| Platform SDK: Active Directory, ADSI, and Directory Services |
If you install your service to run under a domain user account, the account must have the right to logon as a service on the local computer. Note that this logon right applies only to the local computer and must be granted in the local LSA policy of each host computer.
See the lsaprivs sample program in the Platform SDK for sample code that shows how to grant this right to a user account specified in domain\username format. You don't need to do this if your service runs as LocalSystem, which automatically has the right.