Using powershell, how do I grant “Log on as service” to an account?
I\'m trying to use powershell to configure the account credentials, but I need to grant the account \"Log on as a service\" right in order for it to work. How can I do this
-
Solution without importing the whole db
function setSecurityPolicy { Param ( [Parameter(Mandatory=$true, Position=0)] [string] $username, [Parameter(Mandatory=$true, Position=1)] [string] $securityField ) $sid; if($username -like "*\*"){ $user = $username.split('\') $domain=$user[0] $usernametemp=$user[1] $sid=(get-wmiobject Win32_useraccount -filter "name='$usernametemp' and Domain='$domain'").SID } else { $sid=(get-wmiobject Win32_useraccount -filter "name='$username' and Domain='$($env:COMPUTERNAME)'").SID } if(-not($sid)){ try{ $sid= (Get-Localgroup "$username").SID.VALUE } catch{ } } if(-not($sid)) { $Host.UI.WriteErrorLine("setSecurityPolicy error : Account $username not found!") exit 1 } $tmp = [System.IO.Path]::GetTempFileName() secedit.exe /export /cfg "$tmp" | Out-Null $currentSetting = Select-String -Pattern "$securityField = (.*)" -path $tmp | select -Expand Matches | % { $_.Groups[1].Value } remove-item $tmp -Force if($currentSetting -notlike "*$sid*" ){ Write-Host "Modify Setting ""$securityField""" if( [string]::IsNullOrEmpty($currentSetting) ) { $currentSetting = "*$sid" } else { $currentSetting = "*$sid,$currentSetting" } $outfile = @" [Unicode] Unicode=yes [Version] signature="`$CHICAGO`$" Revision=1 [Privilege Rights] $securityField = $currentSetting "@ $tmp2 = [System.IO.Path]::GetTempFileName() Write-Host "Import new settings to Local Security Policy" $outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force try { secedit.exe /configure /db "secedit.sdb" /cfg "$tmp2" /areas USER_RIGHTS } finally { remove-item $tmp2 -Force } } }
加载中...
- 热议问题