We have GP to only allow certain account logon as batch and logonover the network. After a few IIS servers restart GP is applied but then changed by IIS Admin. Once a normal refresh happens a few hours later the permission is removed. How do I stop this before we are scanned for compliance? It starts with Event ID 808 by System, Source Name IIS-Metabase and Process ID which points to IISADMIN Service. Then below is registered in event and if you check local policy the changes are made. Event Type: Success Audit Event Source: Security Event Category: Policy Change Event ID: 621 Date: 11/18/2009 Time: 6:36:44 PM User: NT AUTHORITY\SYSTEM Computer: SERVERNAMEDescription: System Security Access Granted: Access Granted: SeBatchLogonRight Account Modified: ServerNAME\IWAM_Servername

Hi dcindy8,As the issue seems to be related to IIS, it is recommend you to initial a new thread in the IIS discussion forum. The engineers and the community members have more knowledge of it and can help you in a more efficient way. IIS Discussion forum http://forums.iis.net/ Hope the issue will be resolved soon. This posting is provided "AS IS" with no warranties, and confers no rights.