Configuring User Rights Assignment policies via GPO

group-policy

I'm configuring a GPO to add a local group to a user right policy, however, when configuring through GPO, all existing members of the right are removed on GPO application. You can obviously add all the users to the GPO to make sure these are retained but when the user is only local to the remote server e.g. NT SERVICE\SQLSERVERAGENT, this can't be added to the GPO from the DC which simply doesn't recognise it.

Am I right in assuming it's a case of using GPO when the user right should only contain domain accounts/groups, built-in users/groups but if additional user types need to be added then manual addition should be used instead?

Shame if it's the latter. Could do with being able to configure this via GPP like you can with local users/groups and having the option to retain the existing members which would address this initial observation

Cheers Jamie


Solution 1:

In such specific case, please open the group policy's console from the SQL server itselft, you will need to install the RSAT tool. The options are different as it will detect your local user from it, and will allows you to select it when you edit the GPO.

Be adviced the GPO will not apply correctly on server where that local user don't exist.

Related

Port 80 not open. Still gets 404 when curl
Intel SSB temperature sensor
How to redirect forward from one subdomain to another subdomain with DNS?
Restore permissions to all files in folder using RPM
flask, gunicorn (gevent), sqlalchemy (postgresql): too many connections
Do nodes in a single-switch ethernet network governed by dnsmasq communicate directly, or via the router?
Access to Administrator account from unknown computer names
Sievie for outgoing mail - dovecot
Can I segment my network based on two different criteria?
Can I create a policy to disable a computer or user at a certain time?
How to solve chicken or the egg issue with client TLS certificates on a physical host?
Can't Open Ports Google Cloud VM Instance