none
Cross Domain configurations for Log on as service

    Question

  • Is it possible to configure an account from one domain in a different domain to log on as a service?

    Domain A has a one way trust to Domain B. Domain B has no trust to Domain A. 

    Account from Domain A has permissions to access specific location but account in Domain B does not. 

    Added account from Domain A into the Log on as service right local security policy. 

    When I attempt to configure service to log on as account using the account from Domain A I get a denied access. 


    Tuesday, December 29, 2015 9:28 PM

Answers

  • >Is it possible to configure an account from one domain in a different domain to log on as a service?
     
    Yes, it is possible.
     
    Just for confirmation, in your environment, Domain A (trusting domain) trusts Domain B (trusted domain), right? In this case, I don't quite understand that "Account from Domain A has permissions to access specific location but account in Domain B does not.", it seems contradictory.
     
    >When I attempt to configure service to log on as account using the account from Domain A I get a denied access.
     
    For the "Access is denied" error, on the "Log On" tab, try to manually enter the SAM format (Domain\User) instead of digging your user out of Active Directory with the "Browse" button (Windows tries to use the UPN for the user account in this way), see if this works.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, December 30, 2015 5:38 AM
    Moderator

All replies

  • >Is it possible to configure an account from one domain in a different domain to log on as a service?
     
    Yes, it is possible.
     
    Just for confirmation, in your environment, Domain A (trusting domain) trusts Domain B (trusted domain), right? In this case, I don't quite understand that "Account from Domain A has permissions to access specific location but account in Domain B does not.", it seems contradictory.
     
    >When I attempt to configure service to log on as account using the account from Domain A I get a denied access.
     
    For the "Access is denied" error, on the "Log On" tab, try to manually enter the SAM format (Domain\User) instead of digging your user out of Active Directory with the "Browse" button (Windows tries to use the UPN for the user account in this way), see if this works.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Wednesday, December 30, 2015 5:38 AM
    Moderator
  • Hi,
     
    Just checking in to see if above information was helpful. Please let us know if you would like further assistance.
     
    Thanks,
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Tuesday, January 5, 2016 9:42 AM
    Moderator
  • Hi,
     
    I'm marking the reply as answer as there has been no update for a couple of days.
     
    If you come back to find it doesn't work for you, please reply to us and unmark the answer.
     

    Regards,

    Ethan Hua


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Thursday, January 7, 2016 1:53 AM
    Moderator
  • Hey Ethan, 

    The above answer was not my issue. As it turns out there were some group policies that I was not aware of that I had to configure locally on the server. Once we got that resolved I was able to configure the account in the service to 'run as'

    Friday, April 8, 2016 6:39 PM