Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2008 Server - "Log on as batch job", cant add user.

Posted on 2008-10-18
5
Medium Priority
?
18,457 Views
Last Modified: 2013-04-19
Hi guys. I have just changed the default identity for my Website's application pool. The reason ive done this is to run the site's scripts as a specific user so it has specific access to files.

Once change the Application Pool identity from NetworkService to my user, I have to give it the "Log on as batch job" right using the local security policy editor. I get to the screen, and the button to add a user is greyed out!

However, in the list already are 3 groups..Administrators, Backup Operators and Performance Log Users. So, for a quick bit of debugging, i added my user to the 'Performance Log Users'  group using Active Directory and it works perfectly. However, this is not ideal as the 'Performance Log Users', has nothing to do with running a web apps!

So in breif, how can I add the user to the "log on as batch job" user rights list when it is greyed out?
I have attached a screenshot.
runasbatch.jpg
0
Comment
Question by:firefoxchris
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 1800 total points
ID: 22749319
The user right is configured by a GPO. Run RSOP.msc to verify what GPO is configuring the setting.
Edit the GPO by using GPMC.msc to add the users.
If the affecting GPO is linked to a higher OU-level, it would be better to create a new GPO and link it to the OU with the IIS to not lowering security on other servers that shall not be affected. Keep in mind that the new GPO will override the previous GPO and you nead to add all authorized users in the new GPO if you don't want to remove the user right from the other users.
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 200 total points
ID: 22749544
Yeah henjoh09 is correct....you can move this machine to a different OU and create a new GPO and define this settings
0
 

Author Comment

by:firefoxchris
ID: 22756127
Thanks for the info guys. However, some of that explanation is a bit over my head. Could you explain it possibly in kre simple terms? Im not a massive user of group policy editor and dont fully understand how it is structured.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 1800 total points
ID: 22762690
You use RSOP.msc (Resultant Set Of Policies) in logging mode to validate what GPO is affecting the policy setting.
\Computer Configuration\Windows Settings\Security Settings\Local Settings\User Rights Assignment\Log on as batch job

In ADUC (Active Directory Users and Computers, create if necessary a new OU and place the server in that OU.

Start GPMC (Group Policy Management Console)
Expand forest\domains\domainname to see all top-level OUs, any GPOs linked to domain level and a section named "Group Policy Objects".
Expand "Group Policy Objects" to see all existing GPOs in the current domain.
Right-click on "Group Policy Objects" and choose New to create a new GPO or right-click on the one you want to modify and choose Edit.
In the Group Policy editor, browse down to the policy and add the users you want to have the right to log on as batch job. If creating a new GPO, keep in mind that it will override the old one and not append the setting.
\Computer Configuration\Windows Settings\Security Settings\Local Settings\User Rights Assignment\Log on as batch job
If created a new GPO, navigate in GPMC through the OU-structure and link the GPO to the OU by right-clicking the OU and choose "Link an existing GPO"

Log on to the server and run gpupdate to apply the policy.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question