Creating a Security Policy to limit user login...

H

Henry

I created a user account "SQLSvrMgr" and made it part of the Administrators
group in order to use it to run SQL Server Developer services.

But I don't want it to show up as a login alternative on the login screen.
I want it to run the services only.

Is there a way to set this up through the Local Security Policy Manager?

I am looking at policies such as:

User Rights Assignment
Act as part of the operating system
Deny logon locally
Log on as a service


Your help is appreciated
 
G

Guest

Hi, I am aware of one way to hide a user account. In Windows XP Inside Out,
Ed Bott says this: You can prevent an account from appearing on the welcome
screen, thereby creating a "hidden" account. (It's not completely hidden,
because the account is visible to administrators in Local Users And Groups,
and the account's profile in the Documents And Settings folder is visible to
all users.) Use Registry Editor to open HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\SpecialAccounts
UserList. Create a new DWORD value, setting its name to the user name of the
account you want to hide and leaving its value set to 0. Be careful with
this trick: You won't be able to get to the account with Fast User Switching
because the account doesn't appear on the Welcome screen, and pressing
Ctrl+Alt+Del two times at the Welcome sxreen to display the Log on To Windows
dialog box works oly when no other users are l ogged on. Therefore, if ou
want to use this type of hidden account, you should either disable Fast User
Switching pr resign yourself to using the account only when no one else is
logged on.

As you don't want this account used then it wouldn't matter if you had Fast
User Switching enabled. You could simply map it to the services you want it
to run, by using the properties box for each such service in the Services
Snapin.

If somebody else has a better way, great, but this is the only method I am
aware of at this time. I am not an expert by any means, but have read several
books extensively. This is something I rememberd while reading your question
and I hope it is of some help. Good luck and have a great day.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Domain User can't login unless it has local Administrators right 0
Deny Logon Locally 6
Hiding serive user IDs 2
Security Settings for Password Policy and User properties 6
deny logon locally 1
Local Security Policy resets 5
Remote Desktop local policy error 1
Local Security Policy & secedit 4

Top