Setting “Log on as a service” and “Allow logon locally” with ADSI

Question

I am trying to create a powershell script to automate user creation which is working great using ADSI. However I need to set the following properties and I am not sure how (or if ADSI can even do this):

• Log on as a service
• Allow logon locally

Any ideas how to do this?

Answer 1

The solution to working with GPO's in PowerShell is via a COM+ object called GPMgmt.GPM which is part of the Group Policy Management Console feature. The best article for information I could find on this is: http://technet.microsoft.com/en-us/magazine/cc162355.aspx

I have yet to be able to figure out how to set those specific values though.

Answer 2

This might be what you're looking for:

https://gist.github.com/ned1313/9143039

Answer 3

We can set the Logon As A Service right to user in powershell by importing the third party DLL ( Carbon ).

you can download dll from here https://bitbucket.org/splatteredbits/carbon/downloads

$Identity = "DomainName\Administrator"
$privilege = "SeServiceLogonRight"

$CarbonDllPath = "C:\Users\Administrator\Downloads\Carbon-1.5.1\Carbon\bin\Carbon.dll"

[Reflection.Assembly]::LoadFile($CarbonDllPath)

[Carbon.Lsa]::GrantPrivileges( $Identity , $privilege )