How do I create a user that can join a computer to the domain but can't logon to any computers?
I want to create a user for sysprep to use to join the computer to the domain but I don't want this user able to do anything else. I already added the user to "Add workstations to domain" right in the default group policy so all thats left is not letting the user log on. Is this possible? My first guess would be to add the user to "Deny logon locally" user right but would this prevent them from joining the computer to the domain? Can anyone suggest anything else to secure the account?