setup that allows “SharedAccount” and “TheirAccount” remote rights and local logon rights to certain systems.

    The GPO works perfectly when they are not logging onto a system with 2ndAuth.

    However, when they logon to a system with 2ndAuth using the shared account, they get an error saying they do not have permissions. We can fix this by adding “SharedAccount” to the local system’s remote properties, but this defeats the purpose of allowing this permission via the GPO.

    Any idea if remote rights are granted differently in the GPO for shared accounts?

    Thanks for your help.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.