I have a need to add a domain account to the local admin group and
also grant it 'Log on as a service' right.

I have a VBScript to add the account to the admin group and a batch
file that uses the Res Kit util NTRIGHTS.EXE to agrant the 'Log on as
a service' right.

The problem I have is getting the things to execute. My apps have to
be deployed via GPOs so there is no domain access granted during the
MSI install.

If I set these as RunOnce values or as ActiveSetup values in the
registry they will only run if the user logging in has the necessary

How can I get these rights granted without leaving a trail of
sensitive passwords around?


PS: I know I can do this via GPO settings but I'd rather have a 'one-
stop-shop' approach to save the customer support monkeys from
conscious thought and the potential trauma that entails.
0 Comments   [ - ] Hide Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity


You deploy via GPO, so you use MSIs, right?
How about adding a custom action that runs the needed actions? Then you can put the sources needed inside the msi.
Answered 01/04/2007 by: KPrinz
Fourth Degree Green Belt

Please log in to comment