Re: Disable the right to logon locally
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 05/22/04
- Next message: Roger Abell: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Previous message: Matt Hickman: "Re: Disable the right to logon locally"
- In reply to: Dave Bowman: "Disable the right to logon locally"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 May 2004 22:42:10 -0700
Yes, policy values applied from GPO completely replace
values as they are set with lower priority policy.
You likely cannot add all the local machine accounts to
the policy as applied from the domain.
IIRC you can obscure the password in the unattend
file if you are using the newer deployment toolset.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCSE (W2k3,W2k,Nt4) MCDBA "Dave Bowman" <dbwmn2001@yahoo.com> wrote in message news:47e33e2c.0405200742.a3e4a24@posting.google.com... > I have one doubt about the User Rights Assignment. > I need to setup one user in order to add a computer to a domain using > the unattended setup. Since in this file the password is unencrypted I > want to remove from this special user the opportunity to logon > locally. > The question is the following: if I enable the policy in the Default > Domain Security Settings/Local Policies/User rights assignment/Deny > Logon locally and I add this user, does this change override > completely the machine policies? > I ask this because I notice that an XP workstation has a local setting > which denies logon to support* Users, ASPNET etc. so I'm wondering if > I have to add these users to the domain policy as well > > Thanks > Dave
- Next message: Roger Abell: "Re: 2003 Server / Application Pools - Process Isolation / FrontPage Extensions"
- Previous message: Matt Hickman: "Re: Disable the right to logon locally"
- In reply to: Dave Bowman: "Disable the right to logon locally"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
