I am local admin on a windows server 2003 R2 machine in our domain. This machine was built about 3 years back and I am not sure what privilges I might have. If I use ntrights.exe (from resource kit tools) it is succesful as shown below:
ntrights.exe +r SeServiceLogonRight -u domain\accountname
Granting SeServiceLogonRight to domain\accountname ... successful
Recently we have build a new windows server 2008 R2 machine and I am local admin on it. But now the same ntrights.exe fails as below:
ntrights.exe +r SeServiceLogonRight -u domain\accountname
Granting SeServiceLogonRight to domain\accountname OpenPolicy:
***Error*** OpenPolicy -1073741790
It seems I am missing some privileges despite being local admin. What privileges do I require so that I can ask our system administrator for helping me to grant those privileges ?
Edit: The problem is solved by changing the UAC settings to Never Notify using the slider from control panel -> user accounts settings. But I think this is not the best way to solve this issue. Other answers still welcome.
With UAC enabled elevation is always required however the built in Administrator account (the single account with SID S-1-5-21-xxxxxxx-500) and members of the "Domain Admins" group ( SID: S-1-5-21-domain-512) get automatically elevated, without the need for a human to respond to a prompt interactively. Accounts that are "merely" members of the local Administrators group will not (normally) auto-elevate, leading to the problem that you see.
This default behaviour can be modified by GPO to include other accounts\groups - the details of how to do that are in this technet article
This can probably be resolved by ensuring that you run the command from an elevated command prompt. Right click on the Cmd icon wherever it is you're running it, and make sure you launch it as 'Run as Administrator'. The fact that turning off UAC makes it work, strongly suggests this is what your problem is.
It's one of the security/safety features of the 2008 line that even Administrator has to take positive action to use an elevated command prompt.