by
Saqib Mehmood , Technical Team Lead/Safety Supervisor , Xchange Technology Group
On the domain controller, go to Administrative Tools > Active Directory Users and Computers (you must be running with Domain Administrator privileges).
Right-click on the Organizational Unit (OU) upon which you want to apply the Group Policy. Click Ptoperties.
The Group Policy Properties panel is displayed. Select the Group Policy tab and click New to create a Group Policy.
Designate a name for the new Group Policy. Select the new Group Policy and click Edit.
The Group Policy Object Editor panel is displayed. Go to New Group Policy Object your_policy > Computer Configuration > Windows Settings > Security Settings > Restricted Groups. Right-click Restricted Groups, and then click Add Group.
Add these user rights to the domain account:
Act as part of the operating system
Log on as a service
In the Group Policy Object Editor, go to New Group Policy Object your_policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignments. In the content pane, select "Log on as a service" and double-click. Add the domain user for whom you are granting user rights and click OK. Repeat this step for "Act as part of the operating system."