Grant Users Log On as a Service Right via PowerShell

Update:  I made some edits to fix the comparison function, newest version should be reflected in Gist.  I also created two more functions and put them all in one file on Github here.

Another day, another challenge that PowerShell is ready to tackle.  This time I needed to programmatically grant some local users the right to log on as a service.  Unsurprisingly, these accounts are service accounts. I based the script off this excellent little ditty from the msdn code samples. Check below the break for the script and some notes.

Essentially the script uses the scedit utility to export the current config and update it with additional SIDs.  This script could be easily adapted to update any right in the list.  I also changed the users parameter to a string array.  A basic example of this function would be: Grant-LogOnAsService -users TestUser,TestUser2

Here is the full script:
Feel free to fork it for your own!

Labels: ,