As you know the SharePoint Farm Account must have privileges to logon locally for getting “User Profile Service Application” to work.
Today I created a PowerShell script that adds the given account to the “Allog Logon Locally” privilege in the Local Security Policy.
1. My account is “DOMAIN\sp_farm”
2. I start “secpol.msc” (“Local Security Policy”) on the local farm server
3. I’m looking for “Allow Logon Locally”. The account “sp_farm” is not in this setting.
4. I execute the script to add the account.
5. Then I reload the “Local Security Policy” or close and reopen the MMC.
6. Now the account in in the setting:
You can download the script here:
This is the script: