<div>
Where do I find this? Under user rights assignment I see Deny log on locally, deny log on through terminal services, deny log on as a service, deny log on as a batch job. My domain functional level is windows server 2003
</div>


Where do I find this? Under user rights assignment I see Deny log on locally, deny log on through terminal services, deny log on as a service, deny log on as a batch job. My domain functional level is windows server 2003

<div>
<div class="content wysiwyg-content">
How do I create a user that can join a computer to the domain but can't logon to any computers?<br />
<br />
I want to create a user for sysprep to use to join the computer to the domain but I don't want this user able to do anything else. I already added the user to &quot;Add workstations to domain&quot; right in the default group policy so all thats left is not letting the user log on. Is this possible? My first guess would be to add the user to &quot;Deny logon locally&quot; user right but would this prevent them from joining the computer to the domain? Can anyone suggest anything else to secure the account? 
</div>
</div>


How do I create a user that can join a computer to the domain but can't logon to any computers?

I want to create a user for sysprep to use to join the computer to the domain but I don't want this user able to do anything else. I already added the user to "Add workstations to domain" right in the default group policy so all thats left is not letting the user log on. Is this possible? My first guess would be to add the user to "Deny logon locally" user right but would this prevent them from joining the computer to the domain? Can anyone suggest anything else to secure the account? 

Join computer to domain but can't logon to computers

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).