Re: Deny interactive login

From: Roger Abell [MVP] (
Date: 08/31/05

Date: Wed, 31 Aug 2005 05:38:03 -0700

Use of RunAs from within an interactive session requires that the
"runas" account has interactive login rights.
There is no way to obscure the credentials for a "runas" invocation
when encoded within a script so that they cannot be obtained.
You should get regmon and filemon from
and analyze where the failures are when the java sdk is used by
a standard user account and adjust the missing permissions.

"JayH" <> wrote in message
>I am trying to setup an acount that is a local admin to a group of
> workstations but is not allowed to login.  I need it to work under the 
> runas
> command though.  I work at a school and am setting up the nesest version 
> of
> the java sdk which seems to require a admin acount to run it correctly. 
> By
> using the runas command with a account that has admin rights it does work 
> but
> I want to take away the ability for them to login to the machine with that
> account.  I have tried usoing the deny login policy but then it doesnt 
> work
> at all.  Are there any other ways to prevent this acount from being used
> other then for the runas batch file I have already setup.  We are using a
> 2000/2003 domain with 500+ workstations on it. 

Relevant Pages

  • Re: vista problems
    ... Look into the runas command. ... Log into whatever standard account you can. ... Start a command prompt. ... reasons i hid it from the login screen. ...
  • Re: vista problems
    ... Log into whatever standard account you can. ... Start a command prompt. ... runas /user:MyOtherAccountWithAdminRights regedit ... reasons i hid it from the login screen. ...
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
  • Re: AD Security Groups break Authentication
    ... I can do a domain login using my own account & a couple others, but one specific account can't login. ... My ping testing showed that 1430 was the highest MTU setting that wouldn't result in fragmentation. ... As soon as the network engineers changed the MTU from the default of 1500 to 1400, all domain traffic stopped and they detected a ton of errors, so we restored the MTU to 1500. ...