Log on as a batch job

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have noticed that several user accounts have been given permission to 'Log on as a batch job' and these accounts are listed/have been added
in the Default Domain controllers Policy. Does someone have an idea as to how these users can be added to to the Default Domain Controllers Policy.

Must the users install an application on a DC? What sort of Applications woiuld require such permissions?

Any help appreciated.

William

 

[Guest]

Archived from groups: microsoft.public.win2000.group_policy (More info?)

My understanding is that it usually is related to Scheduled Tasks. The links
below has more details and it does not seem to carry a high security risk
just by itself. You might want to look in the security log in Event Viewer
which should show when those logons are used via type 4 logon to see what is
going on. Auditing of account logon and possibly logon events in Domain
Controller Security Policy will need to be enabled for such to happen. ---
Steve

http://www.microsoft.com/technet/Security/topics/hardsys/tcg/tcgch04.mspx
http://is-it-true.org/nt/atips/atips155.shtml

"William P." <anonymous@discussions.microsoft.com> wrote in message
news:79758E04-8C92-4BEA-A5D0-D388F450EDA6@microsoft.com...
> I have noticed that several user accounts have been given permission to
'Log on as a batch job' and these accounts are listed/have been added
> in the Default Domain controllers Policy. Does someone have an idea as to
how these users can be added to to the Default Domain Controllers Policy.
>
> Must the users install an application on a DC? What sort of Applications
woiuld require such permissions?
>
> Any help appreciated.
>
> William