Hi,
I've installed Password Reset Client Service on a machine with locked down GPO settings. Now, service, running under NETWORK_SERVICE account doesn't start (Service Control Manager reports error 1053 after waiting 30 seconds for the service to respond during start).
If I change service account to some other account (i.e. domain account), service runs fine and I am able to reset password successfully, so there is no issues with password reset infrastructure, firewall, etc..). Problem is only with NETWORK SERVICE not having enough permission to do its job.
Unfortunately, there is no event log entries in neither of relevant event logs (Application, Security, System, Forefront Identity Manager) that would provide additional information on why service doesn't start. ProcessMonitor tracing revealed only, that service cannot access some of the registry entries. After granting permissions, service still refuses to start.
What I'd like to know is there a list of permissions, configuration entries, that NETWORK SERVICE needs in order to run normally?
If that is not available, does anybody have any idea, how to find out what is preventing NETWORK SERVICE account from running that service?
Thank you and best regards,
P