3

I am attempting to reconfigure the Windows 7 group policies on a laptop using the Local Group Policy Editor. Several of the fields for User Rights Assignment are giving me trouble (Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment).

Whenever I remove the LOCAL_SERVICE or NETWORK_SERVICE identity from the security setting of some of the fields it comes right back when I restart the Local Group Policy Editor.

This is happening on fields like Change the system time and Create global objects. I would like to change these to Administrator or none, but the policy editor keeps bringing back the defaults or simply adding LOCAL_SERVICE and NETWORK_SERVICE back in.

How can I prevent this behavior?

Improve this question
1
  • 1
    I would not alter those settings if I were you. Especially without proper knowledge of what those accounts do. You'll likely break your OS installation.
    – surfasb
    Commented Dec 3, 2011 at 17:58

1 Answer 1

Reset to default
3

Windows Vista/Server 2008 introduced the notion of required privileges for (some) rights. For example, the policy setting Change the system time requires the LOCAL SYSTEM identity to have access.

This is due to the service hardening introduced in Vista/2008 and the removal of a user's ability to be in Session 0. As a result, these special identities need these User Rights in order for the OS to run properly.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .