question

Deepika-6627 avatar image
0 Votes"
Deepika-6627 asked IanXue-MSFT commented

How to update security group policy “Allow log on locally” in gpedit using powershell

Hi,

I have a user group called "Remote desktop users" which i need to add in "allow log on locally" section of User Rights Assignment in gpedit.
Following are the steps to do it manually.

  1. go to gpedit

  2. navigate to path “comp config>window settings>security settings>local policies>user rights assignment”

  3. Double click on "Allow log on locally“" .

  4. Add user "Remote desktop user"

  5. Save

This I want to achieve via powershell script.

Please help me with any suggestions.

Thanks



windows-server-powershellwindows-group-policy
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Is there any update? Have you got a chance to verify the below suggestions?
Please feel free to let us know if more assistance is needed. If the reply is helpful, please “Accept Answer” to help other community members find it more easily.

0 Votes 0 ·

1 Answer

IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered

Hi,

You can set the security group policy using secedit.

 $user = "Remote desktop user"
 $tmp = [System.IO.Path]::GetTempFileName()
 secedit.exe /export /cfg $tmp
 $settings = Get-Content -Path $tmp
 $account = New-Object System.Security.Principal.NTAccount($user)
 $sid = $account.Translate([System.Security.Principal.SecurityIdentifier])
 for($i=0;$i -lt $settings.Count;$i++){
     if($settings[$i] -match "SeInteractiveLogonRight")
     {
         $settings[$i] += ",*$($sid.Value)"
     }
 }
 $settings | Out-File $tmp
 secedit.exe /configure /db secedit.sdb /cfg $tmp  /areas User_RIGHTS
 Remove-Item -Path $tmp

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.