Solved

Secpol.msc locked from editing

Posted on 2011-02-23
3
2,913 Views
Last Modified: 2012-05-11
I'm trying to add an account for "Log on as a batch job" and it won't allow me to add or edit the policy. The add and delete are greyed out.

This is Windows Server 2008 R2 Enterprise with Exchange 2010 SP1 installed on it. It is NOT a domain controller...although it is domained.

I am logged into the machine as the domain administrator and still can't change it.

Any ideas?

Thanks in advance!
0
Comment
Question by:liscr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34962535
Hm, looks like

1) any other GPO in the domain blocks that
2) you need to run console with elevated privileges (click right mouse button on console and choose "run as administrator"

additionally, please run gpresult /z >c:\gpresult.txt

and attach it here, please

Regards,
Krzysztof
0
 

Author Comment

by:liscr
ID: 34963087
Hey Krzysztof,

I've run the SecPol.msc with elevated permissions, and still locked (even though I'm logged in as Domain\Administrator

Attached are the GPResults.

Thanks!
GPResult.txt
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34963329
OK, looks like you have to do this using GPO, not local policies. GPRESULT doesn't show anything which could point us ti solution :)

If you wish to allow that user "log on as batch.." only on that server, create separate GPO and link to OU where it is. Use GPO Security Filtering to apply it only to that particular server.

That's my suggestion :]

Krzysztof
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question