Configuring User Rights Assignment policies via GPO
I'm configuring a GPO to add a local group to a user right policy, however, when configuring through GPO, all existing members of the right are removed on GPO application. You can obviously add all the users to the GPO to make sure these are retained but when the user is only local to the remote server e.g. NT SERVICE\SQLSERVERAGENT, this can't be added to the GPO from the DC which simply doesn't recognise it.
Am I right in assuming it's a case of using GPO when the user right should only contain domain accounts/groups, built-in users/groups but if additional user types need to be added then manual addition should be used instead?
Shame if it's the latter. Could do with being able to configure this via GPP like you can with local users/groups and having the option to retain the existing members which would address this initial observation
Cheers Jamie
Solution 1:
In such specific case, please open the group policy's console from the SQL server itselft, you will need to install the RSAT tool. The options are different as it will detect your local user from it, and will allows you to select it when you edit the GPO.
Be adviced the GPO will not apply correctly on server where that local user don't exist.