Deny local logon for a admin service account

We needed to create a user account in 2003AD that had Domain Acess. This was so the service that was running could logon to all servers. How do I disable this user from accessing AD related resources, and the user actually  using this service account to log on to servers?
LVL 5
shankshankAsked:
Who is Participating?
 
carceneaConnect With a Mentor Commented:
You can do this through Group Policy. You can created a new domain wide policy or edit the Default Domain Policy and make the following change:

Once editing the Group Policy Object go to:

Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny logon locally

Edit the Deny logon locally field and add the user in question.

Hope this helps!
0
 
shankshankAuthor Commented:
oaky  then do i need to specify that account the ability to log on as a service or batch?  or is that a given
0
 
shankshankAuthor Commented:
oh also to clarify
this account does not log on locally but through term services
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.