Changing local security policy via script or command line.

[sandiyan]

We'd like to add a domain account to 'log on as service' in a
machine's local security policy.
We'd like to carry this out via a script - command line. Please can
someone point me how I could go about doing this.

We'd prefer to do it this way as opposed to domain controller GPO.

Thanks,
Sandiyan.

 

[Chriss3]

Local Policies are overwritten by applied policies from the domain. Define a
such setting in a domain policy

 

[Derek Melber [MVP]]

Be sure to check out the scripts that come with the GPMC and the Windows
Server 2003 Security Guidelines.

 

[Steven L Umbach]

You should be able to do that with ntrights from the Resource Kit. When you
create the command, keep in mind that the right you want to issue is case
sensitive. See the link below for more info on ntrights. Another possibiliy
is to create your own .inf security template to accomplish that and install
it via a startup script via the secedit /cfg command. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;279664

 

[sandiyan]

I tried to do this but it didn't work.
i.e. Setup a user account on default group policy(for log on as
service) on the domain controller and forced a refresh on the client
but the local policy didn't get updated.
DC - w2k machine
client - w2k3 server.

cheers,
sandiyan

 

[sandiyan]

ntgroups did the job for me...Thanks.

 

[Chriss3]

Sorry for late replay, run gpupdate at the client. and gpresult to see if
the particular policy gets applied.