none
Local Policy / User Rights ASsignments / Replace a process level token -- how to add local accounts to this GPO

    Question

  • We are giving permissions to a domain account for our backup system to Exchange servers for the user rights assignment of "replace a process level token". However, when this GPO is applied, the existing entries are deleted. Thus removing several "IIS APPPOOL\NET v4.3" and similar accounts from this policy.

    Is there a way to set a GPO which will apply this right to a domain account without losing the local accounts? ( merge) ?

    Thanks in advance!!

    Tom

    Friday, July 08, 2016 6:22 PM

Answers

  • Hi Tom,

    Thanks for your post.

    To clarify, what do you want to do is that you define the setting Replace a process level token and want to add local account of some computers?

    If yes, you could try those actions below.

    1. Click Add users or groups, then click Browse
    2. Then click Locations and select Entire Directory, then click OK
    3. Type Computername\username to add local account to the setting

    If not, please explain more about your problem.

    Thank You.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 11, 2016 7:13 AM
    Moderator
  • >  1. /Click Add users or groups, then click Browse/
     
    You can add local users from different computers if you do NOT click
    "Browse", but simply type the name in. If you want to browse, you need
    to do that on the computer that has the local account - browsing will
    resolve the user to its SID...
     
    Monday, July 11, 2016 9:38 AM

All replies

  • Hi Tom,

    Thanks for your post.

    To clarify, what do you want to do is that you define the setting Replace a process level token and want to add local account of some computers?

    If yes, you could try those actions below.

    1. Click Add users or groups, then click Browse
    2. Then click Locations and select Entire Directory, then click OK
    3. Type Computername\username to add local account to the setting

    If not, please explain more about your problem.

    Thank You.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, July 11, 2016 7:13 AM
    Moderator
  • >  1. /Click Add users or groups, then click Browse/
     
    You can add local users from different computers if you do NOT click
    "Browse", but simply type the name in. If you want to browse, you need
    to do that on the computer that has the local account - browsing will
    resolve the user to its SID...
     
    Monday, July 11, 2016 9:38 AM