The case of the disappearing LogonAsService right

Problem #1 - Authentication

At a client site I have a dedicated reporting server that runs a variety of automated reports all configured as Windows services. One of these apps needs to access some remote shares to gather data files, and the share requires authentication.

Password policy requires regular password changes for all domain accounts, so I needed a solution that would allow me to have a static password that only grants access to the individual share without constantly needing to change the password on the Service.

I found a great workaround for this initial problem: when you logon to a remote service the current user name and password are tried first. So even though the computer names are different, if the local user name and password are identical on both machines then you will be granted access.

Problem #2 - Group Policy Fail

Having worked out a suitable solution for my authentication problems I was feeling pretty good about everything. Then a couple of days later I noticed the automated reports were not delivered as expected. A quick look at services.msc revealed that my service was not running. When I attempted to start the service I received the message that the service could not be started because of a logon failure. I found that if I retyped the password in the Logon As dialog then the system would reply with a message stating that the local user had been granted the LogonAsService right.

After a few fruitless rounds with the Domain Admin, I decided to look for a solution that I could implement myself without dragging him through the bowels of GP to fix it from the Domain side. After a few quick searches I came across a great little command line tool called ServiceLogonRight.exe. You call the command with the user name as the first parameter and it grants the right for that user. Super simple. I created a batch file to call the ServiceLogonRight.exe and net start MyService, and added an entry to Windows Task Scheduler to call this new batch file each morning before the report is scheduled to run.

ServiceLogonRight.exe is available here.

Re: Playing & converting VVF files with Vx4SLPlayer

thanks macca2011 u save my life hahahaha.

--Darksoldier205

Re: Changing domain password with email-only domain account

It worked beautifully! Thank you.

--Ducolares

Re: Visual Studio 2010, IIS7, Azure on XP

Thanks for explaining what's going on with Document Explorer. I found a smaller download that includ

--Mark Berry

Re: Resolved: 'Our applications don't support 64-bit operating systems'

A great write up, you really helped me out! Many thanks!!!

--Stashio

A quick update, and a sad update at that. It seems Azure on Windows XP is not going to happen after

--Dave

After many hours of searching Google I found a program that you can use to view and convert vvf file

--macca2011

Thanks for tracking this down - I had exactly the scenario you outlined, including all the false lea

--johnbull

Re: Revisiting Visual Studio 2008's integration with System i Access 6.1

Outstanding. I found your post from your response to Craig Pelkie's article on System iNet. The IB

--Keith