How do I grant "log on as a service" permission to a (local) from the command-line?

command-line-interface windows-server-2008-r2 windows-service windows-server-core

Solution 1:

I ended up grabbing ntrights.exe from the Windows 2003 Resource Kit and placing it on the server, then running ntrights +r SeServiceLogonRight -u <my user>.

I didn't install the resource-kit, because

  • I only needed ntrights.exe
  • Installation threw some OLE-related errors (that seemed to be irrelevant, but still)

Solution 2:

If you have another computer that can connect a Group Policy Object MMC to the Core Server that is the easiest way to edit the Logon As A Service privildge.

If not, you can on the server create a file with:

[Unicode]
Unicode=yes
[Privilege Rights]
SeServiceLogonRight = *S-1-5-80-0

The List of SIDs is comma separated. They have to be the actual SIDs not the account names. You have to include all the SIDs, this doesn't add or remove, it replaces the current list.

Make a backup of your current configruation:

secedit /export /cfg c:\backup.txt

Once you've got the file you can run:

secedit /configure /db secedit.sdb /cfg filename.txt

Related

CentOS 6.5 not bringing up network interface automatically after reboot [ifup eth0]
I want to inventory the hardware of my Linux systems using only ssh on the client end
OpenSSH use (public key or password) + google authenticator
How can I prevent Virtualmin from storing passwords in cleartext? [closed]
lsync, unison or some other inotify auto-syncing tool..?
How do I use robocopy to list all files over a certain size recursively?
Secondary IP (eth0:0) acts like main server IP
Ubuntu full disc encryption on Hetzner Cloud adding add static route in initramfs
Why isn't my public key allowing me to sign in without a password?
Finding out what causes CLOSE_WAIT connections with Apache & PHP & Mysql
Setting up Redmine With the Bitnami stack installer on Windows Server 2003
How do I pipe commands together in a debian preseed file?