I working to protect school computers using Windows Shared Computer Toolkit.
In order to run some old programmes I have found it necessary to use "Run with Different Credentials", using a specially created Administrator account called, say, Admin2 (although the name used is less obvious than this). I can supply the students with the password to Admin2 so they can run the programme. So far so good.
However I am concerned that, knowing the name/password combination they will be able remember it and use it at the main logon screen. I have prevented this account from showing in the list of users, but they could still access the account by using Ctl+Alt+Del twice.
Can you suggest another method or policy I can use to prevent login occurring in this way for Admin2 , or another method of providing access to the legacy programmes? The computers are not connecting to a domain.
I tried adding the user to the "Deny Logon Locally" policy but this prevented the legacy programmes from running.