Cannot edit user rights assignments in local security policy

Posted on 2005-05-10
Last Modified: 2008-01-09

I have a windows 2000 domain.  In it I have a windows 2003 server.  I am trying to give a user the user right to log on as a batch job.  

When I open Local Security Policy on the 2003 server and try to edit the assignment, the "Add User or Group" and "Remove" buttons are greyed out.  This is true of all of the user rights assignments.  

I can edit the Security options, but not the Audit Polcies or User Rights Assignments.  

Any ideas?

Thanks - Bonnie
Question by:Bonnie_K
    LVL 12

    Expert Comment

    Are you logged in as an admin?  Is this a DC?
    LVL 9

    Expert Comment

    because domain policy overwrite local policy. you have to edit the domain security policy via start>administrator tools>domain security policy.
    LVL 3

    Expert Comment

    which server is running as DC, use AD group policy or domain security policy to implement log on as batch job.

    you must have Administrative privilidges to do that.


    LVL 9

    Accepted Solution

    I would not recomend cahnging the domain security policy. It is better to make a new OU and link a GPO to that OU with the changes you want. That way if you do a misstake you will not propagate the misstake to all users on the network. It will also be eaiser to know what customizations you have done from the default settings.

    Author Comment

    Thanks joedoe58, worked like a charm.  

    Here's more info in case anyone else needs this solution:
    The 2000 box is the DC, the 2003 is a member server.  It is an application server and the user I am adding is a consultant who will only support that server.  I made him an administrator of that computer, but he was unable to run a scheduled task that calls a batch file so I needed to give him the "logon as a batch job"  right.  I didn't want to give him rights over the entire domain, so joedoe58's solution was perfect.

    Thanks to all who replied.

    LVL 9

    Expert Comment

    Have fun

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
    Learn about cloud computing and its benefits for small business owners.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now