Change Service Logon Across Network

I needed to change the Advanced Monitoring Agent service to log on as a domain user rather than as LOCAL SYSTEM.

Besides changing the service logon, the domain user must be granted Log On As a Service rights, which you can do in a batch file with the ntrights.exe program, available in the Windows 2003 Resource Kit. Put ntrights.exe in the same folder as the script.

The batch file can target network computers by specifying a UNC machine name, e.g.

ChangeAgentLogon.cmd \\DESKTOP01

Running this across the network rather than logging on to each machine saves time. But watch the output:  on some machines, I got this error stopping the service:

[SC] ControlService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.

By watching the service in the Services manager, I saw that it did stop and restart, so hopefully that message simply indicates a timeout waiting for confirmation.

Also see the note in the script about how to specify passwords containing special characters. This StackOverflow article and this one have more information.

Here’s the script:

@echo off
REM Change Advanced Monitoring Agent to run as a domain user so it can access network shares.
REM Requires ntrights.exe from the Windows 2003 Resource Kit in the same path as this script.
REM Param 1 is the UNC name of the remote computer ("\\DESKTOP01"). Omit to target local computer.

REM NOTE If the password contains a "%", double it to "%%".  Escape &|\<> with ^.
REM      See
REM      and .

REM %0 is the name of the batch file. ~dp gives you the drive and path of the specified argument, with trailing \.
set ScriptPath=%~dp0

%ScriptPath%ntrights.exe +r SeServiceLogonRight -u "<Domain>\<User>" -m %1

sc %1 config "Advanced Monitoring Agent" obj= "<Domain>\<User>" password= "password"
sc %1 stop "Advanced Monitoring Agent" 
sc %1 start "Advanced Monitoring Agent" 

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.