Problem:
SignUp is configured with LAN accounts authenticating against Active Directory. Authentication is failing against the Active Directory.
We have set up user rights with the below options.
log on as a batch job
log on locally
log on as a service
act as part of the operating system
Authentication only works if the group policy setting to "Allow users to read Group Policy" check box is ticked. The customer does not want this policy permission enabled. The Signup Service runs under the System account.
Answer:
Give the System account the correct Group Policy setting.
Run the Signup Service with a Domain Admin account.