Solved

Secpol.msc locked from editing

Posted on 2011-02-23
3
2,712 Views
Last Modified: 2012-05-11
I'm trying to add an account for "Log on as a batch job" and it won't allow me to add or edit the policy. The add and delete are greyed out.

This is Windows Server 2008 R2 Enterprise with Exchange 2010 SP1 installed on it. It is NOT a domain controller...although it is domained.

I am logged into the machine as the domain administrator and still can't change it.

Any ideas?

Thanks in advance!
0
Comment
Question by:liscr
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34962535
Hm, looks like

1) any other GPO in the domain blocks that
2) you need to run console with elevated privileges (click right mouse button on console and choose "run as administrator"

additionally, please run gpresult /z >c:\gpresult.txt

and attach it here, please

Regards,
Krzysztof
0
 

Author Comment

by:liscr
ID: 34963087
Hey Krzysztof,

I've run the SecPol.msc with elevated permissions, and still locked (even though I'm logged in as Domain\Administrator

Attached are the GPResults.

Thanks!
GPResult.txt
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34963329
OK, looks like you have to do this using GPO, not local policies. GPRESULT doesn't show anything which could point us ti solution :)

If you wish to allow that user "log on as batch.." only on that server, create separate GPO and link to OU where it is. Use GPO Security Filtering to apply it only to that particular server.

That's my suggestion :]

Krzysztof
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now