?
Solved

Cannot edit user rights assignments in local security policy

Posted on 2005-05-10
6
Medium Priority
?
1,789 Views
Last Modified: 2008-01-09
Hello,

I have a windows 2000 domain.  In it I have a windows 2003 server.  I am trying to give a user the user right to log on as a batch job.  

When I open Local Security Policy on the 2003 server and try to edit the assignment, the "Add User or Group" and "Remove" buttons are greyed out.  This is true of all of the user rights assignments.  

I can edit the Security options, but not the Audit Polcies or User Rights Assignments.  

Any ideas?

Thanks - Bonnie
0
Comment
Question by:Bonnie_K
6 Comments
 
LVL 12

Expert Comment

by:valicon
ID: 13974113
Are you logged in as an admin?  Is this a DC?
0
 
LVL 9

Expert Comment

by:binary_1001010
ID: 13974973
because domain policy overwrite local policy. you have to edit the domain security policy via start>administrator tools>domain security policy.
0
 
LVL 3

Expert Comment

by:miroofi75
ID: 13975263
which server is running as DC, use AD group policy or domain security policy to implement log on as batch job.

you must have Administrative privilidges to do that.

regards,


imran
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Accepted Solution

by:
joedoe58 earned 2000 total points
ID: 13976496
I would not recomend cahnging the domain security policy. It is better to make a new OU and link a GPO to that OU with the changes you want. That way if you do a misstake you will not propagate the misstake to all users on the network. It will also be eaiser to know what customizations you have done from the default settings.
0
 

Author Comment

by:Bonnie_K
ID: 13977724
Thanks joedoe58, worked like a charm.  

Here's more info in case anyone else needs this solution:
The 2000 box is the DC, the 2003 is a member server.  It is an application server and the user I am adding is a consultant who will only support that server.  I made him an administrator of that computer, but he was unable to run a scheduled task that calls a batch file so I needed to give him the "logon as a batch job"  right.  I didn't want to give him rights over the entire domain, so joedoe58's solution was perfect.

Thanks to all who replied.

Bonnie
0
 
LVL 9

Expert Comment

by:joedoe58
ID: 13977837
Have fun
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question