{"id":3703,"date":"2014-02-20T14:25:47","date_gmt":"2014-02-20T19:25:47","guid":{"rendered":"http:\/\/jdhitsolutions.com\/blog\/?p=3703"},"modified":"2014-02-20T16:23:29","modified_gmt":"2014-02-20T21:23:29","slug":"add-logon-as-service-right-with-powershell","status":"publish","type":"post","link":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/","title":{"rendered":"Add Logon As Service Right with PowerShell"},"content":{"rendered":"<p><a href=\"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-thumbnail wp-image-1688\" alt=\"talkbubble\" src=\"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png\" width=\"150\" height=\"150\" srcset=\"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png 150w, https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-198x198.png 198w\" sizes=\"auto, (max-width: 150px) 100vw, 150px\" \/><\/a> I saw a comment on Twitter today about a limitation in PowerShell. Specifically the ability to grant the logon as a service right to a user account. Manually, if you use the Services management console and specify the user, Windows will automatically grant that right. But if you are trying to do this from a command line that is a bit more challenging. There has been an old resource kit tool called NTRights which can easily get the job done. And I have no problem calling a command line tool that is designed for a special purpose. But, you first need to get a hold of that utility.<\/p>\n<p>Another option, which I've also used in the past, is to use some scripting language to modify the local security policy on the fly. Typically this involves creating a database entry and then calling SECEDIT. I came across a PowerShell script that does this but you could easily do it with VBScript. There's nothing uniquely PowerShell about it.<\/p>\n<p>Granting this privilege requires some arcane (at least to me) API calls. In my research I found several examples. Then I came across this great <a href=\"http:\/\/www.morgantechspace.com\/2013\/11\/Set-or-Grant-Logon-As-A-Service-right-to-User.html\" title=\"check it out\" target=\"_blank\">link<\/a>. The author, Morgan, has a number of options for achieving this task. Unfortunately, his PowerShell solution requires a third party DLL.  But fortunately, he also has a C# solution.<\/p>\n<p>Why is this fortunate? Because PowerShell is a management engine with great depth. You can run commands interactively, you can create scripts and advanced functions, or you can leverage languages like C#. I can use Morgan's C# class definition and add it to PowerShell.<\/p>\n<pre class=\"lang:ps decode:true \" >#http:\/\/www.morgantechspace.com\/2013\/11\/Set-or-Grant-Logon-As-A-Service-right-to-User.html\r\n\r\n$class=@\"\r\npublic class LsaWrapper \r\n{\r\n\/\/ Import the LSA functions\r\n \r\n[DllImport(\"advapi32.dll\", PreserveSig = true)]\r\nprivate static extern UInt32 LsaOpenPolicy(\r\n    ref LSA_UNICODE_STRING SystemName,\r\n    ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,\r\n    Int32 DesiredAccess,\r\n    out IntPtr PolicyHandle\r\n    );\r\n \r\n[DllImport(\"advapi32.dll\", SetLastError = true, PreserveSig = true)]\r\nprivate static extern long LsaAddAccountRights(\r\n    IntPtr PolicyHandle,\r\n    IntPtr AccountSid,\r\n    LSA_UNICODE_STRING[] UserRights,\r\n    long CountOfRights);\r\n \r\n[DllImport(\"advapi32\")]\r\npublic static extern void FreeSid(IntPtr pSid);\r\n \r\n[DllImport(\"advapi32.dll\", CharSet = CharSet.Auto, SetLastError = true, PreserveSig = true)]\r\nprivate static extern bool LookupAccountName(\r\n    string lpSystemName, string lpAccountName,\r\n    IntPtr psid,\r\n    ref int cbsid,\r\n    StringBuilder domainName, ref int cbdomainLength, ref int use);\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern bool IsValidSid(IntPtr pSid);\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern long LsaClose(IntPtr ObjectHandle);\r\n \r\n[DllImport(\"kernel32.dll\")]\r\nprivate static extern int GetLastError();\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern long LsaNtStatusToWinError(long status);\r\n \r\n\/\/ define the structures\r\n \r\nprivate enum LSA_AccessPolicy : long\r\n{\r\n    POLICY_VIEW_LOCAL_INFORMATION = 0x00000001L,\r\n    POLICY_VIEW_AUDIT_INFORMATION = 0x00000002L,\r\n    POLICY_GET_PRIVATE_INFORMATION = 0x00000004L,\r\n    POLICY_TRUST_ADMIN = 0x00000008L,\r\n    POLICY_CREATE_ACCOUNT = 0x00000010L,\r\n    POLICY_CREATE_SECRET = 0x00000020L,\r\n    POLICY_CREATE_PRIVILEGE = 0x00000040L,\r\n    POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080L,\r\n    POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100L,\r\n    POLICY_AUDIT_LOG_ADMIN = 0x00000200L,\r\n    POLICY_SERVER_ADMIN = 0x00000400L,\r\n    POLICY_LOOKUP_NAMES = 0x00000800L,\r\n    POLICY_NOTIFICATION = 0x00001000L\r\n}\r\n \r\n[StructLayout(LayoutKind.Sequential)]\r\nprivate struct LSA_OBJECT_ATTRIBUTES\r\n{\r\n    public int Length;\r\n    public IntPtr RootDirectory;\r\n    public readonly LSA_UNICODE_STRING ObjectName;\r\n    public UInt32 Attributes;\r\n    public IntPtr SecurityDescriptor;\r\n    public IntPtr SecurityQualityOfService;\r\n}\r\n \r\n[StructLayout(LayoutKind.Sequential)]\r\nprivate struct LSA_UNICODE_STRING\r\n{\r\n    public UInt16 Length;\r\n    public UInt16 MaximumLength;\r\n    public IntPtr Buffer;\r\n}\r\n\/\/\/ \r\n\/\/Adds a privilege to an account\r\n \r\n\/\/\/ Name of an account - \"domain\\account\" or only \"account\"\r\n\/\/\/ Name ofthe privilege\r\n\/\/\/ The windows error code returned by LsaAddAccountRights\r\npublic long SetRight(String accountName, String privilegeName)\r\n{\r\n    long winErrorCode = 0; \/\/contains the last error\r\n \r\n    \/\/pointer an size for the SID\r\n    IntPtr sid = IntPtr.Zero;\r\n    int sidSize = 0;\r\n    \/\/StringBuilder and size for the domain name\r\n    var domainName = new StringBuilder();\r\n    int nameSize = 0;\r\n    \/\/account-type variable for lookup\r\n    int accountType = 0;\r\n \r\n    \/\/get required buffer size\r\n    LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType);\r\n \r\n    \/\/allocate buffers\r\n    domainName = new StringBuilder(nameSize);\r\n    sid = Marshal.AllocHGlobal(sidSize);\r\n \r\n    \/\/lookup the SID for the account\r\n    bool result = LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize,\r\n                                    ref accountType);\r\n \r\n    \/\/say what you're doing\r\n    Console.WriteLine(\"LookupAccountName result = \" + result);\r\n    Console.WriteLine(\"IsValidSid: \" + IsValidSid(sid));\r\n    Console.WriteLine(\"LookupAccountName domainName: \" + domainName);\r\n \r\n    if (!result)\r\n    {\r\n        winErrorCode = GetLastError();\r\n        Console.WriteLine(\"LookupAccountName failed: \" + winErrorCode);\r\n    }\r\n    else\r\n    {\r\n        \/\/initialize an empty unicode-string\r\n        var systemName = new LSA_UNICODE_STRING();\r\n        \/\/combine all policies\r\n        var access = (int) (\r\n                                LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_CREATE_ACCOUNT |\r\n                                LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE |\r\n                                LSA_AccessPolicy.POLICY_CREATE_SECRET |\r\n                                LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION |\r\n                                LSA_AccessPolicy.POLICY_LOOKUP_NAMES |\r\n                                LSA_AccessPolicy.POLICY_NOTIFICATION |\r\n                                LSA_AccessPolicy.POLICY_SERVER_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS |\r\n                                LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS |\r\n                                LSA_AccessPolicy.POLICY_TRUST_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION |\r\n                                LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION\r\n                            );\r\n        \/\/initialize a pointer for the policy handle\r\n        IntPtr policyHandle = IntPtr.Zero;\r\n \r\n        \/\/these attributes are not used, but LsaOpenPolicy wants them to exists\r\n        var ObjectAttributes = new LSA_OBJECT_ATTRIBUTES();\r\n        ObjectAttributes.Length = 0;\r\n        ObjectAttributes.RootDirectory = IntPtr.Zero;\r\n        ObjectAttributes.Attributes = 0;\r\n        ObjectAttributes.SecurityDescriptor = IntPtr.Zero;\r\n        ObjectAttributes.SecurityQualityOfService = IntPtr.Zero;\r\n \r\n        \/\/get a policy handle\r\n        uint resultPolicy = LsaOpenPolicy(ref systemName, ref ObjectAttributes, access, out policyHandle);\r\n        winErrorCode = LsaNtStatusToWinError(resultPolicy);\r\n \r\n        if (winErrorCode != 0)\r\n        {\r\n            Console.WriteLine(\"OpenPolicy failed: \" + winErrorCode);\r\n        }\r\n        else\r\n        {\r\n            \/\/Now that we have the SID an the policy,\r\n            \/\/we can add rights to the account.\r\n \r\n            \/\/initialize an unicode-string for the privilege name\r\n            var userRights = new LSA_UNICODE_STRING[1];\r\n            userRights[0] = new LSA_UNICODE_STRING();\r\n            userRights[0].Buffer = Marshal.StringToHGlobalUni(privilegeName);\r\n            userRights[0].Length = (UInt16) (privilegeName.Length*UnicodeEncoding.CharSize);\r\n            userRights[0].MaximumLength = (UInt16) ((privilegeName.Length + 1)*UnicodeEncoding.CharSize);\r\n \r\n            \/\/add the right to the account\r\n            long res = LsaAddAccountRights(policyHandle, sid, userRights, 1);\r\n            winErrorCode = LsaNtStatusToWinError(res);\r\n            if (winErrorCode != 0)\r\n            {\r\n                Console.WriteLine(\"LsaAddAccountRights failed: \" + winErrorCode);\r\n            }\r\n \r\n            LsaClose(policyHandle);\r\n        }\r\n        FreeSid(sid);\r\n    }\r\n \r\n    return winErrorCode;\r\n}    \r\n}\r\n\"@\r\n\r\nAdd-Type -MemberDefinition $class -Name LSAWrapper -UsingNamespace System.Text -namespace Win32Util\r\n<\/pre>\n<p>Using Add-Type I can load it into my PowerShell session. Once loaded, I can create an object based on the class.<\/p>\n<pre class=\"lang:ps decode:true \" >$lsawrapper = new-object Win32Util.LSAWrapper+LsaWrapper\r\n<\/pre>\n<p>The class name looks a bit funny but it must be because of how the class is defined. I'm not much of a developer type to know if this could be done any differently, but it works.  With the class I can now grant an account the necessary privilege.<\/p>\n<pre class=\"lang:ps decode:true \" >$lsawrapper.SetRight(\"jh-win81-ent\\svcTest\",\"SeServiceLogonRight\")<\/pre>\n<p>The method writes a result to the pipeline.<\/p>\n<pre class=\"lang:batch decode:true \" >PS C:\\&gt; $w.SetRight(\"jh-win81-ent\\svcTest\",\"SeServiceLogonRight\")\r\nLookupAccountName result = True\r\nIsValidSid: True\r\nLookupAccountName domainName: JH-WIN81-ENT\r\n0<\/pre>\n<p>The class has a number of Console.WriteLine commands I could remove if I didn't want this level of detail. But it is possible to do this in PowerShell, because of how flexible the engine and language can be. I'm not implying this is easy. In fact, if I were to take this to the next step I'd build some advanced functions around it so it would at least be easy to use for other people.  This is a great example of why you should learn PowerShell and how it can impact your career.<\/p>\n<p><strong>Update<\/strong><br \/>\nBased on a comment I've revised the original class.<\/p>\n<pre class=\"lang:ps decode:true \" >$class=@\"\r\nusing System.Text;\r\nusing System;\r\nusing System.Runtime.InteropServices;\r\n\r\npublic static class LsaWrapper \r\n{\r\n\/\/ Import the LSA functions\r\n \r\n[DllImport(\"advapi32.dll\", PreserveSig = true)]\r\nprivate static extern UInt32 LsaOpenPolicy(\r\n    ref LSA_UNICODE_STRING SystemName,\r\n    ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,\r\n    Int32 DesiredAccess,\r\n    out IntPtr PolicyHandle\r\n    );\r\n \r\n[DllImport(\"advapi32.dll\", SetLastError = true, PreserveSig = true)]\r\nprivate static extern long LsaAddAccountRights(\r\n    IntPtr PolicyHandle,\r\n    IntPtr AccountSid,\r\n    LSA_UNICODE_STRING[] UserRights,\r\n    long CountOfRights);\r\n \r\n[DllImport(\"advapi32\")]\r\npublic static extern void FreeSid(IntPtr pSid);\r\n \r\n[DllImport(\"advapi32.dll\", CharSet = CharSet.Auto, SetLastError = true, PreserveSig = true)]\r\nprivate static extern bool LookupAccountName(\r\n    string lpSystemName, string lpAccountName,\r\n    IntPtr psid,\r\n    ref int cbsid,\r\n    StringBuilder domainName, ref int cbdomainLength, ref int use);\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern bool IsValidSid(IntPtr pSid);\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern long LsaClose(IntPtr ObjectHandle);\r\n \r\n[DllImport(\"kernel32.dll\")]\r\nprivate static extern int GetLastError();\r\n \r\n[DllImport(\"advapi32.dll\")]\r\nprivate static extern long LsaNtStatusToWinError(long status);\r\n \r\n\/\/ define the structures\r\n \r\nprivate enum LSA_AccessPolicy : long\r\n{\r\n    POLICY_VIEW_LOCAL_INFORMATION = 0x00000001L,\r\n    POLICY_VIEW_AUDIT_INFORMATION = 0x00000002L,\r\n    POLICY_GET_PRIVATE_INFORMATION = 0x00000004L,\r\n    POLICY_TRUST_ADMIN = 0x00000008L,\r\n    POLICY_CREATE_ACCOUNT = 0x00000010L,\r\n    POLICY_CREATE_SECRET = 0x00000020L,\r\n    POLICY_CREATE_PRIVILEGE = 0x00000040L,\r\n    POLICY_SET_DEFAULT_QUOTA_LIMITS = 0x00000080L,\r\n    POLICY_SET_AUDIT_REQUIREMENTS = 0x00000100L,\r\n    POLICY_AUDIT_LOG_ADMIN = 0x00000200L,\r\n    POLICY_SERVER_ADMIN = 0x00000400L,\r\n    POLICY_LOOKUP_NAMES = 0x00000800L,\r\n    POLICY_NOTIFICATION = 0x00001000L\r\n}\r\n \r\n[StructLayout(LayoutKind.Sequential)]\r\nprivate struct LSA_OBJECT_ATTRIBUTES\r\n{\r\n    public int Length;\r\n    public IntPtr RootDirectory;\r\n    public readonly LSA_UNICODE_STRING ObjectName;\r\n    public UInt32 Attributes;\r\n    public IntPtr SecurityDescriptor;\r\n    public IntPtr SecurityQualityOfService;\r\n}\r\n \r\n[StructLayout(LayoutKind.Sequential)]\r\nprivate struct LSA_UNICODE_STRING\r\n{\r\n    public UInt16 Length;\r\n    public UInt16 MaximumLength;\r\n    public IntPtr Buffer;\r\n}\r\n\/\/\/ \r\n\/\/Adds a privilege to an account\r\n \r\n\/\/\/ Name of an account - \"domain\\account\" or only \"account\"\r\n\/\/\/ Name ofthe privilege\r\n\/\/\/ The windows error code returned by LsaAddAccountRights\r\npublic static long SetRight(String accountName, String privilegeName)\r\n{\r\n    long winErrorCode = 0; \/\/contains the last error\r\n \r\n    \/\/pointer an size for the SID\r\n    IntPtr sid = IntPtr.Zero;\r\n    int sidSize = 0;\r\n    \/\/StringBuilder and size for the domain name\r\n    var domainName = new StringBuilder();\r\n    int nameSize = 0;\r\n    \/\/account-type variable for lookup\r\n    int accountType = 0;\r\n \r\n    \/\/get required buffer size\r\n    LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize, ref accountType);\r\n \r\n    \/\/allocate buffers\r\n    domainName = new StringBuilder(nameSize);\r\n    sid = Marshal.AllocHGlobal(sidSize);\r\n \r\n    \/\/lookup the SID for the account\r\n    bool result = LookupAccountName(String.Empty, accountName, sid, ref sidSize, domainName, ref nameSize,\r\n                                    ref accountType);\r\n \r\n    \/\/say what you're doing\r\n    Console.WriteLine(\"LookupAccountName result = \" + result);\r\n    Console.WriteLine(\"IsValidSid: \" + IsValidSid(sid));\r\n    Console.WriteLine(\"LookupAccountName domainName: \" + domainName);\r\n \r\n    if (!result)\r\n    {\r\n        winErrorCode = GetLastError();\r\n        Console.WriteLine(\"LookupAccountName failed: \" + winErrorCode);\r\n        \/\/return winErrorCode;\r\n    }\r\n    else\r\n    {\r\n        \/\/initialize an empty unicode-string\r\n        var systemName = new LSA_UNICODE_STRING();\r\n        \/\/combine all policies\r\n        var access = (int) (\r\n                                LSA_AccessPolicy.POLICY_AUDIT_LOG_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_CREATE_ACCOUNT |\r\n                                LSA_AccessPolicy.POLICY_CREATE_PRIVILEGE |\r\n                                LSA_AccessPolicy.POLICY_CREATE_SECRET |\r\n                                LSA_AccessPolicy.POLICY_GET_PRIVATE_INFORMATION |\r\n                                LSA_AccessPolicy.POLICY_LOOKUP_NAMES |\r\n                                LSA_AccessPolicy.POLICY_NOTIFICATION |\r\n                                LSA_AccessPolicy.POLICY_SERVER_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_SET_AUDIT_REQUIREMENTS |\r\n                                LSA_AccessPolicy.POLICY_SET_DEFAULT_QUOTA_LIMITS |\r\n                                LSA_AccessPolicy.POLICY_TRUST_ADMIN |\r\n                                LSA_AccessPolicy.POLICY_VIEW_AUDIT_INFORMATION |\r\n                                LSA_AccessPolicy.POLICY_VIEW_LOCAL_INFORMATION\r\n                            );\r\n        \/\/initialize a pointer for the policy handle\r\n        IntPtr policyHandle = IntPtr.Zero;\r\n \r\n        \/\/these attributes are not used, but LsaOpenPolicy wants them to exists\r\n        var ObjectAttributes = new LSA_OBJECT_ATTRIBUTES();\r\n        ObjectAttributes.Length = 0;\r\n        ObjectAttributes.RootDirectory = IntPtr.Zero;\r\n        ObjectAttributes.Attributes = 0;\r\n        ObjectAttributes.SecurityDescriptor = IntPtr.Zero;\r\n        ObjectAttributes.SecurityQualityOfService = IntPtr.Zero;\r\n \r\n        \/\/get a policy handle\r\n        uint resultPolicy = LsaOpenPolicy(ref systemName, ref ObjectAttributes, access, out policyHandle);\r\n        winErrorCode = LsaNtStatusToWinError(resultPolicy);\r\n \r\n        if (winErrorCode != 0)\r\n        {\r\n            Console.WriteLine(\"OpenPolicy failed: \" + winErrorCode);\r\n            \/\/return winErrorCode;\r\n        }\r\n        else\r\n        {\r\n            \/\/Now that we have the SID an the policy,\r\n            \/\/we can add rights to the account.\r\n \r\n            \/\/initialize an unicode-string for the privilege name\r\n            var userRights = new LSA_UNICODE_STRING[1];\r\n            userRights[0] = new LSA_UNICODE_STRING();\r\n            userRights[0].Buffer = Marshal.StringToHGlobalUni(privilegeName);\r\n            userRights[0].Length = (UInt16) (privilegeName.Length*UnicodeEncoding.CharSize);\r\n            userRights[0].MaximumLength = (UInt16) ((privilegeName.Length + 1)*UnicodeEncoding.CharSize);\r\n \r\n            \/\/add the right to the account\r\n            long res = LsaAddAccountRights(policyHandle, sid, userRights, 1);\r\n            winErrorCode = LsaNtStatusToWinError(res);\r\n            if (winErrorCode != 0)\r\n            {\r\n                Console.WriteLine(\"LsaAddAccountRights failed: \" + winErrorCode);\r\n                \/\/return winErrorCode;\r\n            }\r\n \r\n            LsaClose(policyHandle);\r\n        }\r\n        FreeSid(sid);\r\n    }\r\n \r\n    return winErrorCode;\r\n}\r\n\r\n}\r\n\"@\r\n<\/pre>\n<p>I'll admit this is beyond what I normally do in PowerShell but I'm willing to learn new things and did with this challenge. With this class it is much easier to add the type and invoke the method.<\/p>\n<pre class=\"lang:batch decode:true \" >PS C:\\&gt; Add-Type -TypeDefinition $class \r\nPS C:\\&gt; [lsawrapper]::SetRight(\"jh-win81-ent\\svctest\",\"SeServiceLogonRight\")\r\nLookupAccountName result = True\r\nIsValidSid: True\r\nLookupAccountName domainName: JH-WIN81-ENT\r\n0<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>I saw a comment on Twitter today about a limitation in PowerShell. Specifically the ability to grant the logon as a service right to a user account. Manually, if you use the Services management console and specify the user, Windows will automatically grant that right. But if you are trying to do this from a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Add Logon As Service Right with #PowerShell http:\/\/wp.me\/p1nF6U-XJ","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4,8,62],"tags":[260,534,540],"class_list":["post-3703","post","type-post","status-publish","format-standard","hentry","category-powershell","category-scripting","category-security","tag-add-type","tag-powershell","tag-scripting"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator\" \/>\n<meta property=\"og:description\" content=\"I saw a comment on Twitter today about a limitation in PowerShell. Specifically the ability to grant the logon as a service right to a user account. Manually, if you use the Services management console and specify the user, Windows will automatically grant that right. But if you are trying to do this from a...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/\" \/>\n<meta property=\"og:site_name\" content=\"The Lonely Administrator\" \/>\n<meta property=\"article:published_time\" content=\"2014-02-20T19:25:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-02-20T21:23:29+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png\" \/>\n<meta name=\"author\" content=\"Jeffery Hicks\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:site\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeffery Hicks\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/\"},\"author\":{\"name\":\"Jeffery Hicks\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"headline\":\"Add Logon As Service Right with PowerShell\",\"datePublished\":\"2014-02-20T19:25:47+00:00\",\"dateModified\":\"2014-02-20T21:23:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/\"},\"wordCount\":502,\"commentCount\":9,\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2011\\\/10\\\/talkbubble-150x150.png\",\"keywords\":[\"Add-Type\",\"PowerShell\",\"Scripting\"],\"articleSection\":[\"PowerShell\",\"Scripting\",\"security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/\",\"name\":\"Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2011\\\/10\\\/talkbubble-150x150.png\",\"datePublished\":\"2014-02-20T19:25:47+00:00\",\"dateModified\":\"2014-02-20T21:23:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#primaryimage\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2011\\\/10\\\/talkbubble.png\",\"contentUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2011\\\/10\\\/talkbubble.png\",\"width\":\"198\",\"height\":\"208\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/3703\\\/add-logon-as-service-right-with-powershell\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"PowerShell\",\"item\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/category\\\/powershell\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Add Logon As Service Right with PowerShell\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/\",\"name\":\"The Lonely Administrator\",\"description\":\"Practical Advice for the Automating IT Pro\",\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\",\"name\":\"Jeffery Hicks\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"caption\":\"Jeffery Hicks\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/","og_locale":"en_US","og_type":"article","og_title":"Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator","og_description":"I saw a comment on Twitter today about a limitation in PowerShell. Specifically the ability to grant the logon as a service right to a user account. Manually, if you use the Services management console and specify the user, Windows will automatically grant that right. But if you are trying to do this from a...","og_url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/","og_site_name":"The Lonely Administrator","article_published_time":"2014-02-20T19:25:47+00:00","article_modified_time":"2014-02-20T21:23:29+00:00","og_image":[{"url":"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png","type":"","width":"","height":""}],"author":"Jeffery Hicks","twitter_card":"summary_large_image","twitter_creator":"@JeffHicks","twitter_site":"@JeffHicks","twitter_misc":{"Written by":"Jeffery Hicks","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#article","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/"},"author":{"name":"Jeffery Hicks","@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"headline":"Add Logon As Service Right with PowerShell","datePublished":"2014-02-20T19:25:47+00:00","dateModified":"2014-02-20T21:23:29+00:00","mainEntityOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/"},"wordCount":502,"commentCount":9,"publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#primaryimage"},"thumbnailUrl":"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png","keywords":["Add-Type","PowerShell","Scripting"],"articleSection":["PowerShell","Scripting","security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/","url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/","name":"Add Logon As Service Right with PowerShell &#8226; The Lonely Administrator","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#primaryimage"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#primaryimage"},"thumbnailUrl":"http:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble-150x150.png","datePublished":"2014-02-20T19:25:47+00:00","dateModified":"2014-02-20T21:23:29+00:00","breadcrumb":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#primaryimage","url":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble.png","contentUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble.png","width":"198","height":"208"},{"@type":"BreadcrumbList","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3703\/add-logon-as-service-right-with-powershell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"PowerShell","item":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},{"@type":"ListItem","position":2,"name":"Add Logon As Service Right with PowerShell"}]},{"@type":"WebSite","@id":"https:\/\/jdhitsolutions.com\/blog\/#website","url":"https:\/\/jdhitsolutions.com\/blog\/","name":"The Lonely Administrator","description":"Practical Advice for the Automating IT Pro","publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jdhitsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9","name":"Jeffery Hicks","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","caption":"Jeffery Hicks"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg"}}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":130,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/130\/techmentor-san-francisco-2008\/","url_meta":{"origin":3703,"position":0},"title":"Techmentor San Francisco 2008","author":"Jeffery Hicks","date":"February 22, 2008","format":false,"excerpt":"I finished up my slide decks last week for the first Techmentor conference of the year in San Francisco (March 30 -April 3). If you've never been to a Techmentor conference you're missing a great opportunity to hear and see your favorite IT speakers. Plus it's a lot of fun\u2026","rel":"","context":"In &quot;PowerShell&quot;","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":133,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/133\/techmentor-just-around-the-corner\/","url_meta":{"origin":3703,"position":1},"title":"Techmentor Just Around the Corner","author":"Jeffery Hicks","date":"March 4, 2008","format":false,"excerpt":"The registration deadline for the first Techmentor conference of the year is almost upon us. I'll be doing sessions on using Powershell to manage Active Directory, PowerShell and WMI, Logon Scripts and more. Plus, I'm always happy to hang out and chat. I always have a great time. Hope to\u2026","rel":"","context":"In &quot;PowerShell&quot;","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":7468,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7468\/powershell-7-scripting-with-the-powershell-ise\/","url_meta":{"origin":3703,"position":2},"title":"PowerShell 7 Scripting with the PowerShell ISE","author":"Jeffery Hicks","date":"May 11, 2020","format":false,"excerpt":"By now, everyone should have gotten the memo that with the move to PowerShell 7, the PowerShell ISE should be considered deprecated. When it comes to PowerShell script and module development for PowerShell 7, the recommended tool is Visual Studio Code. It is free and offers so much more than\u2026","rel":"","context":"In &quot;PowerShell&quot;","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/05\/ise-ps7.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/05\/ise-ps7.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/05\/ise-ps7.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/05\/ise-ps7.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":7193,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","url_meta":{"origin":3703,"position":3},"title":"Better Event Logs with PowerShell","author":"Jeffery Hicks","date":"January 24, 2020","format":false,"excerpt":"Because I don't work in a corporate environment, I don't always see opportunities where PowerShell can make your life better as an IT professional. I have a friend -- let's call her Gladys Kravitz. Gladys and I were chatting and she mentioned how tricky it is to pull information out\u2026","rel":"","context":"In &quot;PowerShell&quot;","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":404,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/404\/5-minute-powershell\/","url_meta":{"origin":3703,"position":4},"title":"5 Minute PowerShell","author":"Jeffery Hicks","date":"September 28, 2009","format":false,"excerpt":"My October Mr. Roboto column is now available online. The article contains my suggestions for how someone completely new to PowerShell might spend their first 5 minutes. Perhaps not literally, since I expect most people will want to spend more than 60 seconds on my suggested steps. But overall I\u2026","rel":"","context":"In &quot;CommandLine&quot;","block_context":{"text":"CommandLine","link":"https:\/\/jdhitsolutions.com\/blog\/category\/commandline\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2009\/09\/zrtn_001p595cc73_tn.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":541,"url":"https:\/\/jdhitsolutions.com\/blog\/training\/541\/promoting-powershell\/","url_meta":{"origin":3703,"position":5},"title":"Promoting PowerShell","author":"Jeffery Hicks","date":"January 6, 2010","format":false,"excerpt":"This question comes up quite often: \"How can I encourage adoption of Windows PowerShell in my organization?\" I periodically poll people about their adoption plans and what sort of things are standing in the way. Most of the obstacles in my opinion can be cleared with experience, exposure and education.\u2026","rel":"","context":"In &quot;CommandLine&quot;","block_context":{"text":"CommandLine","link":"https:\/\/jdhitsolutions.com\/blog\/category\/commandline\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/3703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=3703"}],"version-history":[{"count":0,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/3703\/revisions"}],"wp:attachment":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=3703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=3703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=3703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}