![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 56.00000000000001%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Configuration Manager | Deployment
Deploying software and updates using Configuration Manager
Hi,
==>1,Don't use the network access account for this account.
Generally speaking, the network access account is only used to access the associated resources on the network and not require local permissions, but task sequence run as account may require administrative access on the computer sometimes. These two accounts are different purposes.
2,==>Don't make the account a domain administrator.
For security reasons. And there is no need to do this. If it requires administrative access on the computer, consider creating a local administrator account solely for this account rather than a domain administrator account.
==>3,Don't configure roaming profiles for this account.
As the document says: "When the task sequence runs, it downloads the roaming profile for the account. This leaves the profile vulnerable to access on the local computer."
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 42%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)