RE:How to disable interactive logon for service accounts on W2K a nd W2K3



>I was wondering does any one know of any setting to disable interactive
>logon for service accounts on W2K and W2K3.

>Any light in this direction would be highly appreciated.

>Thanks,

>Saj

You can use security policies to restrict the interactive logon for an
account.

For instance if you open the local security policy mmc, expand the local
policies menu, and select user rights assignment. Take a look at two
settings. One is the, "Deny local logon"; you can add your service accounts
here to prevent them from logging on interactively. You may also want to
the note the opposite setting which is, "Log on locally". This will show
you all the accounts that can log on interactively.


---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------



Relevant Pages

  • Re: Disabling Interactibg Login for Service Accounts
    ... Is there any way that I can prevent certain accounts (service accounts used for applications) from being used to logon interactively (i.e though physical logon at the machine, terminal services, Remote Desktop). ... But that would have to be done explicitly on every computer in the domain and it would still not prevent users from logging on through terminal services or remote desktop. ...
    (microsoft.public.windows.server.security)
  • Re: Restrict both local machine accounts and domain accounts from login
    ... >right to logon as a service. ... >> case) policy. ... >> I do have service accounts that are also part of the Users group for ... >> of the users group. ...
    (microsoft.public.win2000.security)
  • Stop service accounts logging on.
    ... We have created several `service accounts` within Active Directory. ... They were specifically created to start services on servers. ... Is there a way of stopping them logging onto computers, ... could be `Logon hours` and `Logon to` parameters, but still not sure if this ...
    (microsoft.public.windows.server.active_directory)
  • Re: who is logon to that machine ?
    ... this includes service accounts of course. ... Assume a nt id is logon to the pc, ... I assume registry are changed to highlight in their ... > Of course when no one logs on, the changes in registry shld be "no ...
    (microsoft.public.windows.server.scripting)