Secpol.msc locked from editing

I'm trying to add an account for "Log on as a batch job" and it won't allow me to add or edit the policy. The add and delete are greyed out.

This is Windows Server 2008 R2 Enterprise with Exchange 2010 SP1 installed on it. It is NOT a domain controller...although it is domained.

I am logged into the machine as the domain administrator and still can't change it.

Any ideas?

Thanks in advance!
liscrAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Krzysztof PytkoConnect With a Mentor Senior Active Directory EngineerCommented:
OK, looks like you have to do this using GPO, not local policies. GPRESULT doesn't show anything which could point us ti solution :)

If you wish to allow that user "log on as batch.." only on that server, create separate GPO and link to OU where it is. Use GPO Security Filtering to apply it only to that particular server.

That's my suggestion :]

Krzysztof
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Hm, looks like

1) any other GPO in the domain blocks that
2) you need to run console with elevated privileges (click right mouse button on console and choose "run as administrator"

additionally, please run gpresult /z >c:\gpresult.txt

and attach it here, please

Regards,
Krzysztof
0
 
liscrAuthor Commented:
Hey Krzysztof,

I've run the SecPol.msc with elevated permissions, and still locked (even though I'm logged in as Domain\Administrator

Attached are the GPResults.

Thanks!
GPResult.txt
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.