Wednesday, October 7, 2009

Blackberry Professional Server config - "log in as a service" greyed out

1) Logon to the server in question as Domain Administrator. Open up the Active Directory Users & Computers (ADUC) snap-in.
2) Right click on the Domain and choose Properties. Click on the Group Policy tab and open the group policies. You have to do this unless you install the GPMC on the server.
3) Create a new Group Policy and name it something appropriate.
4) Navigate to Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
5) Double click on the item you want to alter and click on Add User or Group.
6) Click on Browse and change the From this Location to the local machine (if you don't do this you only see domain users)
7) Enter the username (or click the Advance button - I'm not going into how to use that here)
8) Click OK a few times until you see the local username in the Properties box.

Now you need to set this GPO so that it only applies to the machine in question. You can do this through permissions, but I decided to do it via a WMI Filter.

1) On your DC with the GPMC installed right-click on the WMI Filter item and choose New.
2) Give it a meaningful name and description and click on Add.
3) You don't need to change the namespace.

Type in the following (or copy and paste if you prefer) into the Query box:

SELECT * FROM Win32_ComputerSystem WHERE Name = ''

Change to the name of your the server you want the GPO to act upon.

4) Click OK a few times.

Now you need to apply this filter to the GPO created above:

1) In the GPMC right-click on the GPO and choose Edit.
2) Right-click on the GPO name at the top of the MMC left-hand column and choose Properties
3) Click on the WMI Filter tab and then click on This Filter and then on Browse / Manage
4) Choose the WMI Filter you created above and then click OK a few times.

I also found that I needed to set the GPO to be Enforced (right-click on it in the GPMC and check Enforced) and to run a GPUPDATE /force on the server. This also required a reboot of the server.


from here

http://uksbsguy.com/blogs/ianwatkins/archive/2007/02/17/enabling-log-on-as-a-service-for-a-local-user.aspx

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...
Web Design & Marketing - Click and get an instant quote on your project