Run batch file on Windows Server 2016


  • I would like to run a batch file with Task Sceduler on two different computers. Both machines are in the the same domain, and both users are simple domain user. One of the machines is a WINDOWS10 1709 workstation and the other Windows is a 2016 Server Standard that was installed two weeks ago, without any Domain policy settings.

    On the workstation the bach file run successfully on behalf of the user who is logged on, when I manually right click/run on the task. For the running, it is necessary to do the following in the secpol.msc before run: Local Policies / User Rights Assignment/ "Log on as batch job " policy. Click "Add User or Group" button and add the user who want to run the batch file. It works fine!

    On the 2016 server I would like to set the same setting in the "Log on as batch job" policy, but the "Add User or Group" is grayed. In the following Windows forum they have written:
    "This policy is grayed out because is overwritten by some particular domain policy. You should find that policy and edit it. Let Group Policy Management console -> Group Policy Results help you."

    On the 2016 server I verified the Group Policy Results section, but it is completely empty. This is not surprising, because no extra settings have been made in the GPM. It is interesting that I was able to add a domain user in "Log on as batch job" policy on the workstation by a local administrator, but this same setting can not be done on the 2016 server by a domain administrator.

    My question would be how to achieve on the 2016 server that "Add User or Group" button don't be gray? Which default domain policy setting causes the gray button? There are no Group Policy settings in the company, everything is set to default.

    Or is there any solution in order to run the bach file?

    Many thanks in advance,

    Friday, May 18, 2018 12:15 PM

All replies

  • Hi!

    Did I understand you correctly that you checked the Local Security Policy (Local Policies\User Rights Assignment\Log on as a batch job) on your Windows Server 2016 and it was grayed out?

    Kind regards,

    Blog:  LinkedIn:   

    Friday, May 18, 2018 12:33 PM
  • Hi!


    The problam is that I can't add user in the Local Security Policy (Local Policies\User Rights Assignment\Log on as a batch job policty (right click -> properties), because the "Add User or Group" button is grayed on the Windows 2016.

    It works fine on the workstation (Windows 10), the button wasn't grayed

    Friday, May 18, 2018 2:16 PM
  • Ok, just wanted to be on the same page.

    Can you run the following rsop.msc on your Windows Server 2016. In the Resultant Set of Policy console, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

    On the right pane, locate the “Allow log on locally” policy, check the Source GPO.

    What does it say?

    Kind regards,

    Blog:  LinkedIn:   

    Friday, May 18, 2018 3:55 PM
  • Hi!

    Thanks for your patience :)

    Source GPO column = Default Domain Controllers Policy.

    13 hours 24 minutes ago
  • Okay, according to that the policy is defined in the Default Domain Controllers Policy.

    You need to configure the policy in that Source GPO, either edit the policy in Default Domain Controllers Policy (not recommended) and add the user/group in the policy based on your requirement or create a new GPO (recommended).

    Kind regards,

    Blog:  LinkedIn:   

    13 hours 14 minutes ago
  • Okay, i have created a new GPO. Which settings are needed in the GPM Editor in order not to be grayed the "Add User or Group" button?
    10 hours 23 minutes ago
  • You can find it here:
    Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

    To get the new GPO remember to run: gpupdate /force

    Kind regards,

    Blog:  LinkedIn:   

    9 hours 57 minutes ago
  • Hey Leon,

    I did it:

    I run gpupdate /force. and "User Policy update has completed successfully". However, neither secpol.msc or rsop.msc I see the result. 

    The location of my new gpo (CCC_Automat):

    What did I wrong?
    9 hours 15 minutes ago
  • You need to make sure it gets applied to the right OU where the Users/Computers are located.

    Have a look at this document:

    Kind regards,

    Blog:  LinkedIn:   

    9 hours 7 minutes ago