We have ProIV 5.5 r518 running as the Localsystem account on a Windows 2003 Server that is authenticating the ProIV environment user (e.g. [USER APPUSER]) to a local user Windows account named APPUSER.
We have the following environment settings:
USERNAME_VALIDATE= Y
USER_DOMAIN=.
LOGONTYPE=INTERACTIVE
I don't believe that we changed or added any OS privileges for Localsystem to do this.
The ProIV 5.5 kernel was originally installed as a named Administrator account.
Under ProIV 4.x, we did create and use a "svcProIV" local user Windows account that had administrative privileges for the ProIV NT Service service because this was necessary for our ProIV application to print to local and networked printers, as well as copy data to other domain servers. Since our upgrade to 5.5, we have not had to use this "svcProIV" account. I don't believe that we changed or added any OS privileges for svcProIV to do this.
Do you have the following Local Security Settings-Local Policies-User Rights Assignments set for your ServiceProIV account?
Logon as a service.
Some other privileges to try:
Act as part of the operating system.
Adjust memory quotas for a process.
Bypass traverse checking.
Impersonate a client after authentication.
Logon as a batch job.
Replace a process level token.
I hope this helps.
Fred
Edited by Fred Marker, 26 September 2006 - 06:37 PM.