- This topic has 2 replies, 2 voices, and was last updated 4 years, 2 months ago by
.
-
Posts
-
Hello,
I have been asked to get NoMachine Enterprise Desktop functioning in our environment. We are using the latest version 6.11.2. The application still will not install without
“Cannot create the home directory for the nx user”.
Having read several Forum posts and a couple of days of logs and Process Monitor, I have passed three specific environment obstacles:
Issue 1: Requires: “Access this computer from the network” to Everyone > Overridden with test GPO on a specific device.
Issue 2: Create NX User account with password not conforming to our Domain Password policy > Overridden with test GPO on a specific device.
Issue 3: Adds NX user to local Administrators Group. This gets removed as we tightly control this by GPO > > Overridden with test GPO on a specific device.
Environment:
Windows 10 (1903), Domain Joined, Group Policy Controlled with Microsoft Security Baseline Policies as a minimum, No Local Administrators.
Snippet of log failure:
2020-08-18 16:34:35.631 NX> 700 Running: net localgroup Administrators nx /ADD
2020-08-18 16:34:35.802 NX> 700 Result: OK (0)
2020-08-18 16:34:36.021 NX> 700 Result:
2020-08-18 16:34:36.021 NX> 700 Result:
2020-08-18 16:34:36.021 NX> 700 Executed showMsgBox with parameter: Cannot create the home directory for the nx user
2020-08-18 16:34:36.021 Message box (OK):
Cannot create the home directory for the nx user
I have also tested creating a local user through lusrmgr.msc (Local users and group) and tested the account can login, the default local profile is good. I have also removed nx user from the “Deny Local Logon” security policy and logged in successfully after pulling the password from Procmon.
Does anyone have any other suggestions?
Thanks
Hello Westy_A,
nx user account created during installation needs to be able to perform network logon. This action is controlled by two security policy settings: ‘Access this computer from the network’ and ‘Deny access to this computer from the network’. According to MS documentation for ‘Deny access…’:
‘This policy setting supersedes the Access this computer from the network policy setting if a user account is subject to both policies.’
Is it possible that despite enabling ‘Access this computer from the network’ for Everyone, logon is still blocked by ‘Deny access…’ setting? If this is not the case, we can provide you with debug installation package to investigate this issue further. Please, let us know if you would like to try it.
Thanks for the reply.
I have continued to try and get this to install.
I will list the changes required if you like us utilise the Microsoft Security Baseline policies in GPO.
Requires: “Access this computer from the network” (I added everybody and users for testing)
Requires: NX local account to have “Act as part of the Operating System” (same as System account)Requires: NX local account to have “Adjust Memory Quotas for a process”
Requires: NX local account to have “Logon as a Service”
Requires: NX local account to have “Replace a Process level Token”
Requires: Removing “Local Accounts” from Deny Access to this computer from the network
Requires: Removing “Local Accounts” from Deny Log on through Remote Desktop Services
NX User is required to be a local Administrator.
NX User is created with a fixed password that uses CAPS, lower case and Numbers.
Finally installed with some success, there is still one outstanding snag (point 8.) but that’s a company issue.
Anyway, you can install if you want to change the above.
Hope this helps someone else if you are trying the same thing.
Thanks.
This topic was marked as solved, you can't post.