“This task requires that the user account specified has Log on as batch job rights” message appear on your PC when you try to finish a scheduled task configuration. The message appears right after you set the username/password for the task. The issue is related to Group Policy Rights and we will teach how to solve it.
Troubleshoot and FIX “log on as batch job rights”
What is log on batch job rights?
“Log on batch job rights” is a message appear when you want a task scheduled to run with the options:
- “run with the highest privileges”
- “Run whether the user is logged on or not”
The account you chose doesn’t have “Log on as Batch Job” rights in the local security policy of the server. Most probably you are using domain user and you are under domain-based Group Policy settings. The computer cannot assign the user right to accounts that are used for scheduled jobs in the Task Scheduler.
When you schedule tasks under a particular user name and password (not domain user), automatically the user is assigned the Log on as a batch job user right. Task Scheduler service logs on the user as a batch job when the scheduled time arrived. The task runs in the user’s security context.
For most organizations, the default settings are sufficient. Members of the local Administrators group have this right by default.
How do I give a user login as a batch job rights?
To assign rights manually for the user you can use the below steps:
- Log in to your computer as an Administrator user
- Go to the Start menu and click on Run
- Type secpol.msc and press Enter
- Or Search directly on the Start menu.
- The Local Security Policy Manager will open
- Go to Security Settings – Local Policies – User Rights Assignment node
- Double click Log on as a batch job on the right
- Click Add User or Group… Select the user
- Save your changes and close the Local Security Settings window.
- The changes take effect immediately
Try to start the task again. There’s a good chance it will work this time if this is the only issue.
Explain of the policy “Log on as a batch job”
This security setting allows a user to be logged on by means of a batch-queue facility and is provided only for compatibility with older versions of Windows.
For example, when a user submits a job by means of the task scheduler, the task scheduler logs that user on as a batch user rather than as an interactive user.
Be sure also that the user is not included under “Deny log on as batch job” under the same path.
- Under Security Settings – Local Policies – User Rights Assignment node
- Double click “Deny log on as batch job” on the right
- Remove if the user is listed there
- Save and close the Local Security Settings
How to assign a user “Batch Job Rights” via GPO
If you find the ADD button is greyed out it’s because the policy is controlled by a Group Policy. So you can’t modify the local policy.
On a Domain Controller use Group Policy Management Editor:
- Click START and type Group Policy
- Click on Group Policy Management
- Either edit the existing GPO that contains existing USER RIGHTS ASSIGNMENT (likely Default Domain Policy) or right-click and CREATE AND EDIT a new policy
- Expand Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment node
- Double click Log on as a batch job
- Click the Add User or Group button and add your service account user
- Click OK
Grant “Log on as a service” rights by using PowerShell
The following script adds a Windows account to the local security policy “Log on as a service”. The Script is published on Microsoft script center. Download the script here
.”.\Add Account To LogonAsService.ps1″ “DOMAIN\Account”
If you are going to use the sample above, the script is in the current folder when you execute PowerShell. Otherwise, you need to specify the full path to the script. Replace “DOMAIN\Account” with the name of the account you want to add to the policy.
This script can be easily automated over the network and deploy this to several hundred servers without manual intervention
Read Also: How to Create Task on Task Scheduler
The above article has explained in a very simple way the methods to fix the issue and run as a batch job. The example used also a Powershell script that is good to automate over the network.