So I have just a simple thing here:
When giving MSSQLSERVER the "Log on as a service" right (required for the SQL instance to run), it is taken away after every restart. How to resolve this in an easy way?
First, create a GPO and add "Local SQL Services" to the "Log on as a service" Policy
Next, apply that policy to an OU that contains the SQL server.
Note: in my case the SQL server is under "Member Servers" so I applied the GPO to that. This isn't an issue for the other non-SQL servers because the local group "Local SQL Services" doesn't exist on them anyway.
On the SQL Server, create a group called "Local SQL Services".
Put the user "NT SERVICE\MSSQLSERVER" into that group.
Run "GPUPDATE /FORCE" at an admin command prompt.
Restart the SQL server and you should find that the SQL services have started.