Add NT Service accounts to Logon as a service within a GPO

Question

Hi

There is a Windows Server core SQL box with a number of NT Server\sql accounts.

I am creating a GPO to configure the logon as a service right and trying to add these "virtual accounts" but unable to find these accounts when I go to the user picker.

I know if the SQL box was GUI I could use security templates GUI or install GPMC on the machine and find the accounts that way but as its core I am limited in what I can do.

Anyone have any tips or tricks? It maybe I have to create a template ini file but not sure as I need to add GUIDs but that leads me to struggle in finding these virtual accounts on the server and retrieving their GUIDs.

Thanks in advance.

Fred

Answer 1

Hi @Fred Smith 4230

check this technet discussion the guidance is very well explained:

How do I Assign the Log on as a service user right to NT SERVICE\ALL SERVICES with THIS group policy editor?
https://social.technet.microsoft.com/Forums/en-US/5cd2106f-47e0-4079-ae3b-5d3178c5d95e/how-do-i-assign-the-log-on-as-a-service-user-right-to-nt-serviceall-services-with-this-group-policy?forum=winserverGP

More explanation:

Configure Windows Service Accounts and Permissions
https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-ver15

Hope this helps with your query!

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

Hi sorry

I did not get an email to say someone replied. Sorry the above does not work as the SQL server is core so I cannot (mentioned it already) install GPMC on it, therefore I cannot add the NT service accounts.

If there is no such way to do it, fine - need a microsoft bod to tell me that is the case.