Create a user that can't effectuate login

  • Thread starter Thread starter billie
  • Start date Start date
B

billie

Hi all. I would like to create an Administrator user that can't effectuate
log in. It should only be used from runas.exe.
The SYSTEM user act like this, so I think that it should be possible.

Thanks in advance.
 
If you are using XP Pro open Local Security Policy and go to local
policies/user rights and add that user to the user right for deny logon
locally. If you are using XP Home you could try using the Resource Kit tool
called NTrights. If you use NTrights beware that the privilege you list is
case sensitive. --- Steve
 
billie said:
Hi all. I would like to create an Administrator user that can't
effectuate log in. It should only be used from runas.exe.
The SYSTEM user act like this, so I think that it should be possible.

Thanks in advance.

I answered/asked for clarification to your identical post in
microsoft.public.security.homeusers. Please go back to that thread and
keep it there. Please do not multipost; crosspost judiciously only if
you must.

http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Malke
 
Malke said:
I answered/asked for clarification to your identical post in
microsoft.public.security.homeusers. Please go back to that thread and
keep it there. Please do not multipost; crosspost judiciously only if
you must.

http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Malke

Mr. Umbach has given you a great answer. You should also consider
putting in a server and using AD since you have 10 workstations.

Malke
 
Perfect, it works.
Thank you.
I answered/asked for clarification to your identical post in
microsoft.public.security.homeusers. Please go back to that thread and
keep it there. Please do not multipost; crosspost judiciously only if
you must.

I'm really sorry.
I didn't awared that microsoft.public.security.homeusers was related with
this one.
 
billie said:
Perfect, it works.
Thank you.


I'm really sorry.
I didn't awared that microsoft.public.security.homeusers was related
with this one.

It isn't. Keep more posts about this subject in this newsgroup as you
are most likely to get expert answers from people like Mr. Umbach here.

Malke
 
Another question.

I'd need to apply some other changes on secpol.msc that I would like to
automatically replicate on other workstation via script or via export/import
function.
How can I do this?
Does it is possible to know wich registries are modified when I set a policy
on secpol.msc? Does exist a "registry monitor" software that captures
registry writings?
If this could be possible I could write a little script by using reg.exe.

Thank you for now for you precious helping.
 
Well you don't give much information about what you are working with. If you
are managing an Active Directory domain then you can use Group Policy to
apply the changes quickly and easily to a couple million computers if need
be. For non domain computers you can create a custom security template and
import it manually into the other computers [right click security settings
and select import policy] or use the command secedit to apply the security
template. You can see, manage, create, and copy security templates via the
mmc snapin for security templates. You can also use the mmc snapin for
Security Configuration and Analysis to compare and apply security templates
as shown in the link below which also applies mostly to XP Pro and also
describes the secedit command.

http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/seconfig.mspx

I would avoid using .reg files if you can accomplish what you want with
security templates. It just makes everything easier to manage and have more
consistent results. You certainly can see the registry setting by using a
registry snapshot program that will take two or more snapshots of the
registry and compare the results which could be done before and after you
change a setting in Local Security Policy. Regnap and Regshot are two
popular registry snapshot tools. There will however be some noise in the
results of the comparison report but the info is there and usually is a
modified [versus added/deleted] registry value and for Local Security Policy
would be HKLM. If you ever use a registry snapshot tool to find a user
setting the report may show the user SID [big long number with hyphens] but
you want to configure the same setting under HKCU. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top