Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 11, 2016 7:32 PM
I had a domain account created to be my Network Access Account, but was curious about the permissions it needs. Specifically, what folders do I need to check? I have a Site server and about 20 different DPs. I know you can test the connection, but what share(s) do I test against?
All replies (4)
Monday, April 11, 2016 8:19 PM ✅Answered
Hi,
A normal Domain User account, you should limit its access by denying access to places where it shouldn't have access.
It is only used to connect to the DP during OSD so you can test against a share that domain users have access to.
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
Monday, April 11, 2016 8:50 PM
The worry is that we are currently deploying normal software and wanting to add OSD. I want to make sure it will not break the normal software deployments because you have to deselect using the computer acct. So you think as long as it's a domain acct, it should be good?
Monday, April 11, 2016 11:12 PM
As Jorgen said -
The Network Access account is provided for times when Configuration Manager 2007 clients from workgroups or non-trusted domains require access resources in the site server's domain. This account might also be needed during operating system deployment, because the computer receiving the operating system does not have a security context it can use to access content on the network.
All the info can be found here - https://technet.microsoft.com/en-us/library/bb680398.aspx
Its for 2007 but the same applies to 2012.
Tuesday, April 12, 2016 6:14 AM
So you think as long as it's a domain acct, it should be good?
Dear Sir,
Yes, however, you have to limit the account permission as someone can use command to get the account information, see below:
http://myitforum.com/myitforumwp/2015/05/11/network-access-accounts-are-evil/
Also, it's clear documented that ConfigMgr administrator has to set properly the account permission, see Network Access Account part in below link:
https://technet.microsoft.com/en-sg/library/hh427337.aspx
Best regards
Frank
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]