Jump to content


jackvdbuk

Push account type local admin vs domain admin

Recommended Posts

Hi all,

 

trying to work out why i cant use the %COMPUTERNAME%\Administrator account to push clients as i just get errors in CCMSETUP

 

to confirm from my understanding you can use a local admin account if it has access to the machine you are installing the client to? we have a default admin account on all machines with the same password but this type of push doesn't work as per below.

 

the push install works successfully using my domain admin credentials but of course if my password expires or my account is disabled (leave) this causes issues in deployments that are undeeded..? is my understanding of this correct? we can use mutiple domain admin accounts but all these type of accounts passwords expire..

 

---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using account '%computername%\administrator' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account %computername%\administrator (00000569) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Failed to connect to \\MACHINENAME\admin$ using machine account (5) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> ERROR: Failed to connect to the \\MACHINENAME\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using account '%computername%\administrator' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account %computername%\administrator (00000569) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Failed to connect to \\MACHINENAME\admin$ using machine account (5) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> ERROR: Failed to connect to the \\MACHINENAME\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using account '%computername%\administrator' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account %computername%\administrator (00000569) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> Failed to connect to \\MACHINENAME\admin$ using machine account (5) SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> ERROR: Failed to connect to the \\MACHINENAME\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)
---> ERROR: Unable to access target machine for request: "16777287", machine name: "MACHINENAME", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 25/08/2016 14:01:22 10528 (0x2920)

Share this post


Link to post
Share on other sites

Have you tried %machinename%?

Make sure that this local account administrator is not disabled as it does be by default?

If using another local account make sure its a member of the local administrators group on the systems.

Share this post


Link to post
Share on other sites

You should have a domain service account created and added to the local admins group on the machines. I believe that is part of the MS best practices.

  • Like 1

Share this post


Link to post
Share on other sites

You should have a domain service account created and added to the local admins group on the machines. I believe that is part of the MS best practices.

Thats fair enough, but if the account has an non expiring password and is on the domain - this would break our IT policy here at the company...

 

i guess i will have to use my own admin account and other admin accounts as backup if one expires..as this is governed by higher ups that will not allow a "machine" admin account :(

Share this post


Link to post
Share on other sites

Thats fair enough, but if the account has an non expiring password and is on the domain - this would break our IT policy here at the company...

 

i guess i will have to use my own admin account and other admin accounts as backup if one expires..as this is governed by higher ups that will not allow a "machine" admin account :(

 

Why does the password have to never expirer? There is no requirement for account with non-expiring PW.

Why can't you have two account with offsetting password reset dates?

Share this post


Link to post
Share on other sites

 

Why does the password have to never expirer? There is no requirement for account with non-expiring PW.

Why can't you have two account with offsetting password reset dates?

Good point i guess, i just had it that it would be possible to use a local admin account for deployment on all machines to prevent a incorrect password being a reason it doesn't deploy in future.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...