Link to home
Start Free TrialLog in
Avatar of llarava
llaravaFlag for Afghanistan

asked on

Looking for a way to deny user account to be able to logon but keep the access to the mailbox

In order to avoid creating generic AD account when people ask for generic email accounts, we would like to know if there is a way to be able to deny the generic account to be use to logon but not removing the access of getting to the mailbox linked with the account.

We are currently solving this via Public folders but we are looking for something different.

So for example:

Request comes like: Create email account salerorders@domain.com

In order to create a regular mailbox we have to create an account named saleorders in AD and then the mailbox.  This is a problem because then the AD account salesorders can be use to logon on any workstation.
So we would like the account to be locked down and the mailbox accessible.

Any ideas?

Thanks.

Avatar of Mike Kline
Mike Kline
Flag of United States of America image
You can use a group policy at the domain level to "deny logon locally"
The setting can be found here:
Coumputer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment
Setting = Deny log on locally
 
Thanks
Mike

deny-logon-locally.jpg
Avatar of Mestha
Mestha
Flag of United Kingdom of Great Britain and Northern Ireland image
Why don't you just use a public folder or a group rather than a mailbox?

-M
ASKER CERTIFIED SOLUTION
Avatar of Akhater
Akhater
Flag of Lebanon image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of llarava
llarava
Flag of Afghanistan image

ASKER

Akhater:

Can you please point me to the article that talks about it.

Thanks.