Interactive logon.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Here is my situation. I have adomain user account that is added into the
local admin accounts of our work stations which is used for adding computers
to the domain. Is there a way to set the permissions so this account will not
be able to perform an interactive logon? Thank You.
 
Kerry said:
Here is my situation. I have adomain user account that is added into
the local admin accounts of our work stations which is used for
adding computers to the domain. Is there a way to set the permissions
so this account will not be able to perform an interactive logon?
Thank You.
Click to expand...

Don't know if this will work as I don't have time to test it but you may
want to give it a try.

In the user's properties on the Account tab click on the Log On To button.
Set it to "The following computers" and add a computer name that doesn't
exist.

Kerry
 
This will work to some exstent. Unfortunatly it is more complicated then
this. Since the account is also is used to joint new workstation to the
domain in a scripted routine. Thanks Any ways.
 
You can use domain (or local ) security policy -> comp. config. -> windows
settings -> security settings -> local policies -> user rights assignment ->
deny log on locally.
Regards
 
bagins said:
You can use domain (or local ) security policy -> comp. config. ->
windows settings -> security settings -> local policies -> user
rights assignment -> deny log on locally.
Regards
Click to expand...

I think as that is a computer setting it will stop anyone from logging on
locally to whatever computers the policy applies. I don't know of a group
policy setting that would stop a user from logging on locally.
 
It is a computer setting because a user is logging on to computer, not vice
versa. Just specify the user you don't want logged on locally.
Anyway, you should test GPO changes in lab first, before implementing them
in production environment. You can use virtualization software like
virtualpc or vmware gsx server (it is free of charge) for your lab. Also,
use Microsoft GPMC for administering, testing and deploying GPOs, it has
great feature called planning mode.
Regards.
 
Back
Top