• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1856
  • Last Modified:

Deny local logon for a admin service account

We needed to create a user account in 2003AD that had Domain Acess. This was so the service that was running could logon to all servers. How do I disable this user from accessing AD related resources, and the user actually  using this service account to log on to servers?
  • 2
1 Solution
You can do this through Group Policy. You can created a new domain wide policy or edit the Default Domain Policy and make the following change:

Once editing the Group Policy Object go to:

Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny logon locally

Edit the Deny logon locally field and add the user in question.

Hope this helps!
shankshankAuthor Commented:
oaky  then do i need to specify that account the ability to log on as a service or batch?  or is that a given
shankshankAuthor Commented:
oh also to clarify
this account does not log on locally but through term services
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now