For some reason, this was locked down. HOWEVER, I put that machine into a new OU and assigned a GPO for it. Once I "browsed" for the OU, I had to manually enter (rather than browse) [machine_name]\[username].
Thanks for your patience! -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Damien Solodow" <[EMAIL PROTECTED]> wrote on 07/21/2008 11:28:51 AM: > On the local machine, run mmc and add Group Policy to it. It will ask > you what GPO to modify, select the one that has the Logon rights. > > Since you're modifying it on the machine that houses the account, you'll > be able to add it to the policy. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 21, 2008 12:27 PM > To: NT System Admin Issues > Subject: RE: Starting services > > OK for one set of systems, but it turns out one of the systems has a > local > user running the service, and this local user is not an admin. (Hey, I > didn't write this thing for which we pay $18k+/yr subscription!) > > Trying to set the policy on the local machine won't work - the add users > > is grayed-out locally. In the domain policy tools, I can point to an OU > > containing the server but not the server (for adding that local user). > > Next trick? (Some should be obvious, but I'm fighting about 5 other > problems at the moment.) Thanks again! > -------------------------------------- > Richard McClary, Systems Administrator > ASPCA Knowledge Management > 1717 S Philo Rd, Ste 36, Urbana, IL 61802 > 217-337-9761 > http://www.aspca.org > > > "Damien Solodow" <[EMAIL PROTECTED]> wrote on 07/21/2008 > 10:17:19 AM: > > > It sounds like you have a GPO applying to those systems that defines > > what accounts have the right "Logon as a service". Add those two > service > > accounts to that GPO and your problem will go away. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Sent: Monday, July 21, 2008 11:16 AM > > To: NT System Admin Issues > > Subject: Starting services > > > > We have here two separate systems with the same problem... > > > > The environment is Win2003 sp2 Native AD. > > > > The servers in question are all stand-alone boxes (non-DCs). > > > > For both systems, the instructions say a domain user account must be > > created. Then that account must be an administrator on that specific > > machine... > > > > Things run for a while. However if anything stops the service (a > > re-boot, > > or simply trying to re-set the service), the service fails to start > due > > to > > a login error. > > > > One must go into "Services -> Properties -> Login" and re-enter the > > password for that account. (The account name is shown, along with a > > pair > > of rows of black dots in the Password fields.) We are then told > > "[Account] has been granted to log in as a service". THEN the service > > can > > be started. > > > > What needs to be done to eliminate this need to go re-enter a > password? > > As > > it is now, "Automatic" services are far from being automatic! > > > > Thanks... > > -------------------------------------- > > Richard McClary, Systems Administrator > > ASPCA Knowledge Management > > 1717 S Philo Rd, Ste 36, Urbana, IL 61802 > > 217-337-9761 > > http://www.aspca.org > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
