Setting “Log on as a service” and “Allow logon locally” with ADSI
-
06-09-2019 - |
Question
I am trying to create a powershell script to automate user creation which is working great using ADSI. However I need to set the following properties and I am not sure how (or if ADSI can even do this):
- Log on as a service
- Allow logon locally
Any ideas how to do this?
Solution
The solution to working with GPO's in PowerShell is via a COM+ object called GPMgmt.GPM which is part of the Group Policy Management Console feature. The best article for information I could find on this is: http://technet.microsoft.com/en-us/magazine/cc162355.aspx
I have yet to be able to figure out how to set those specific values though.
OTHER TIPS
This might be what you're looking for:
We can set the Logon As A Service right to user in powershell by importing the third party DLL ( Carbon ).
you can download dll from here https://bitbucket.org/splatteredbits/carbon/downloads
$Identity = "DomainName\Administrator"
$privilege = "SeServiceLogonRight"
$CarbonDllPath = "C:\Users\Administrator\Downloads\Carbon-1.5.1\Carbon\bin\Carbon.dll"
[Reflection.Assembly]::LoadFile($CarbonDllPath)
[Carbon.Lsa]::GrantPrivileges( $Identity , $privilege )