You’re not missing something, that’s what I’d need to do as yeah I was at the domain GP. Obviously the times I have done it prior it didn’t matter if I was wiping anything set locally. ☺
From: [email protected] [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Friday, July 31, 2015 12:44 PM To: [email protected] Subject: RE: [NTSysADM] GPO Brain cramp - log on as a service, append perms Right, good point. I was aware that he was using domain Group Policy and I was comparing them as if they were the same. Domain GPOs always override the local GP. To make it “the same” as the local group policy, Dave would have to define exactly what accounts need this right. This would include the default as well as the extra accounts he needs to specify, as far as I can tell. Unless I’m still missing something. From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Miller Bonnie L. Sent: Thursday, July 30, 2015 4:38 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] GPO Brain cramp - log on as a service, append perms Actually, I think Dave is saying he’s not using LGPO, but domain GPO. As far as I know, that’s how the domain GPO option works, it replaces what is there. LGPO should already have what is already there, so wouldn’t remove/change that part if you just add something. -Bonnie From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Thursday, July 30, 2015 1:03 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] GPO Brain cramp - log on as a service, append perms I’m not on a domain member machine right now, but I open the setting, add Groups to the object types that I need to choose from, add the local Administrators group and it holds. (The only existing principal was NT SERVICE\ALL SERVICES, but that remains along with Administrators.) From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Dave Lum Sent: Thursday, July 30, 2015 3:48 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] GPO Brain cramp - log on as a service, append perms Affirmative From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Thursday, July 30, 2015 12:16 PM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] GPO Brain cramp - log on as a service, append perms When you add the group to “Local Policies\User Rights Assignment\Log on as a service” it removes all other entries? From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Dave Lum Sent: Wednesday, July 29, 2015 10:56 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] GPO Brain cramp - log on as a service, append perms I swear I’ve done this before but seem to be remembering it wrong. I want to give an Active Directory group permissions to log on as a service, but the GPO I create to do this flattens the existing settings on the machine itself (in my case it’s NT SERVICE\<windows internal databasename> and some others depending on the machine). What n0b step am I overlooking? Google-Fu also fails me… Dave Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies. Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies. Attention: Information contained in this message and or attachments is intended only for the recipient(s) named above and may contain confidential and or privileged material that is protected under State or Federal law. If you are not the intended recipient, any disclosure, copying, distribution or action taken on it is prohibited. If you believe you have received this email in error, please contact the sender, delete this email and destroy all copies.
