PilotGavin
asked on
Adding a computers LOCAL user to a domain based group policy
There are two local user accounts on an end users computers which must be used to start a couple of services on the users machine.
I can't add them to the local security policy to allow them to "log in as a aservice" because the option is greyed out due to a domain based policy.
Is there a way to create a domain based policy, and add the LOCAL USER accounts to this policy so that the domain pushes out these settings?
The services will not start without these users having the log in as a service right.
I was able to work around this and found a way to add them locally but they get wiped out each time the domain policy gets applied.
I can't add them to the local security policy to allow them to "log in as a aservice" because the option is greyed out due to a domain based policy.
Is there a way to create a domain based policy, and add the LOCAL USER accounts to this policy so that the domain pushes out these settings?
The services will not start without these users having the log in as a service right.
I was able to work around this and found a way to add them locally but they get wiped out each time the domain policy gets applied.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Cool, I'll be interested to see what happens!
The point being you can't specify those local accounts in a Domain GPO, but you *should* be able to specify one of the builtin local groups (such as Administrators), and if the local accounts are members of that group, then they should be granted the same rights as are afforded the group itself.
Anyways, I'm off to bed shortly, so you may not hear from me again until tomorrow, but good luck and I'll check back in as soon as I can to see what you found and whether you have any further questions.
Pete
The point being you can't specify those local accounts in a Domain GPO, but you *should* be able to specify one of the builtin local groups (such as Administrators), and if the local accounts are members of that group, then they should be granted the same rights as are afforded the group itself.
Anyways, I'm off to bed shortly, so you may not hear from me again until tomorrow, but good luck and I'll check back in as soon as I can to see what you found and whether you have any further questions.
Pete
ASKER