To apply a GPO just to that server in the OU, filter the security to apply to the computer account.
-Bonnie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2008 9:27 AM To: NT System Admin Issues Subject: RE: Starting services OK for one set of systems, but it turns out one of the systems has a local user running the service, and this local user is not an admin. (Hey, I didn't write this thing for which we pay $18k+/yr subscription!) Trying to set the policy on the local machine won't work - the add users is grayed-out locally. In the domain policy tools, I can point to an OU containing the server but not the server (for adding that local user). Next trick? (Some should be obvious, but I'm fighting about 5 other problems at the moment.) Thanks again! -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Damien Solodow" <[EMAIL PROTECTED]> wrote on 07/21/2008 10:17:19 AM: > It sounds like you have a GPO applying to those systems that defines > what accounts have the right "Logon as a service". Add those two service > accounts to that GPO and your problem will go away. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Monday, July 21, 2008 11:16 AM > To: NT System Admin Issues > Subject: Starting services > > We have here two separate systems with the same problem... > > The environment is Win2003 sp2 Native AD. > > The servers in question are all stand-alone boxes (non-DCs). > > For both systems, the instructions say a domain user account must be > created. Then that account must be an administrator on that specific > machine... > > Things run for a while. However if anything stops the service (a > re-boot, > or simply trying to re-set the service), the service fails to start due > to > a login error. > > One must go into "Services -> Properties -> Login" and re-enter the > password for that account. (The account name is shown, along with a > pair > of rows of black dots in the Password fields.) We are then told > "[Account] has been granted to log in as a service". THEN the service > can > be started. > > What needs to be done to eliminate this need to go re-enter a password? > As > it is now, "Automatic" services are far from being automatic! > > Thanks... > -------------------------------------- > Richard McClary, Systems Administrator > ASPCA Knowledge Management > 1717 S Philo Rd, Ste 36, Urbana, IL 61802 > 217-337-9761 > http://www.aspca.org > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
