Log on as batch job
I've got two local user accounts on a server that I added to GP so that they could log on locally as a batch job. However, since the users do not exist on other servers it caused an error in event viewer. How would I go about adding the users without getting this error? I've tried doing it just on the local server but since it's under the control of the GP it's greyed out.
Hope I'm making sense!
A quick way around this is to create a new GPO with the Logon as Batch Job settings, link the GPO to the appropriate OU in your domain and then edit the security permissions on the GPO and remove the "Apply Group Policy" permission for "Authenticated Users", this can be done in the Group Policy Management Console, select the GPO, click the Delegation tab and click advanced. Then add the computer account to the GPO Security settings and give it Read and Apply Group Policy permissions.
The GPO will then be within the scope of the computers in the OU, but only the computer(s) you specify in the permissions will apply the GPO.
I am wary of doing this since we've got an RM system and there's no telling what this, seemingly simple, change could do.
Originally Posted by dan400007
I'm thinking I could either ignore the errors, which shouldn't cause any problems, or add the users onto each server as local users? That would work?