sc.exe config "Service Name" obj= "DOMAIN\User" password= "password" not working
The first thing to check is if that user has permission to Log On As A Service in that machine. If he does (and you can do the following procedure to check this), just go to the service (Start Menu - type "services", without the quotes). Find your service on the list, and right-click on it. Select "Properties", and go to the "Log On" tab. Retype the "Password" and "Confirm password". Click OK. If your user DOES have permission to Log On as a Service, a message "The account YourDomain\YourUser has been granted the Log On As a Service right". Just try to start the service again, and it will work.
If your user does not have this kind of permission, you can use one of these two approaches:
1) Start menu - type "local security policy" without the quotes. Open the "Local Policies", then left-click on "User Rights Assignment". On the right panel, right-click on "Log on as a service", and select "Properties". Click on "Add User or Group" and add your user. Click OK. You might have to reboot your machine.
2) Download and install the "Windows Server 2003 Resource Kit Tools" (http://www.microsoft.com/en-us/download/confirmation.aspx?id=17657). Open a command prompt and type:
ntrights +r SeServiceLogonRight -u MyDomain\MyUser -m \\%COMPUTERNAME%
Reboot your computer and try to start the service again.
After your user has been granted the Log On As A Service right, you can create and start services through the command line.
If you face The account YourDomain\YourUser has been granted the Log On As a Service right, you should execute powershell script link AddLogonasaService and this is nothing to do with your password. It's a right/permission for an user to run the service.
Am embedding the code for your reference. You can refer that URL as well.
param($accountToAdd)
#written by Ingo Karstein, http://blog.karstein-consulting.com
# v1.0, 01/03/2014
## <--- Configure here
if( [string]::IsNullOrEmpty($accountToAdd) ) {
Write-Host "no account specified"
exit
}
## ---> End of Config
$sidstr = $null
try {
$ntprincipal = new-object System.Security.Principal.NTAccount "$accountToAdd"
$sid = $ntprincipal.Translate([System.Security.Principal.SecurityIdentifier])
$sidstr = $sid.Value.ToString()
} catch {
$sidstr = $null
}
Write-Host "Account: $($accountToAdd)" -ForegroundColor DarkCyan
if( [string]::IsNullOrEmpty($sidstr) ) {
Write-Host "Account not found!" -ForegroundColor Red
exit -1
}
Write-Host "Account SID: $($sidstr)" -ForegroundColor DarkCyan
$tmp = [System.IO.Path]::GetTempFileName()
Write-Host "Export current Local Security Policy" -ForegroundColor DarkCyan
secedit.exe /export /cfg "$($tmp)"
$c = Get-Content -Path $tmp
$currentSetting = ""
foreach($s in $c) {
if( $s -like "SeServiceLogonRight*") {
$x = $s.split("=",[System.StringSplitOptions]::RemoveEmptyEntries)
$currentSetting = $x[1].Trim()
}
}
if( $currentSetting -notlike "*$($sidstr)*" ) {
Write-Host "Modify Setting ""Logon as a Service""" -ForegroundColor DarkCyan
if( [string]::IsNullOrEmpty($currentSetting) ) {
$currentSetting = "*$($sidstr)"
} else {
$currentSetting = "*$($sidstr),$($currentSetting)"
}
Write-Host "$currentSetting"
$outfile = @"
[Unicode]
Unicode=yes
[Version]
signature="`$CHICAGO`$"
Revision=1
[Privilege Rights]
SeServiceLogonRight = $($currentSetting)
"@
$tmp2 = [System.IO.Path]::GetTempFileName()
Write-Host "Import new settings to Local Security Policy" -ForegroundColor DarkCyan
$outfile | Set-Content -Path $tmp2 -Encoding Unicode -Force
#notepad.exe $tmp2
Push-Location (Split-Path $tmp2)
try {
secedit.exe /configure /db "secedit.sdb" /cfg "$($tmp2)" /areas USER_RIGHTS
#write-host "secedit.exe /configure /db ""secedit.sdb"" /cfg ""$($tmp2)"" /areas USER_RIGHTS "
} finally {
Pop-Location
}
} else {
Write-Host "NO ACTIONS REQUIRED! Account already in ""Logon as a Service""" -ForegroundColor DarkCyan
}
Write-Host "Done." -ForegroundColor DarkCyan
To set the identity for services, I have used a vbscript
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = 'Servicename'")
For Each objservice in colServiceList
errReturn = objService.Change( , , , , , ,WScript.Arguments.Item(0), WScript.Arguments.Item(1))
objService.StartService()
Next
Where WScript.Arguments.Item(0) is the username arg and WScript.Arguments.Item(1) is password.