The only time the local accounts are greyed out IIRC is when the computer *is* a DC. That changes the scope completely because then you will want to modify the Domain Controller Security Policy, rather than Domain Security Policy (if you want this system wide).
You can also modify the local security policy under admin tools, or run gpedit.msc. If the options in there are greyed out, then you have a domain policy enforcing something and cannot be overridden. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 12:33 PM To: NT System Admin Issues Subject: RE: Starting services For some reason, this was locked down. HOWEVER, I put that machine into a new OU and assigned a GPO for it. Once I "browsed" for the OU, I had to manually enter (rather than browse) [machine_name]\[username]. Thanks for your patience! -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Damien Solodow" <[EMAIL PROTECTED]> wrote on 07/21/2008 11:28:51 AM: > On the local machine, run mmc and add Group Policy to it. It will ask > you what GPO to modify, select the one that has the Logon rights. > > Since you're modifying it on the machine that houses the account, you'll > be able to add it to the policy. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 21, 2008 12:27 PM > To: NT System Admin Issues > Subject: RE: Starting services > > OK for one set of systems, but it turns out one of the systems has a > local > user running the service, and this local user is not an admin. (Hey, I > didn't write this thing for which we pay $18k+/yr subscription!) > > Trying to set the policy on the local machine won't work - the add users > > is grayed-out locally. In the domain policy tools, I can point to an OU > > containing the server but not the server (for adding that local user). > > Next trick? (Some should be obvious, but I'm fighting about 5 other > problems at the moment.) Thanks again! > -------------------------------------- > Richard McClary, Systems Administrator > ASPCA Knowledge Management > 1717 S Philo Rd, Ste 36, Urbana, IL 61802 > 217-337-9761 > http://www.aspca.org > > > "Damien Solodow" <[EMAIL PROTECTED]> wrote on 07/21/2008 > 10:17:19 AM: > > > It sounds like you have a GPO applying to those systems that defines > > what accounts have the right "Logon as a service". Add those two > service > > accounts to that GPO and your problem will go away. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Monday, July 21, 2008 11:16 AM > > To: NT System Admin Issues > > Subject: Starting services > > > > We have here two separate systems with the same problem... > > > > The environment is Win2003 sp2 Native AD. > > > > The servers in question are all stand-alone boxes (non-DCs). > > > > For both systems, the instructions say a domain user account must be > > created. Then that account must be an administrator on that specific > > machine... > > > > Things run for a while. However if anything stops the service (a > > re-boot, > > or simply trying to re-set the service), the service fails to start > due > > to > > a login error. > > > > One must go into "Services -> Properties -> Login" and re-enter the > > password for that account. (The account name is shown, along with a > > pair > > of rows of black dots in the Password fields.) We are then told > > "[Account] has been granted to log in as a service". THEN the service > > can > > be started. > > > > What needs to be done to eliminate this need to go re-enter a > password? > > As > > it is now, "Automatic" services are far from being automatic! > > > > Thanks... > > -------------------------------------- > > Richard McClary, Systems Administrator > > ASPCA Knowledge Management > > 1717 S Philo Rd, Ste 36, Urbana, IL 61802 > > 217-337-9761 > > http://www.aspca.org > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
