Issues with Action User Profiles

Action User Profile cannot be Selected

If there are issues with the Actor's user credential capabilities, you see the error "Actor does not support non-system users" instead of being able to select an Action User Profile.

If you check the Actor capabilities, you see that Credential Provider is not listed.

When you're working with a Microsoft Windows Actor, check the following:

• When installing the Endpoint Actor, you must select the Credential Provider on the Component Selection page of the install wizard. This installs the following Validation Platform DLL: C:\Windows\System32\VerodinAutoLogon.dll. Check this location to verify that the DLL is installed.

• If it's a Windows Actor installed in Protected Theater, configure the following Microsoft Windows Registry keys. If doing this conflicts with group policies for your organization, create a unique Active Directory organizational unit to support the Validation Platform Windows Actor and apply these configuration settings.

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
  CurrentVersion\Policies\System\DisableCAD set to true (1)

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
  Winlogon\LegalNoticeCaption set to blank (empty)

  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
  Winlogon\LegalNoticeText set to blank (empty)

If you are working with one of the other endpoint Actors, you would get this error message if the Actor's services are not running as root.

Action User Profile not logging in when running an Action

If the issue is in Protected Theater, did you log into the user accounts after the Protected Actor image was imported into the Protected Theater? You must log into these domain user accounts after the Protected Actor image is imported but before you run Protected Actions.

If you are running Host CLI Actions or Protected Actions and the User Profiles are not logging in automatically, the domain information for the Action User Profile may be incorrect.

1. Launch the Director.
2. Select Environment > Action User Profiles.
3. Click Edit next to the User profile that isn't logging in automatically.
4. Update the Domain so it contains a valid domain.
5. Click Submit.
6. Try running your Action again; the user profile should log in automatically.

If this is a Windows Actor installed in Protected Theater and the domain information is correct, pull the credential log file to see the reason for failure. This file is included in the standard support log bundle. If you want to access the file directly, it is located at C:\Program Files\Verodin\node\log\credential_log.txt. You may also want to verify the registry keys are configured correctly, as discussed in Action User Profile cannot be Selected.