I know that there is a temporary solution to that error described in this Stackoverflow post.
But I am interested in a more deeply solution tackle the problem at its roots. Why? Because everyday in the morning after starting my Pc I want to open my wsl2 to start docker... And there it is Logon failure: the user has not been granted the requested logon type at this computer. This is so annoying to resolve this problem everyday.
The steps I have to take to sort it (everyday!):
Get admin rights from IT
Run Windows Terminal as administrator
Execute cmd Get-Service vmcompute | Restart-Service
This is such a bad user experience and also time consuming and should definitely not be done everyday. I am so tired of this problem.
The problem is probably that you have a Group Policy in your AD-domain that modifies the "Logon as service" privileges.
Ask your IT admin to add "NT VIRTUAL MACHINE\Virtual Machines" (Well known SID S-1-5-83-0) to the Group Policy that modifies this privilege (in my case it was the default domain policy that modified "Logon As Service").
Worth noting is that the IT Admin has to add this special group from a computer/server that has Hyper-V enabled (or WSL2 components installed). Otherwise the special group will not be available for the admin to add to the policy.
More info in the GITHUB WSL issue or my blog post.
Related
I want to install a TeamCity BuildAgend as a user. When entering my user credentials here:
I always get this error:
NOTE: My account (user) is Administrator with full permission!
How can I do this?
The error message says it does not have "enough rights to run as a service",
this is slightly different from just being an administrator.
Go to Control Panel> Administrative Tools> Local Security Policy.
Select Local Policies> User Rights Assignment.
Scroll down through the list of policies and look for Log on as a service.
Add the account you're using to the list of accounts with this right.
That should in theory be all you need to allow the service to run under that user.
The best powershell command that I have found for this is:
Grant-Privilege -Identity $SERVICE_USERNAME -Privilege SeServiceLogonRight
Requires use of the Carbon framework.
I'm a Windows 10 Home user and the steps above did not work for me, but the following did:
Enable gpedit.msc by running the batch file as explained here under Method 1: https://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/
Run gpedit.msc
Go to Local Computer Policy / Computer Configuration / Windows Settings / Security Settings / Local Policies / User Rights Assignment
Double-click Log on as a service
On the window that appears, click Add User or Group...
Enter your username and click the Check Names button
Your name will be modified, adding the machine name as the prefix. Click OK
Click OK on the Log on as a service Properties window to apply the change.
It is a little bit of a pain, but after doing that, I was able to continue installing TeamCity
Right, when I logged in using a domain account for my database on the SQL Server Reporting Services, it worked absolutely fine, however on another machine I have entered the wrong password by accident and now it will not let me log in again. I've tried clearing the internet cache, stored passwords etc... and still no luck. So currently I am locked out of the report server on a machine.
Is there a way to make it forget so I can login from scratch?
Cheers for any help
Error:
The permissions granted for user 'domain\username' are insufficient
for performing this operation. (rsAccessDenied)
I know they are not insufficient as I use my account on another machine no issues.
Try a different browser first. If that doesn't work, try clearing the stored passwords off your system.
You can refer this.
the login and password works, that's not the issue. please open internet explorer as an administrator (right-click, run as administrator), open http://localhost/Reports/ and check under "site settings" on the top right corner that the permissions are set correctly.
When trying to edit a Java agent in Domino Designer, I got this error message. Some months ago I could still edit Java agents, and I didn't do anything that might have changed that.
I can still login into the Designer and view and edit agents there, I just cannot save them.
Possible causes:
My user certificate has expired. I looked up my account in the Domino Administrator, and I couldn't find any expiration date.
What could have possibly happened?
You don't have the sufficient right in database's ACL:
Ask your administrator to set the privilege "Create LotusScript/Java agents" for you.
I have written my own windows service which interacts with a SQL database and updates it. The service was running fine and seems to be functioning correctly, however of late it seems to go down at random times and cannot restart due to the error designated in the question. I have tried various searches to fix this, but unfortunately I have come up with nothing. The aim is to eventually having this service running on my companies server, but I can't adjust any server settings, I am but a user on the server, so I have restrictions to some settings.
Any quick fixes, would be helpful!
Open the Services Manager. ( Win + R, then type services.msc )
Then right click on the SQL Server process and click Properties
Then go to Log On, and select This account:
Then click Browse, and add your username in the box. (Notice it should contain the domain, in my case is AD\myusername), then Check Names and accept.
Finally type your password in the other two fields, and that's it, you should have permission to start your process now.
Cheers!!
One issue for us was the format of the account user name, we initially used
domain\username
and got the 1069-logon error, then ultimately I tried validating the user name in the properties | logon tab of the Service (in Control Panel / Service Manager), using the "Browse" and "Search" for the user name and it turned it suggested and validated ok with the reverse format
username#domain
This also worked and resolved the 1069 error, and let us script the startup using sc.exe.
Error 1069 is vague and can have different causes. I am sharing my experience here.
I encountered this error when trying to get a service to run under my account (I am trying to get my services to see the same LocalDB as interactive processes running on my account for development purposes). I use an MSA (Microsoft Account) with Windows’s PIN login normally, so I rarely enter my Windows password. To resolve the issue, I locked my screen, selected Password input instead of PIN input, and then entered my password. I assume this somehow reminded Windows what my password was and made my local account more legit.
Before doing this, you need to configure the user account in question to have the Logon as Service privilege. To do this, open the Group Policy Editor. Expand Computer / Windows Configuration / Security Configuration / Local Policies / User Permissions Assignment and then open Login as Service. From there, you can add your user in question.
also check for "Deny Logon service" policy.
user should not be added over there
We had this issue as well because the account was set so that the password expired. After we updated the account to not expire and set the password this error stopped.
The account could also be locked out. To unlock it, you only need to change that user's password (new and old password can be the same).
What also worked for me was re-entering the password in the services->LogOn window. Even when you think the account and password is correct, re-entering it will re-grant the account permission to log on as a service.
I already:
Disabled UAC
Run IE as Admin
Added my local Reporting Services server to the list of trusted sites
However, I still get this error:
SSRS2012 The permissions granted to user ' are insufficient for performing this operation
Although no need to enter username & password, still show the following
baby-pc/ReportServer - /
Microsoft SQL Server Reporting Services Version 11.0.2100.60
This is talking about Sql Server permissions. It has nothing to do with the local machine at all, and therefore nothing to do with UAC or Internet Explorer. Messing about with those will have no effect at all, as you've seen. You may has well put those things back how they where.
What you need to do instead is log in to Sql Server (using a tool like Sql Server Management Studio) with an account that has the ability to change permissions (such as the sa account, but hopefully you have a non-sa account that can do this as well) and grant your account the ability to use reporting services and select from any tables used in your reports.
It happened because you entered invalid credentials previously. Try to open the reporting service in FireFox and enter your valid credentials. If you have success with it, tune the group policy on the local machine for not storing user credentials. Do the next steps:
Computer Configuration->Administrative Templates->Windows Components->internet Explorer->Internet Control Panel->Security Page
Select the required zone
In this folder find the option "Logon options"
Set up that as "Enabled" and set up "Logon options" to "Authomatic logon with current username and password" or anything else.
Even I had faced this issue. But it was resolved when I added the particular user to Administrator group.