none
Log on as batch job right

    Question

  • I'm simply trying to configure Task Scheduler to run batch files in the middle of the night.  So I created a task within the scheduler and have specified "Run whether the user is logged on or not".  When I hit ok, it promots me for my username/password.  I'm a domain/enterprise admin logged into a domain account.  It tells me;

    "This task requires that the user account specified has Log on as batch job rights"

    Ok, so after looking this up I find myself editing the default domain policy:

    Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

    I find the above user right, enable it and add my username.  I log off, back on again and back into the scheduler.  It still tells me I need this right.  I checked, my username is there in the list beside the right.

    Why can't I create a schedule even with the right I'm supposed to have?

    Thanks!

     --- Edit:

    Ok I found this:

    2. Type in secpol.msc /s

    3. Select "Local Policies" in MSC snap in

    4. Select "User Rights Assignment"

    5. Right click on "Log on as batch job" and select Properties

    6. Click "Add User or Group", and include the relevant user.

    There's a lot of users in here for different things but the Add User or Group button is greyed out.  I'm a domain/enterprise administrator.  Why can't I add anything here?

     

    Or put more simply, how do I give myself this right?

    Thanks again

     

    • Edited by meshman333 Wednesday, November 30, 2011 9:27 PM
    Wednesday, November 30, 2011 9:19 PM

Answers

  • Hi,

    Thanks for your posting.

    Do you mean you configured Task Scheduler on your DC, but when you tried to save the setting, you got error with “This task requires that the user account specified has log on as batch job rights”?

    I think your issue is caused by “Default Domain Policy” or “Default Domain Controllers Policy”. Please check Settings tab of these two GPOs in Group Policy Management Consult. Make sure your account is not be added in “Computer Configuration-->Policies-->Windows Settings-->Security Settings-->Local Policies-->User Rights Assignment-->Deny log on as a batch job” and have correctly configured in “log on as a batch Job”.

    Or you can reset these two Default Policies by referring to following article:
    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/e8a7c194-d3bf-4e1c-857c-7f779cc86705

    And for your question “There's a lot of users in here for different things but the Add User or Group button is greyed out”. I think this setting is overwritten by “Default Domain Controller Policy”, so you can’t modify the local policy.

    Hope this can help! If you have any questions or confusions, please let us know.

    Best Regards,
    Lawrence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 01, 2011 6:02 AM
    Moderator
  • This policy is grayed out because is overwritten by some particular domain policy. You should find that policy and edit it. Let Group Policy Management console -> Group Policy Results help you.
    MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI
    • Marked as answer by meshman333 Thursday, December 01, 2011 1:29 PM
    Wednesday, November 30, 2011 10:55 PM

All replies

  • This policy is grayed out because is overwritten by some particular domain policy. You should find that policy and edit it. Let Group Policy Management console -> Group Policy Results help you.
    MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA; CCSI
    • Marked as answer by meshman333 Thursday, December 01, 2011 1:29 PM
    Wednesday, November 30, 2011 10:55 PM
  • Hi,

    Thanks for your posting.

    Do you mean you configured Task Scheduler on your DC, but when you tried to save the setting, you got error with “This task requires that the user account specified has log on as batch job rights”?

    I think your issue is caused by “Default Domain Policy” or “Default Domain Controllers Policy”. Please check Settings tab of these two GPOs in Group Policy Management Consult. Make sure your account is not be added in “Computer Configuration-->Policies-->Windows Settings-->Security Settings-->Local Policies-->User Rights Assignment-->Deny log on as a batch job” and have correctly configured in “log on as a batch Job”.

    Or you can reset these two Default Policies by referring to following article:
    http://social.technet.microsoft.com/Forums/en/winserverDS/thread/e8a7c194-d3bf-4e1c-857c-7f779cc86705

    And for your question “There's a lot of users in here for different things but the Add User or Group button is greyed out”. I think this setting is overwritten by “Default Domain Controller Policy”, so you can’t modify the local policy.

    Hope this can help! If you have any questions or confusions, please let us know.

    Best Regards,
    Lawrence


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, December 01, 2011 6:02 AM
    Moderator
  • Found it, thanks!

     

    Thursday, December 01, 2011 1:30 PM
  • That was it.  Thanks for the info.
    Wednesday, March 07, 2012 4:07 PM
  • Just a heads up. If you have COM+ objects that use COM identity passwords to run applications this modification will break that identity.

    It changes the password of the identity for some reason.

    I have website application that runs COM+ objects and had to reset the password in the COM+ object identity tab. This website did not come back up until this was changed!


    • Edited by Eric4381 Wednesday, April 17, 2013 3:03 PM
    Wednesday, December 12, 2012 6:30 PM
  • Or you merely need that user added the 'Log on as batch job' right.

    The steps are outlined here:

    http://goo.gl/pNMLl


    Arthur My Blog

    Thursday, July 04, 2013 1:49 PM
  • Could you please explain in more detail the error you encountered with com objects. I believe I am having the same issue but have been unable to fix it.
    Friday, November 08, 2013 4:19 PM
  • This worked fgor me 100%

    thanks for the post!

    Friday, December 20, 2013 7:34 AM
  • Thank You for that solution! Work all fine.

    J.S.

    Tuesday, December 29, 2015 8:34 AM
  • Hi,

    Another way is to add your user to Backup Operators group...

    Regards

    G.

    Monday, August 21, 2017 4:04 PM