Deploying ACC into Windows - Local Account for service - change password on next logon

Go to solution
Gilberto De Cam
Tera Contributor

‎01-02-2023 06:43 PM

Hello,

We are deploying the ACC using SCCM on Windows devices.

Everything is installed perfect but the service never starts by the error "Logon failure".

We could confirm that the local account created has enable "change password on next logon".

We read at a "best practice document" mentioning that the parameter "Password never Expire" can be set at acc installer, but we have not been able to find it at any documentation.

Any suggestion how to in a centralized way on the describe environment we can ensure that the local account created is able to login?

 

0 Helpfuls
  • 1,494 Views
1 ACCEPTED SOLUTION

Go to solution
SeverinLauniau
ServiceNow Employee
ServiceNow Employee

‎01-03-2023 06:24 AM

Hi @Gilberto De Cam ; there is still a gap in the Windows installation page indeed. You can find all the parameters in the release notes in the store app page: https://store.servicenow.com/sn_appstore_store.do#!/store/application/deb59787c317030039a3553a81d3ae...

 

For reference, msiexec parameters:

  • ACC_MID=string
  • ACC_API_KEY=string
  • ACC_ALLOW_LIST=True|False
  • START_SERVICE=True|False
  • LOCALUSERNAME=SYSTEM|LOCALSERVICE|domain\gMSA$|string
  • LOCALUSERPASSWORD=string
  • ISDOMAIN=0|1
  • DOMAIN=string
  • PASSWORD_NEVER_EXPIRES=True|False

View solution in original post

4 REPLIES 4

Go to solution
Parag_Sanyashiv
Giga Guru

‎01-03-2023 02:17 AM - edited ‎01-03-2023 02:17 AM

Hi Gilberto,

 

ServiceNow Document doesn't have the exact configuration, below is what is provided by ServiceNow regarding the user:

Parag_Sanyashiv_0-1672740945819.png

You can use the OOTB user creation while installing the agent and then check the configuration of that user create and follow it for a domain user so that it can be applied to all the agents and you end up with a single global user.

 

Regards,

Parag Sanyashiv

0 Helpfuls

Go to solution
SeverinLauniau
ServiceNow Employee
ServiceNow Employee

‎01-03-2023 06:24 AM

Hi @Gilberto De Cam ; there is still a gap in the Windows installation page indeed. You can find all the parameters in the release notes in the store app page: https://store.servicenow.com/sn_appstore_store.do#!/store/application/deb59787c317030039a3553a81d3ae...

 

For reference, msiexec parameters:

  • ACC_MID=string
  • ACC_API_KEY=string
  • ACC_ALLOW_LIST=True|False
  • START_SERVICE=True|False
  • LOCALUSERNAME=SYSTEM|LOCALSERVICE|domain\gMSA$|string
  • LOCALUSERPASSWORD=string
  • ISDOMAIN=0|1
  • DOMAIN=string
  • PASSWORD_NEVER_EXPIRES=True|False

Go to solution
pratik0306
Tera Guru

‎12-14-2023 11:11 PM

Hi @Gilberto De Cam 

May i know what permissions were given for the account to deploy the agents from SCCM?

and also in the documentation it was written that a default user and group gets created so wanted to know about this as well

0 Helpfuls

Go to solution
SeverinLauniau
ServiceNow Employee
ServiceNow Employee
In response to pratik0306

‎12-20-2023 12:40 PM

@pratik0306 : I would recommend assigning either Local SYSTEM, Local Service or a gMSA account. Avoid the servicenow user account, since user accounts aren't normally designed to run Windows Services. If you go with gMSA, you normally need "Logon As a Service" and "Debug Programs" privileges. "Debug Programs" is to retrieve the full path of running processes along with their parameters. You can find more information in the KB1122613 in the webinars, as well as some command line samples in the git repository.

 

Séverin