Interactive logon.

G

Guest

Here is my situation. I have adomain user account that is added into the
local admin accounts of our work stations which is used for adding computers
to the domain. Is there a way to set the permissions so this account will not
be able to perform an interactive logon? Thank You.
 
K

Kerry Brown

Kerry said:
Here is my situation. I have adomain user account that is added into
the local admin accounts of our work stations which is used for
adding computers to the domain. Is there a way to set the permissions
so this account will not be able to perform an interactive logon?
Thank You.
Click to expand...

Don't know if this will work as I don't have time to test it but you may
want to give it a try.

In the user's properties on the Account tab click on the Log On To button.
Set it to "The following computers" and add a computer name that doesn't
exist.

Kerry
 
G

Guest

This will work to some exstent. Unfortunatly it is more complicated then
this. Since the account is also is used to joint new workstation to the
domain in a scripted routine. Thanks Any ways.
 
B

bagins

You can use domain (or local ) security policy -> comp. config. -> windows
settings -> security settings -> local policies -> user rights assignment ->
deny log on locally.
Regards
 
K

Kerry Brown

bagins said:
You can use domain (or local ) security policy -> comp. config. ->
windows settings -> security settings -> local policies -> user
rights assignment -> deny log on locally.
Regards
Click to expand...

I think as that is a computer setting it will stop anyone from logging on
locally to whatever computers the policy applies. I don't know of a group
policy setting that would stop a user from logging on locally.
 
B

bagins

It is a computer setting because a user is logging on to computer, not vice
versa. Just specify the user you don't want logged on locally.
Anyway, you should test GPO changes in lab first, before implementing them
in production environment. You can use virtualization software like
virtualpc or vmware gsx server (it is free of charge) for your lab. Also,
use Microsoft GPMC for administering, testing and deploying GPOs, it has
great feature called planning mode.
Regards.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can't Turn Off "Smart card is required for interactive logon" 3
Deny Interactive Logon but Allow Runas 9
Not allowed for interactive logon 1
Feral Interactive - Rise of the Tomb Raider 4
How is interactive logon service installed and activated? 1
Offer Remote Assistance - "Permission denied" - Windows XP SP2 2
Is non-admin logon worth it? 6
Deny Logon Locally 6

Top