SYMPTOMS
The BigMIND desktop application fails to authenticate on a Windows Server platform, preventing the application from opening or running.
CAUSE
This issue typically occurs when the Windows user profile or its associated group is not included in the “Log on as a batch job” local security policy for the workspace server configuration or is included in the “Deny logon as a batch job” policy.
-
Logon as a batch job Policy
Verify if the user account or its associated group is added to the “Log on as a batch job” policy in the Windows Domain Controller Security Policy. If the user account or group lacks the appropriate rights, you need to add them to this policy. By default, this policy applies to the Administrators and Backup Operators groups, but there can be instances where no accounts or groups are included. This policy, defined in the Default Domain Controller Group Policy object (GPO) and the Local Security Policy of workstations and servers, allows a user to log on through a batch-queue facility.
-
Deny logon as a batch job Policy
Ensure that the account is not listed in the “Deny logon as a batch job” policy in the Windows Domain Controller Security Policy. The “Deny logon as a batch job” policy determines which accounts are prevented from logging on as a batch job. This policy takes precedence over the “Log on as a batch job” policy if both apply. The “Deny logon as a batch job” policy is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. By default, no users are denied this logon right.
RESOLUTION
To add the account to the Default Domain Controller Security Policy:
- Login to the server as an Administrator or Domain Admin.
- Go to Control Panel → Administrative Tools → Group Policy Management. This would open the Group Policy Management Console.
- In the Group Policy Management Console, expand Domain and then Domain Controllers; then select the Default Domain Controllers Policy.
- Right-click on the Default Domain Controllers Policy and click on Edit. This would open the Group Policy Management Editor.
- In the ‘Default Domain Controllers Policy‘, go to Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Select User Rights Assignment.
- On the right pane, under Policy select Log on as a batch job.
- Right-click on this Log on as a batch job and select Properties. This would show the Log on as a batch job Properties dialog. Click on Add User or Group button and add the user account which is used in Zoolz/BigMIND or add the group to which the user account belongs to. Click on Ok and Apply the changes as well.
- Make sure that the account is not part of the Deny logon as a batch job policy in the Windows Domain Controller Security Policy. If it is part of it, then Remove it.
- After making the above changes, close the Group Policy Management Editor and then close the Group Policy Management Console.
- To update the changes to the policy, the following command needs to be run from the command prompt:
gpupdate /force