Allow Logon Locally Permission

The Allow Logon Locally policy setting determines which users can start an interactive session on the computer. In the case of AppViewX, the windows agent does an interactive session to the target machine to perform the desired operations. Hence this permission is required if the account used is not part of the local administrator group in the Windows Gateway Machine.

For more information on this setting please refer Allow log on locally - security policy setting - Windows 10 | Microsoft Learn

Enabling and Configuring the LogonMode Parameter

From AppViewX version 2024.3.0.0, an additional configuration parameter has been introduced to avoid explicitly providing "Allow Logon Locally" permission. It is enabled through a configuration parameter called LogonMode which can be configured in the AppViewX.CertPlus.WindowsService.exe.config file.

Follow the steps below if the “Allow Logon Locally” permission cannot be provided or the Service Account is part of “Deny Logon Locally”.

  1. Go to the AppViewX Windows Gateway Installation Path. The default path is C:\Program Files (x86)\appviewx\AppViewX.CertPlus.Installer

  2. Open the AppViewX.CertPlus.WindowsService.exe.config file using a text editor.

  3. Locate the <appSettings> section and set the following entry: <add key="LogonMode" value="Network" />
    Supported values for the "LogonMode" configuration:
    • Interactive: Uses the Interactive logon mode (Requires “Allow Logon Locally” Permission)
    • Network: Uses the Network logon method, which does not require explicit "Allow Logon Locally" permission.
    Note: If the "LogonMode" parameter is not specified, the system defaults to Interactive logon mode.