Hello,
I tried setting domain user as the account for the Syncthing service
I get this error message:
I have granted that account Log on as a service in a GPO like so
Regards,
What was the error in the system log?
No, that’s not a very useful log entry.
Clearly the domain user doesn’t have the rights that Syncthing needs. But Syncthing doesn’t need Administrator rights on Windows to run. I’m wondering: If you add the domain user to the local machine’s User’s group, does that solve this?
Adding it to the local administrators group worked, adding it only to the local users group gave the same error. I have also tried allowing the account in NTFS permissions of C:/ProgramFiles/Syncthing
1 Like
I did not expect that you would need local admin, but glad you got it working.
I would definitely not recommend running Syncthing using an account that’s a member of any system’s local Administrators group.
If you want to run Syncthing on machines in a domain, I would highly recommend starting it from a scheduled task using a Group Managed Service Account (gMSA) rather than installing the service.
1 Like
Yeah, I would prefer to not have to run it as root/Admin. Do you have any docs that cover the gMSA syncthing deployment?
I don’t have anything specifically written for Syncthing. My suggestion would be to start with the Microsoft documentation regarding gMSAs. They are pretty straightforward to set up if you have enough access in the domain to create the needed objects.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.