#Add to Local Security Policy
function Add-ServiceLogonRight([string] $Username) {
    Write-Host "Enable ServiceLogonRight for $Username"

    $tmp = New-TemporaryFile
    secedit /export /cfg "$tmp.inf" | Out-Null
    (Get-Content -Encoding ascii "$tmp.inf") -replace '^SeServiceLogonRight .+', "`$0,$Username" | sc -Encoding ascii "$tmp.inf"
    secedit /import /cfg "$tmp.inf" /db "$tmp.sdb" | Out-Null
    secedit /configure /db "$tmp.sdb" /cfg "$tmp.inf" | Out-Null
    Remove-Item $tmp* -ea 0
}

Add-ServiceLogonRight -Username svccohesitysql

# Set Service to Run as Service Account
Stop-Service -Name CohesityAgent
sc.exe config "CohesityAgent" obj="NDGOV\svccohesitysql" password="radiant-yx8aHMrGtc"
Start-Service -Name CohesityAgent

# Add to Local Administrators group
Add-LocalGroupMember -Group Administrators -Member "ndgov\svccohesitysql"