You can grant permission to log on as a service to a specific device or to all devices in a domain. The "Log on as a service" permission allows you to start a process using an account that has been granted this permission.
To grant the "Log on as a service" permission to a device:
Open the Run window by pressing the key combination Win+R.
In the opened window, type secpol.msc and click OK.
The Local security policy window opens.
Go to Security settings → Local policies → User rights assignment.
In the pane on the right, double-click to open the properties of the Log on as a service policy.
In the opened Properties: Log on as a Service window, click the Add User or Group button.
The Select Users or Groups window opens.
In the Enter the object names to select (examples) field, list the names of the accounts or devices to which you want to grant the permission to log on as a service. Click OK.
Before granting the permission, make sure that the accounts or devices to which you want to grant the Log on as a service permission are not listed in the properties of the Deny log on as a service policy.
To grant the "Log on as a service" permission to devices in a domain:
Open the Run window by pressing the key combination Win+R.
In the opened window, type gpedit.msc and click OK.
The Local Group Policy Editor window opens.
Select Computer configuration → Windows configuration → Security settings → Local policies → User rights assignment.
In the pane on the right, double-click to open the properties of the Log on as a service policy.
In the opened Properties: Log on as a Service window, click the Add User or Group button.
The Select Users or Groups window opens.
In the Enter the object names to select (examples) field, list the names of the users or devices to which you want to grant the permission to log on as a service. Click OK.
Before granting the permission, make sure that the accounts or devices to which you want to grant the Log on as a service permission are not listed in the properties of the Deny log on as a service policy.