Solved

Secpol.msc locked from editing

Posted on 2011-02-23
3
2,864 Views
Last Modified: 2012-05-11
I'm trying to add an account for "Log on as a batch job" and it won't allow me to add or edit the policy. The add and delete are greyed out.

This is Windows Server 2008 R2 Enterprise with Exchange 2010 SP1 installed on it. It is NOT a domain controller...although it is domained.

I am logged into the machine as the domain administrator and still can't change it.

Any ideas?

Thanks in advance!
0
Comment
Question by:liscr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34962535
Hm, looks like

1) any other GPO in the domain blocks that
2) you need to run console with elevated privileges (click right mouse button on console and choose "run as administrator"

additionally, please run gpresult /z >c:\gpresult.txt

and attach it here, please

Regards,
Krzysztof
0
 

Author Comment

by:liscr
ID: 34963087
Hey Krzysztof,

I've run the SecPol.msc with elevated permissions, and still locked (even though I'm logged in as Domain\Administrator

Attached are the GPResults.

Thanks!
GPResult.txt
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34963329
OK, looks like you have to do this using GPO, not local policies. GPRESULT doesn't show anything which could point us ti solution :)

If you wish to allow that user "log on as batch.." only on that server, create separate GPO and link to OU where it is. Use GPO Security Filtering to apply it only to that particular server.

That's my suggestion :]

Krzysztof
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question