Windows – Task Scheduler – Log on as a batch job Policy Settings

After some time I noticed that some servers that had Batch Jobs running, where failing.

While I could not remember that something had changed. Except a reboot of the Domain Controller recently.

When I tried to change the settings of the Task in the Task Scheduler. I got this pop-up ?

This task requires that the user account specified has Log on as batch job rights. For more information about setting this policy, see the Task 5ecurity Context topic in Help.

image

I remembered that I had to change the Policy to give a specific user permission to run a batch job.

But unfortunately I had done this on the GPO and not on the local Policy Sad smile This explained why after the reboot the things started getting bad.

The fix is easy.

On the Domain Controller open the GPMC.msc

image

Next right click and choose EDIT.

Go to Computer Configuration –> Policies –> Security Settings –> Local Policies –> User Right Assignment –> Log on as a batch job.

image

And remove all entries. Makes sure it is set to NOT DEFINED.

Next go to the server (s) that have the issues and run this command.

gpupdate

image

Next open the local Policy Console SECPOL.msc

image

And check that all entries are back OK.

Next change the task that had the issues and verify that the pop up message is gone. Smile

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: