Windows 2000/XP/2003: How to add user to Local Security Setting

You can issue an OS command and do it

net localgroup users "username" /add

Won't this work in VB?

Shell("net localgroup users username /add")

Using your suggestion I could add the user to specific group. But I could not find the specific net option that will add this user to the local policy "Log on as a Service".

Since this is a one time operation I dont want them to create a group. Creating group and assigning local policy manually will need same manual efforts as assigning policy to the specific user.

Thanks,

Increasing points.

When I installed SQL Server, it automatically added me to this policy. So its likely that there is an automated way to assign this policy from an application.

I found this on MS Site. If only I could convert this to VB6
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmgmt/security/managing_account_permissions.asp

void AddPrivileges(PSID AccountSID, LSA_HANDLE PolicyHandle)
{
  LSA_UNICODE_STRING lucPrivilege;
  NTSTATUS ntsResult;

  // Create an LSA_UNICODE_STRING for the privilege name(s).
  if (!InitLsaString(&lucPrivilege, L"SeServiceLogonRight"))
  {
         wprintf(L"Failed InitLsaString\n");
         return;
  }

  ntsResult = LsaAddAccountRights(
    PolicyHandle,  // An open policy handle.
    AccountSID,    // The target SID.
    &lucPrivilege, // The privilege(s).
    1              // Number of privileges.
  );                
  if (ntsResult == STATUS_SUCCESS)
  {
    wprintf(L"Privilege added.\n");
  }
  else
  {
    wprintf(L"Privilege was not added - %lu \n",
      LsaNtStatusToWinError(ntsResult));
  }
}

Should be able to do the same with rights:

Shell("Ntrights.exe -u username +r SeServiceLogonRight")

This will do it but Do you know whether I can include ntrights.exe with my application distribution?

Thanks