Change Service Logon Across Network

Mark Berry December 12, 2014

I needed to change the Advanced Monitoring Agent service to log on as a domain user rather than as LOCAL SYSTEM.

Besides changing the service logon, the domain user must be granted Log On As a Service rights, which you can do in a batch file with the ntrights.exe program, available in the Windows 2003 Resource Kit. Put ntrights.exe in the same folder as the script.

The batch file can target network computers by specifying a UNC machine name, e.g.

ChangeAgentLogon.cmd \\DESKTOP01

Running this across the network rather than logging on to each machine saves time. But watch the output:  on some machines, I got this error stopping the service:

[SC] ControlService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.

By watching the service in the Services manager, I saw that it did stop and restart, so hopefully that message simply indicates a timeout waiting for confirmation.

Also see the note in the script about how to specify passwords containing special characters. This StackOverflow article and this one have more information.

Here’s the script:

@echo off
REM Change Advanced Monitoring Agent to run as a domain user so it can access network shares.
REM Requires ntrights.exe from the Windows 2003 Resource Kit in the same path as this script.
REM Param 1 is the UNC name of the remote computer ("\\DESKTOP01"). Omit to target local computer.

REM NOTE If the password contains a "%", double it to "%%".  Escape &|\<> with ^.
REM      See http://stackoverflow.com/questions/14408973/using-sc-exe-to-set-service-credentials-password-failing
REM      and http://stackoverflow.com/questions/10296162/escaping-special-characters-in-cmd .

REM %0 is the name of the batch file. ~dp gives you the drive and path of the specified argument, with trailing \.
set ScriptPath=%~dp0

%ScriptPath%ntrights.exe +r SeServiceLogonRight -u "<Domain>\<User>" -m %1

sc %1 config "Advanced Monitoring Agent" obj= "<Domain>\<User>" password= "password"
sc %1 stop "Advanced Monitoring Agent" 
sc %1 start "Advanced Monitoring Agent" 

Leave a Reply





*