I want to be able to set this value programmatically (preferably via WMI). It must live in the registry or some other location. Yes, I know how to do it via MMC using secpol.msc, but I need to automate this.
Asked
Active
Viewed 9,725 times
2 Answers
1
Ingo Karstein has a Powershell script on the TechNet Script Center: Grant "Log on as a service" rights by using PowerShell Perhaps you can use this to start and add your own modifications to.
Troy Osborne
- 106
- 1
- 11
0
it's a user right. it doesn't relate to any registry key. And the best place to enforce this setting is GPO instead of scripting.
strongline
- 592
- 2
- 8
-
Okay, so where is that physically stored? Can I access it via WMI? I know I can use the Win32 API to find it, but ultimately I need to flip this bit on a remote machine, and WMI seems the way to go if possible. – Mark Richman Jul 07 '15 at 15:58
-
I'm also not domain admin. Just a user which happens to have admin rights on a machine. – Mark Richman Jul 07 '15 at 16:00
-
if you are local admin, you edit local GPO (gpedit.msc) given that this setting is not enforced by policies from domain. I don't think you can change it thru WMI or find out where it is stored - User Rights are a set of core settings of Windows/GPO that are not meant to be manipulated this way. – strongline Jul 07 '15 at 16:05
-
there used to be a command line tool called NTrights that can be used for scripting to change User Rights, but this tool is now obsoleted - not sure if there is replacement for Windows 7/2008 and up – strongline Jul 07 '15 at 16:14
-
1Why gpedit.msc and not secpol.msc? I'm using secpol to edit it now. It must be stored *somewhere*. It's not a secret lol – Mark Richman Jul 07 '15 at 16:14
-
secpol works too for security settings. I have no preference. And yes it's stored somewhere, just not something for public to know (my take at least), or you should be concerned. You need to use official tools or API to maintain it, that's all. – strongline Jul 07 '15 at 16:21