Solved

Deny local logon for a admin service account

Posted on 2007-11-15
3
1,815 Views
Last Modified: 2013-12-04
We needed to create a user account in 2003AD that had Domain Acess. This was so the service that was running could logon to all servers. How do I disable this user from accessing AD related resources, and the user actually  using this service account to log on to servers?
0
Comment
Question by:shankshank
  • 2
3 Comments
 
LVL 7

Accepted Solution

by:
carcenea earned 500 total points
Comment Utility
You can do this through Group Policy. You can created a new domain wide policy or edit the Default Domain Policy and make the following change:

Once editing the Group Policy Object go to:

Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny logon locally

Edit the Deny logon locally field and add the user in question.

Hope this helps!
0
 
LVL 5

Author Comment

by:shankshank
Comment Utility
oaky  then do i need to specify that account the ability to log on as a service or batch?  or is that a given
0
 
LVL 5

Author Comment

by:shankshank
Comment Utility
oh also to clarify
this account does not log on locally but through term services
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
This video discusses moving either the default database or any database to a new volume.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now