Got SSO working in my environment. (Windows 2012 R2 Openfire Server, 2008R2 DC , MySQL ) However, I need to make this work without local admin rights on my Windows 10 test machine. Run I run as local admin it works and it will pull my Account. Without local admin it will not pull my account. I tried running Process monitor to see what it is accessing and I cannot find what is blocking it from finding the account name. Any input?
this is a uac issue that changed in windows 8.1 that prevents access to the tgtkey for elevated accounts. you can mark the spark.exe to run as administrator to get past this, howerver if you want spark to launch at started up and allow sso, then you’ll need to launch it from a script. ie spark.vbs and put it in your %appdata%\Microsoft\Windows\Start Menu\Programs\Startup
Set UAC = CreateObject(“Shell.Application”)
UAC.ShellExecute “C:\Program Files (x86)\Spark\spark.exe”, “”, “”, “runas”, 1
I can’t have anything on a local machine with hardcoded credentials in a script. I’m going to do a little more research on this. For the tgtkey UAC issue are you talking about access to that registry key? Or access to the mechanism that provides SSO? I am hoping to selectively grant domain users access to whatever this needs…?
I think you misread the script. there are no credentials… all its doing is running the application with the “run as administrator” flag. This is only needed for users signed in with admin level accounts, and not needed for standard users.
I found an AD group that was giving my account some level of local admin rights. As soon as I removed myself from local admin on the machine my SSO account autodiscover was happy. I was absolutely reading your replys backwards speedy. Thanks for the help.