How to grant log on as a service rights to domain account

This may be something useful to you if you want to grant Log-On-As-Service permissions to a particular user account on Windows Server 2008 R2 or later. I tried to find any PowerShell commands but there are no built in commands to do this so I wrote one.

The concept is to use security template and apply the change, you need to run this PowerShell code in elevated mode. The code creates the .inf file with given SID of input account and runs below command to apply change to security template on the server.

secedit/configure/db secedit.sdb /cfg"$infFile" /log"$logFile"

 

The complete script is attached.

Grant-LogOnAsService.ps1