Re: Deny interactive login
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 08/31/05
- Previous message: Craig B: "Re: Deny access to certain IP address"
- In reply to: JayH: "Deny interactive login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Aug 2005 05:38:03 -0700
Use of RunAs from within an interactive session requires that the
"runas" account has interactive login rights.
There is no way to obscure the credentials for a "runas" invocation
when encoded within a script so that they cannot be obtained.
You should get regmon and filemon from www.sysinternals.com
and analyze where the failures are when the java sdk is used by
a standard user account and adjust the missing permissions.
-- Roger "JayH" <JayH@discussions.microsoft.com> wrote in message news:6D89A9E4-8B63-4AC7-8FE2-AE16DB0F9093@microsoft.com... >I am trying to setup an acount that is a local admin to a group of > workstations but is not allowed to login. I need it to work under the > runas > command though. I work at a school and am setting up the nesest version > of > the java sdk which seems to require a admin acount to run it correctly. > By > using the runas command with a account that has admin rights it does work > but > I want to take away the ability for them to login to the machine with that > account. I have tried usoing the deny login policy but then it doesnt > work > at all. Are there any other ways to prevent this acount from being used > other then for the runas batch file I have already setup. We are using a > 2000/2003 domain with 500+ workstations on it.
- Previous message: Craig B: "Re: Deny access to certain IP address"
- In reply to: JayH: "Deny interactive login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
