Hello, PC is running Windows 7 Prof 64 as local workgroup, Server is 2008 R2 on AD, network share is reached via UNC on AD system. I have some applications that run as services on both the workstation and server. These access a network share. Normally I would just add the workstation to the AD and the Service Account would be assigned to run as the Services as well as given security permissions on the UNC share, but in this case I can't. I am trying to assign an AD User (Service Account) "Log on as" for the services on the local workgroup Win 7. In the Select User box, I can't see the AD for "From this location" only the PC is showing in the location. With the "Select this object type" set to User or Built-in security principal (only two choices), if I try to enter the object name as AD\Service Account, I get an error "The following object is not from a domain listed in the Select Location dialog box, and is therefore not valid". Can anyone provide some assistance with this? Should this be in the Server 2008 question area? Thanks in advance, Ryan

Hi, This issue refers some knowledge about Windows Server 2008. For work around this issue efficiently I would like suggest you post this issue to Windows Server forum for help. Thank you for your understanding.Your Name TechNet Community Support

Hi, If an AD environment is visible to the Host, it can make use of a user account on the said AD server for authentication purposes (e.g. fileshares) (For example: You can access \\domaincontroller\share and use the information such as Username: domain\user or username@domain.local and the relevant password, this will authenticate and allow access to the file share should (A) the user have said permissions and (B) that the user is not restricted by host As for policy settings, the host would need to be added to the AD domain in order to benefit from GPO and group policy etc.. Adding a AD account credentials to a service on a non domain workstation does not make sense to me. Unless I am missing your point. MartinIf you find my information useful, please rate it. :-)

I dont think that this could work, however you can try asking the question on Windows Security forums, because this is strictly windows security question Workstation that is in a workgroup will not be able to see any user accounts that are in domain. Few things you can try see if domain computers and workgroup use same authentication level (domain computer will use what ever is set in domain policy while workgroup will use defaults) try running the service account under Everyone or Authenticated Users.