Denied Local Logon but capable of use RunAs

[Durby vend]

Is there a way to block specific account of locally logon to a machine,
but still allow that specific account to run inside RunAs environment ?

i check that system event log able to identify these 2 different logon type
with a value of 11 and 2.

is there a way to set this combination of security in policies ?

thanks!

 

[Steven L Umbach]

For XP Pro open Local Security Policy and go to local policies/user rights
and add the user to the user right for deny logon locally. --- Steve

 

[Durby vend]

steven,
if i would to deny logon to userA,
will locally logon userB able to use RunAs with UserA account ?

Thanks!

 

[Steven L Umbach]

I believe so. Try it out and let us know. --- Steve