Follow

Inability to log into ProfileUnity console in more secure environments

Product: ProfileUnity          

Product Version: 6.5.x

Expires on: 365 days from publish date

Updated: Nov 3, 2017

 

Problem:

Inability to log into ProfileUnity console in more secure environments

 

Symptoms:

We run the ProfileUnity console service as system level service from there we do administrative impersonation of the account logging in to access resources.

The potential problem comes in when we go to do impersonation it requires “the Allow log on locally user right”.

If this right is removed from accounts on the ProfileUnity server users won't be able to login to the ProfileUnity console.

 

Possible Resolution:

The ProfileUnity console Service account needs “the Allow log on locally user right” and so does the user logging in. In some environments you can add the accounts to the local administrators group to get the “Allow log on locally user right” back for both. 

You can also do this either via a Domain GPO or local GPO on the ProfileUnity console.

Currently this is the suggested workaround either via GPO modification or addition of the accounts to the local admins group.

In addition if you are using ProfileUnity as a Service or have enabled CAC authentication on the ProfileUnity console those accounts need the right to logon locally.

This will be addressed in a future release of ProfileUnity.

 

Additional Resources:

https://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx 

https://technet.microsoft.com/en-us/library/dn221980(v=ws.11).aspx

 

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.