We have a site that keeps failing. In the error log, I get:
DCOM got error "Logon failure: the user has not been granted the requested logon type at this computer. " and was unable to logon MachineName\username in order to run the server:"

The vendor of the software that is using the user that keeps failing says we need to allow the IWAM_ and IUSR_ to be allowed to Log on as batch job in the security settings. I've found a couple of tech notes that also say the same thing on various sites, but I'm afraid that giving the IUSR_ the ability to log on as batch job is a security risk.

Have any of you encountered this issue? IS allowing IUSR_ and IWAM_ the ability to log on as batch job a security risk? If we allow this, we have to make the change at the domain controller because the local server's policies are being overridden by the domain controller.

Ideas?