Group Policy - Log On As Service - Service unique to a PC

Posted on 2011-05-12
Last Modified: 2012-05-11
I am trying to run a number of services on a machine using an account which does not have local admin rights.

The services are not part of the standard Windows Services available in Group Policy for definition, they are for applications only installed on a particular PC.

I have tried using a User and a Computer based policy to provide Log On As Service permissions to the user account in question, but this doesn't work.

The account has full control over the install directories these services run from/write logs to.

Can anyone suggest anything?

Thanks in advance.
Question by:csnmeexchange
    LVL 7

    Accepted Solution

    Instead you can use the Security Configuration and Analysis snapin to configure the service and assign rights to the Local Account so that you can use that account to start/stop service.
    Use the following steps:
    1).Open mmc and add the Security Configuration and Analysis snapin.
    2).Follow the instruction on the right window pane to create a new database.
    3).Select setup security.inf for template and then click on Open.
    4).Right click on Security Configuration and Analysis and select Analyze Computer Now
    5).After the analysis is done go to System Services and locate the service on which you need to have the local account rights to start/stop
    6).Double click on the service and then click on View Security button.
    7).Add the user account and give the Start, stop and pause rights to the account.
    8).After you finish adding the user permissions on all the desired services, right click on Security Configuration and Analysis and then select Configure Computer Now
    9).After this is done, restart the computer.
    LVL 26

    Assisted Solution

    by:Leon Fester
    Use subinacl to change permissions on the service.



    You can just add the completed command line as a script to your logon script or deployed via GPO.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now