6

trying to configure Service1 service on windows 7 sp1 to logon as user user1 with password password1 using this batch script:

net user user1 /delete

net user user1 password1 /add 
net localgroup administrators user1 /add
wmic useraccount where "Name='user1'" set PasswordExpires=false


reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v user1 /t REG_DWORD /d 0 /f


net stop "Service1"
sc config "Service1" start= delayed-auto type= own obj= ".\user1" password= "password1"
net start "Service1"

fails with : Error 1069: The service did not start due to a logon failure.

but setting the user and password using the UI works without any error.

geek175
  • 131
  • 1
  • 7

2 Answers2

5

the problem was resolved by adding this line to the script

ntrights.exe +r SeServiceLogonRight -u user1

C:\Program Files (x86)\Windows Resource Kits\Tools\ntrights.exe is installed from this link

geek175
  • 131
  • 1
  • 7
4

Given this looks authentication related, I would double-check things like format of your username schema, if there's a policy for "Deny Logon Service", and check the permissions for the user account that's trying to logon and start the service by watch of your batch file for starters.

Adding some info for that 1069 error. There's a good stackoverflow post that covers this as well.

It looks like there was a similar post for this to edit a Windows service to log on as a specified user using a batch script that may help get you where you need to be.

Based on the original answer, it's using sc \\server config ServiceName obj= Domain\user password= pass and looks like it should sort what you're trying to do, but I'd like to test this on my dev env as a sanity check as soon as I have some time and can chase back.

An alternative could be using sc config "Service Name" obj= LocalSystem, which is similar to the above.

Glancing through a different post, going with ntrights could potentially be helpful too, depending on any unforeseen variables with the use case. ntrights +r SeServiceLogonRight -u username -m \\%COMPUTERNAME%

If you're using PowerShell and want to leverage that with an encrypted password, you could go that route, but the two previous examples seem close to what you're attempting to do.

Update June 4, 2023: The old Microsoft URL (http://support.microsoft.com/kb/315276) detailing ntrights 404's as of now. Thank you for the heads-up comment Dennis! Replaced it with SS64's page as the next best means of continuity.

Wildtaco
  • 76
  • The ntrights link in this answer gives a 404 error. – Dennis May 22 '23 at 18:23
  • Thank you for the heads-up Dennis, I appreciate that. Been traveling, so I hadn't had time to address it, but it should now point to SS64's page detailing ntrights as a "next best thing" from a continuity perspective. – Wildtaco Jun 05 '23 at 00:57