Integrations
Free trial

Grant SeServiceLogonRight To Account

Octopus.Script exported 2017-11-30 by nshenoy belongs to ‘Windows’ category.

Grants SeServiceLogonRight to Windows account

Parameters

When steps based on the template are included in a project’s deployment process, the parameters below can be set.

Account Name

GrantLogonAsServiceAccountName =

Domain account name to grant SeServiceLogonRight. Example: US\testAccount

Script body

Steps based on this template will execute the following PowerShell script.

# Code based on Stack Overflow solution https://stackoverflow.com/a/21235462/201382 from @grenade (https://stackoverflow.com/users/68115/grenade)

$grantLogonAsServiceAccountName = $OctopusParameters['GrantLogonAsServiceAccountName']

$tempPath = [System.IO.Path]::GetTempPath()
$import = Join-Path -Path $tempPath -ChildPath "import.inf"
if (Test-Path $import) { 
    Remove-Item -Path $import -Force 
}

$export = Join-Path -Path $tempPath -ChildPath "export.inf"
if (Test-Path $export) { 
    Remove-Item -Path $export -Force 
}

$secedt = Join-Path -Path $tempPath -ChildPath "secedt.sdb"
if (Test-Path $secedt) { 
    Remove-Item -Path $secedt -Force 
}

try {
    Write-Output ("Granting SeServiceLogonRight to user account: $grantLogonAsServiceAccountName.") 
    $sid = ((New-Object System.Security.Principal.NTAccount($grantLogonAsServiceAccountName)).Translate([System.Security.Principal.SecurityIdentifier])).Value
    secedit /export /cfg $export
    $sids = (select-string $export -pattern "SeServiceLogonRight").line.Split("=").Trim()[1]
    foreach ($line in @("[Unicode]", "Unicode=yes", "[System Access]", "[Event Audit]", "[Registry Values]", "[Version]", "signature=`"`$CHICAGO$`"", "Revision=1", "[Profile Description]", "Description=GrantLogOnAsAService security template", "[Privilege Rights]", "SeServiceLogonRight = $sids,*$sid")) {
        Add-Content $import $line
    }
    
    Write-Verbose "Calling secedit..."
    secedit /import /db $secedt /cfg $import
    secedit /configure /db $secedt
    Write-Verbose "Calling gpupdate..."
    gpupdate /force
    Write-Verbose "Cleaning up temp files..."
    Remove-Item -Path $import -Force
    Remove-Item -Path $export -Force
    Remove-Item -Path $secedt -Force
    Write-Output("SeServiceLogonRight successfully granted to $grantLogonAsServiceAccountName")
}
catch {
    Write-Error "Failed to grant SeServiceLogonRight to user account: $grantLogonAsServiceAccountName."
    $error[0]
}

Provided under the Apache License version 2.0.

Report an issue

To use this template in Octopus Deploy, copy the JSON below and paste it into the Library → Step templates → Import dialog.

{
  "Id": "0e295d12-cc29-4f61-9eb1-dac387697d5c",
  "Name": "Grant SeServiceLogonRight To Account",
  "Description": "Grants `SeServiceLogonRight` to Windows account",
  "Version": 4,
  "ExportedAt": "2017-11-30T20:48:26.823Z",
  "ActionType": "Octopus.Script",
  "Author": "nshenoy",
  "Parameters": [
    {
      "Id": "456ad1ed-286d-4bbf-a096-026d3928e3ef",
      "Name": "GrantLogonAsServiceAccountName",
      "Label": "Account Name",
      "HelpText": "Domain account name to grant `SeServiceLogonRight`. Example: `US\\testAccount`",
      "DefaultValue": "",
      "DisplaySettings": {
        "Octopus.ControlType": "SingleLineText"
      },
      "Links": {}
    }
  ],
  "Properties": {
    "Octopus.Action.Script.ScriptSource": "Inline",
    "Octopus.Action.Script.Syntax": "PowerShell",
    "Octopus.Action.Script.ScriptBody": "# Code based on Stack Overflow solution https://stackoverflow.com/a/21235462/201382 from @grenade (https://stackoverflow.com/users/68115/grenade)\n\n$grantLogonAsServiceAccountName = $OctopusParameters['GrantLogonAsServiceAccountName']\n\n$tempPath = [System.IO.Path]::GetTempPath()\n$import = Join-Path -Path $tempPath -ChildPath \"import.inf\"\nif (Test-Path $import) { \n    Remove-Item -Path $import -Force \n}\n\n$export = Join-Path -Path $tempPath -ChildPath \"export.inf\"\nif (Test-Path $export) { \n    Remove-Item -Path $export -Force \n}\n\n$secedt = Join-Path -Path $tempPath -ChildPath \"secedt.sdb\"\nif (Test-Path $secedt) { \n    Remove-Item -Path $secedt -Force \n}\n\ntry {\n    Write-Output (\"Granting SeServiceLogonRight to user account: $grantLogonAsServiceAccountName.\") \n    $sid = ((New-Object System.Security.Principal.NTAccount($grantLogonAsServiceAccountName)).Translate([System.Security.Principal.SecurityIdentifier])).Value\n    secedit /export /cfg $export\n    $sids = (select-string $export -pattern \"SeServiceLogonRight\").line.Split(\"=\").Trim()[1]\n    foreach ($line in @(\"[Unicode]\", \"Unicode=yes\", \"[System Access]\", \"[Event Audit]\", \"[Registry Values]\", \"[Version]\", \"signature=`\"`$CHICAGO$`\"\", \"Revision=1\", \"[Profile Description]\", \"Description=GrantLogOnAsAService security template\", \"[Privilege Rights]\", \"SeServiceLogonRight = $sids,*$sid\")) {\n        Add-Content $import $line\n    }\n    \n    Write-Verbose \"Calling secedit...\"\n    secedit /import /db $secedt /cfg $import\n    secedit /configure /db $secedt\n    Write-Verbose \"Calling gpupdate...\"\n    gpupdate /force\n    Write-Verbose \"Cleaning up temp files...\"\n    Remove-Item -Path $import -Force\n    Remove-Item -Path $export -Force\n    Remove-Item -Path $secedt -Force\n    Write-Output(\"SeServiceLogonRight successfully granted to $grantLogonAsServiceAccountName\")\n}\ncatch {\n    Write-Error \"Failed to grant SeServiceLogonRight to user account: $grantLogonAsServiceAccountName.\"\n    $error[0]\n}\n"
  },
  "Category": "Windows",
  "HistoryUrl": "https://github.com/OctopusDeploy/Library/commits/master/step-templates//opt/buildagent/work/75443764cd38076d/step-templates/windows-grant-logon-as-service.json",
  "Website": "/step-templates/0e295d12-cc29-4f61-9eb1-dac387697d5c",
  "Logo": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAMAAACahl6sAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAADNQTFRF////Da3qSsLvhtb0wur6O7zuWcfxldv2aMzyK7ftpOD3s+X48Pr+0fD7d9HzHLLr4fX8xD/OcwAAAaNJREFUeNrs3cFygjAUQFECWott1f//2sJoW6kIKEzNs+euXOmcmSSGDa8oJEmSJEmSJGmsj1W1K9cpsGD1Vr2WdToVEPC+2lYvZfpVrEW0qZpF1F+MRdRugzoNlvkiarfBPk0pT8GhWUSX2yASpDlLr2+DEJBmEY1ug6whx7N0n2b30G1QlmmxHsRYp6X76yvF9vg5RYQczq8UVURI35UiFmTgShED0p6lI1eKzCHTrxS5Qk6PZ9PLDtJ9PIsJmXWlyAky6/dAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQMJCyjltF/iO3gpJUpD8s4OAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID8T8itwwKyhbTdMr4ha8hXUwZqhICcOgyNOIkE+V5wo4MSgr1u/fp7poO+AL8K/gL8yw0UeyRB34m9iQ/pVD8L5JYTO3NI58R+AsiEEzsW5OfE3sUe/zRwYkeGnG2g2CPS7rhjF4GKP0ZwyoldxK37kFqEL/7wU0mSJEmSJOmJ+xRgAHxZTCXGdZkfAAAAAElFTkSuQmCC",
  "$Meta": {
    "Type": "ActionTemplate"
  }
}

History

Page updated on Thursday, November 30, 2017