Option to edit local security policy option is greyed out

Discussion in 'Windows Server' started by SBS Rocker, Nov 12, 2007.

  1. SBS Rocker

    SBS Rocker Guest

    I am installing a new version of a program on my W2K3 SP1 server and one of
    the requirements is to create a user account and grant this account the
    right to "Log on as a service" on the local machine. however when I go into
    the Local Security Policy editor I do not get the option to add or edit. It
    is greyed out. I have tried both ways using a domain admin account as well
    as the local admin account. Any ideas?
     
    SBS Rocker, Nov 12, 2007
    #1
    1. Advertisements

  2. Hello SBS,

    Is it a domain controller or member server? Anyway, it seems to be a domain
    member and then you have to configure it via the domain or OU where the server
    is located in active directory.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Nov 12, 2007
    #2
    1. Advertisements

  3. SBS Rocker

    SBS Rocker Guest

    It is a member server and the account is a local account.
     
    SBS Rocker, Nov 12, 2007
    #3
  4. SBS Rocker

    SBS Rocker Guest

    Just to add to the post. I noticed that the icons for both "Log on as a
    Service" and "Allow log on locally" are different from the others. Must be
    why I can't edit either one of them. But I did at one time and need to do it
    again.
     
    SBS Rocker, Nov 12, 2007
    #4
  5. Hello SBS,

    Configure the policy from Active directory, even if you set it locally the
    policy will be overwritten. Local policy will only apply if the other policies
    are not available.

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Nov 12, 2007
    #5
  6. SBS Rocker

    SBS Rocker Guest

    Meinholf,
    This is not a DC so AD is not available. This needs to be a local policy on
    the local machine using a local non admin account. Do you know why the
    option is greyed out to begin with and maybe I can go from there. Thanks.
     
    SBS Rocker, Nov 12, 2007
    #6
  7. Hello SBS,

    At the beginning you are talking about a domain admin account, so i must
    assume you have a domain. Doesn't matter if the machine is no DC. Is the
    machine a domain member?

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.dts-l.org/goodpost.htm
     
    Meinolf Weber, Nov 12, 2007
    #7
  8. SBS Rocker

    SBS Rocker Guest

    Ok here's the deal. the W2K3 server in question is a domain server member
    that is part of a SBS 2003 Domain. The program I am installing onto this
    server requires a "local" "non administrative" account and that this account
    be given the right to "log on as a service" on the "local" machine.
    So if I'm reading your suggestion correctly you're telling me to go to my
    SBS 2003 server and grant the "local" machine account the right in AD? How
    is AD going to authenticate a local account created on a different non AD
    server?
    I also have a test environment using 2 W2K3 servers. Same as my production
    except the DC is not an SBS 2003 server. I am able to add a local account on
    the local server.
     
    SBS Rocker, Nov 12, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.