Disable logon to XP without disabling or locking account?
- From: hemlockz <ian.m.cameron@xxxxxxxxx>
- Date: Wed, 12 Mar 2008 16:04:10 -0700 (PDT)
We have a couple domain accounts that are members of the local
Administrators group on all our workstations. (Our domain users are
Power Users.) We use these accounts to log in and install programs
and things that Power Users cannot. A while ago one of the IT created
another account and added it to the group with the intent of using the
account for Run As... installation scripts and things of that nature.
Pretty soon a couple of domain users have read the batch files and
taken the password for that account and are now using it to log on to
their workstations and install software. They only call IT after they
have ruined their registry or downloaded a virus. The Run As...
account has been very helpful and a huge time saver but opened up this
security hole. It would not be so much of a problem if we could
restrict log on from the account but still use it to "Run As..."
Unfortunately if I modify the Log On To... under the account
properties in Active Directory the Run As... will not work unless the
the account is also allowed to log on. Is there anything we can do to
prevent the account from logging on to Windows XP, but still be able
to Run As...? Thanks.
.
- Follow-Ups:
- Re: Disable logon to XP without disabling or locking account?
- From: Lanwench [MVP - Exchange]
- Re: Disable logon to XP without disabling or locking account?
- Prev by Date: Re: Norton 360 and Installer failure
- Next by Date: removing a thin client and replacing with a desktop
- Previous by thread: Re: computer shows
- Next by thread: Re: Disable logon to XP without disabling or locking account?
- Index(es):
Relevant Pages
|
Loading
