I’m collaborating with a tool that generates AD (Active Directory) accounts. The tool doesn’t have admin privileges, and I prefer it that way. However, it’s crucial that the tool can grant the newly created accounts the SeBatchLogonRight, which allows them to log in as a Batch Job user.

Is there a way to grant an unprivileged account the authority to modify the local security policy?

Askify Moderator Edited question April 25, 2023