Creating accounts for service logon only?

allangray
allangray used Ask the Experts™
on

How exactly do I allow an account to only logon as a service thereby preventing anybody logging on with that account on a workstation/server?  (for Active Directory - DC's running SP4).

thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2005
Commented:
Setup a user account - add it to the local Administrator group and remove it from the Domain User group.  Create a complex password and record it.  Lock that in your HR's vault.

Using Group Policy, set the security option for "log on as a service" by adding that user.

In the user's properties, set the option to only be able to log into the server.

Hope that helps.

Commented:
Create an standard account, make it an administrator. If you change the domain controller security policy or domain security policy and set the access rights to allow the logon as a service and not logon as interactive. This will prevent the user login on but permit use as a service.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial