Disable interactive logon for all service accounts

nav2567
nav2567 used Ask the Experts™
on
Hello,

We created an AD account which is in the domain admin group and use it in some Windows Services.  

If I want to disable  interactive logon for this service account, what is the best way to do it?

Please advise.

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Architect
Distinguished Expert 2018
Commented:
set computer gpo on computers and set deny logon locally to those specific accounts

https://4sysops.com/archives/deny-and-allow-workstation-logons-with-group-policy/
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
Same process as setting up a Tier as described in this article. Instead of isolating the GPO to some devices, apply it to all and add all the service accounts to the group which will be denied logon
https://www.experts-exchange.com/articles/29515/Active-Directory-Simple-Tier-Isolation.html

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial