1. Open Local Security Policy.
2. In the console tree, double-click Local Policies, and then click User Rights Assignments.
3. In the details pane, double-click Log on as a service.
4. Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.

To add the “Log on as a service” right to an account for a Group Policy object, when you are on a workstation or server that is joined to a domain

1. Click Start, point to Run, type mmc, and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. In Add/Remove Snap-in, click Add, and then, in Add Standalone Snap-in, double-click Group Policy Object Editor.
4. In Select Group Policy Object, click Browse, browse to the Group Policy object (GPO) that you want to modify, click OK, and then click Finish.
5. Click Close, and then click OK.
6. In the console tree, click User Rights Assignment.

   Where?

   • GroupPolicyObject [ComputerName] Policy
   • Computer Configuration
   • Windows Settings
   • Security Settings
   • Local Policies
   • User Rights Assignment
7. In the details pane, double-click Log on as a service.
8. If the security setting has not yet been defined, select the Define these policy settings check box.
9. Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.

To add the “Log on as a service” right to an account for a Group Policy object, when you are on a domain controller or on a computer that has the Windows Server 2003 Administration Tools Pack installed

1. Open Active Directory Users and Computers.
2. In the console tree, right-click the domain or organizational unit (OU) for which you want to edit security settings.
3. Click Properties, and then click the Group Policy tab.
4. In Group Policy Object Links, click the Group Policy object for the domain or OU for which you want to edit security settings, and then click Edit.
5. In the console tree, click User Rights Assignment.

   Where?

   • GroupPolicyObject [ComputerName] Policy
   • Computer Configuration
   • Windows Settings
   • Security Settings
   • Local Policies
   • User Rights Assignment
6. Double-click Log on as a service in the details pane.
7. If this security setting has not yet been defined, select the Define these policy settings check box.
8. Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.

To add the “Log on as a service” right to an account for only domain controllers, when you are on a domain controller

1. Open Domain Controller Security Policy.
2. In the console tree, click User Rights Assignment.

   Where?

   • Security Settings
   • Local Policies
   • User Rights Assignment
3. In the details pane, double-click Log on as a service.
4. If this security setting has not yet been defined, select the Define these policy settings check box.
5. Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.

Notes

• To open Local Security Policy, click Start, point to Control Panel, point to Administrative Tools, and then double-click Local Security Policy.
• To open Domain Controller Security Policy, click Start, point to All Programs, point to Administrative Tools, and then click Domain Controller Security Policy.
• When you change a security setting, that setting will take effect in the next refresh of settings.
• The security settings are refreshed every 90 minutes on a workstation or server and every 5 minutes on a domain controller. The settings are also refreshed every 16 hours, whether or not there are any changes.