Question
-
Topic
-
User Rights Assignement
LockedI am working on defining user rights for local policies. When I set a right to “Not Defined” what does that do? does it set it to the default?
Also, based on the help files, I get the impression that in addition to either the user defined groups or the default windows defined groups that there are other hidden groups such as “local system”.
What are all of these hidden groups? Can and should I assign user rights to “local system”?
Specifically, the setting for “deny logon as batch job” I have read the following:
“This right is useful for explicitly denying users the ability to run Scheduled Tasks under their own account. Scheduling tasks running under an admin/operator?s personal account is bad practice since the jobs will fail if and when the person leaves the organization and their account is disabled or deleted or if the account is locked out due to repeated password failures. In addition, the user must remember to edit all scheduled tasks when he changes his password.”
Based on that, should I not include all my groups in this setting; Then in the setting “logon as batch job”, should I not only assign this to “local system”?
Thanks