Log on as a batch job

I

Ivan

We have a Windows XP Professional machine in a domain on which we're trying
to run a scheduled task as a domain account. We've added this domain acount
into a local group which is included in the "Log on as a batch job"
privilege. This privilege is assigned through group policy, and confirmed on
the machine by rsop.msc.

However when we attempt to start the scheduled task we receive a "Could not
start" message in Scheduled tasks and an error in the application event log
stating that the domain account cannot be loaded. Are there other sections
in User Rights Assignment (for example "Log on as a service" where we have
to add the local account (containing the domain account) in order to run our
scheduled task?
 
G

Guest

Hi Ivan,
Depending on the task you are trying to run, the account you use may need to
be a member of the local Administrators group on the PC.

Alternatively, forget XP's inbuilt task scheduler and have a look at
Splinterware's System Scheduler Free Version -
http://www.splinterware.com/products/wincron.htm

I use this on an XP machine that had similar problems with XP task
scheduler, and this utility sorted me just fine.

Good Luck
 
W

Will

KieronH said:
Hi Ivan,
Depending on the task you are trying to run, the account you use may need
to
be a member of the local Administrators group on the PC.

Alternatively, forget XP's inbuilt task scheduler and have a look at
Splinterware's System Scheduler Free Version -
http://www.splinterware.com/products/wincron.htm

I use this on an XP machine that had similar problems with XP task
scheduler, and this utility sorted me just fine.
Click to expand...

I thought that Administrators group has implicit membership in Logon as a
Batch Job? And the entire point of Logon as a Batch Job privilege is to
create a reduced privilege level so you don't go compromising the machine
every time a user needs to run a batch job. In a perfect world no one
ever needs Administrator privilege who doesn't have legitimate needs to
*administer* the box.

My brief experiments suggest that running a scheduled task requires the user
context that runs the task to load a user profile, and apparently on our
Windows XP install that required the user to have the additional user
privilege of "Logon as a User". Note that we run with stricter than normal
permissions, and this behavior may be a side effect of our particular setup.
We strip out Everyone and Authenticated Users from most of our ACLs.

I am very interested in knowing what is the correct answer to the question
that was asked on a stock Windows XP installation. And a slightly more
technical question: when a user is logged in to a box with Logon as a
Batch Job, what security groups does that implicitly add that user into?
 
S

Steven L Umbach

To find out more details on why it failed enable auditing of privilege use
and logon events for failure on that computer and then review the security
log after it fails again for any failures at the time that job fails which
should give you some more clues as to why the job failed. You also may
temporarily want to add that domain user account to the local administrators
group on that computer to see what happens.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Logon as a batch job 2
Batch job question 8
Scheduled Task running as SYSTEM fails with logged-on user 3
WMI LocalSystem error/bug with Interactive User logged on. 0
Scheduled Task to Access Network Resource 2
Disable logon to XP without disabling or locking account? 1
error 1314: A required privilege is not held by the client. 3
How to add user into Log on as a Batch Job ... 3

Top