Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: RE: [gptalk] Appling permissions to Logon as service and Logon as Batch job
Prev Next
You are not authorized to post a reply.

AuthorMessages
DarraghOShaughnessyUser is Offline

Posts:161

01/18/2010 11:09 AM  
Yep, domain policy will win over local policy. It's a pity you don't
have a merge option as many sites would like an AD group that you could
pop users into to deny them local interactive logon on members servers.
Such accounts are generally used for LDAP lookups etc. Problem is that
you then have allowed local groups such as the one you mentioned the
ability to logon locally which actually weakens security in some sense.



To see the exact policy use a combo of secedit.exe and rsop.msc or
gpresult.exe







Regards,



Darragh O'Shaughnessy

IT Services Department



E-Mail: xxxxxxxxxxxxxxxx
<mailto:xxxxxxxxxxxxxxxx>



Ext: 2562

Direct Dial In: 01-7994028



Web Site: www.vhi.ie



Help the environment. If you need to print this email consider using Eco
Font to save ink: http://www.ecofont.eu/ecofont_en.html
<http://www.ecofont.eu/ecofont_en.html>





This e-mail and any files transmitted with it contain information which
may be confidential and which may also be privileged and is intended
solely for the use of the individual or entity to whom it is addressed.
Unless you are the intended recipient you may not copy or use it, or
disclose it to anyone else. Any opinions expressed are that of the
individual and not necessarily that of Vhi Healthcare. If you have
received this e-mail in error please notify the sender by return. This
footnote also confirms that this e-mail message has been Swept for the
presence of computer viruses.



From: xxxxxxxxxxxxxxxx
[mailto:xxxxxxxxxxxxxxxx] On Behalf Of Hamilton, Ronnie
Sent: 18 January 2010 11:05
To: xxxxxxxxxxxxxxxx
Subject: [gptalk] Appling permissions to Logon as service and Logon as
Batch job



HI,



In our domain we currently set a group of users to be able to logon as a
service and also a group of users to login as Batch job.



My Question :



If I install IIS 6.0 and according to KB article 812614 the following
permissions are required.









When I install IIS these permissions are obviously setup, but if my
policy applies to have AD group log on as service and also as batch.



Does this overwrite the permissions that were set using IIS. and is
there any way to check this?



My initial thoughts is that this is the case as I am having some issues
with IIS and in particular DOCM objects failing to start.



thanks



Ronnie



Ronnie Hamilton



Sr Network Engineer

Lufthansa Technik Airmotive Ireland
Naas Road, Rathcoole, Co. Dublin
Ireland
Phone: +353 1 401 1253
E-mail: xxxxxxxxxxxxxxxx

Visit our website : www.ltai.ie

__________________________________________

Lufthansa Technik Airmotive Ireland Limited. Registered in Ireland. Reg.
No. 45999. Registered Office: Naas Road, Rathcoole, Co.Dublin.

Lufthansa Technik Airmotive Ireland Leasing Limited. Registered in
Ireland. Reg. No. 140891. Registered Office: Naas Road, Rathcoole,
Co.Dublin.

__________________________________________

The information in this email and in any attachments is confidential and
may be privileged. If you are not the intended recipient, please destroy
this message, delete any copies held on your systems and notify the
sender by return email. You should not read, retain, copy, disseminate,
distribute, disclose or use this email or its contents in any way. Any
such action is strictly prohibited. Thank you.






You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > RE: [gptalk] Appling permissions to Logon as service and Logon as Batch job



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:larrys
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:1340
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use