Enable Credentials to "Log on as a Service"

Purpose:

You possibly received a "Logon failure: the user has not been granted the requested logon type at this computer" or are just genuinely curious about how to allow certain credentials to Logon as a service.

Resolution:

Any credentials used in PDQ Deploy & Inventory (to deploy software or run an inventory scan on target computers) must be granted the right to "Log on as a service". PDQ Deploy or PDQ Inventory will automatically attempt to grant this right to the deploy or scan credentials used on target computers.

If granting this right fails then you will need to enable this right either locally (on the target machines) or via Group Policy.

To enable on the local machines go to the Local Security Policy under Control Panel > System and Security > Administrative Tools OR simply run the following command from Start > Run or a CMD window:

secpol.msc

In the Local Security Policy window go to Security Settings > Local Policies > User Rights Assignment > Log on as a Service and add the appropriate credentials to this right. Verify that this account has NOT been added to the "Deny log on as a service policy".

LogonAsAServiceLocal.png

To add the account via Group Policy open your Group Policy editor and edit the appropriate Group Policy. Go to Policies > Windows Settings > Security Settings > Log on as service

LogonAsAServiceGPO.png

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.