Windows

Granting „Logon as a batch job” permission for Task Scheduler to work

Running Tasks with Task Scheduler is one of most common scenarios in Administrators life. By default you can run your Task as SYSTEM which is OK solution if you don't have to access any resources over network. However if you do and you want to run it as specially created domain account for that you need to setup 'Logon as Batch Job' on Windows. This privilege is granted through the Local or Domain Security Policy. If you don't do that and you try to run the task anyway you will get Event ID 4625 in Security log.

And in Task Scheduler history

Solution - Local Security Policy

To do this using the Local Security Policy, follow these steps.

In the Control Panel, open Administrative Tools, then Local Security Policy.
Beneath Security Settings, open Local Policies and highlight User Rights Assignment.
Locate Log on as a batch job. Open the properties and add any users that need this right.
When finished, save your changes and close the Local Security Settings window.

Your changes should take effect immediately.

This post was last modified on 24 marca, 2018 19:30

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Next What's new - Event Monitoring v0.6 »

Previous « Monitoring Active Directory Changes on Users and Groups with PowerShell

Published by

Przemyslaw Klys

Tags: batch jobevent id 4625eventstasktask scheduler

7 lat ago

Strengthening Password Security in Active Directory: A PowerShell-Powered Approach
PasswordSolution uses the DSInternals PowerShell module to gather Active Directory hashes and then combines that…
Reporting group membership for critical Active Directory groups
I work a lot with Active Directory-related tasks. One of the tasks is to know…
OfficeIMO – Free cross-platform Microsoft Word .NET library
I've created a cross-platform (Windows, Linux, macOS) Word library based on Open XML SDK that…

Mastering Active Directory Hygiene: Automating SIDHistory Cleanup with CleanupMonster

Security Identifier (SID) History is a useful mechanism in Active Directory (AD) migrations. It allows…

2 miesiące ago

Office 365

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

6 miesięcy ago

Active Directory

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

9 miesięcy ago

Active Directory

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

1 rok ago

Office 365

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

2 lata ago

Active Directory

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…