Results 1 to 4 of 4

Thread: Local Admin Account with Deny Logon Locally

  1. 31-01-2008 #1
    manishdk
    manishdk is offline Member
    Join Date
    Jul 2004
    Posts
    153

    Local Admin Account with Deny Logon Locally

    I have been trying to create an account that will allow some of the users to install programs on their Windows XP with Service Pack 2 machine. I just want them to supply its credentials in the Run as box if they run any program or patch installation files. So I have made an account and also created a GPO for the Test OU which added it to the local admins group by setting "Deny Logon Locally" to "Enabled" and then specified the account in the "Logon as a Service" setting. But if I try to install some program using the Run As with this same new accounts crendentials then I get an error message that says "Logon failure: the user has not been granted the requested logon type at this computer." Can anyone tell me if there is some different setting that I have to configure. Thanks
    Reply With Quote Reply With Quote
  2. 31-01-2008 #2
    unidentified
    unidentified is offline Member
    Join Date
    Sep 2005
    Posts
    1,476

    Re: Local Admin Account with Deny Logon Locally

    If it is a local login then whatever you are doing will not work. You can however try to do something else like setting up a login script for this domain user so that if anyone did login with it to a workstation then they would be logged out of the domain immediately. You can try to Limit User Logon Time in a Domain in Windows Server 2003 by referring to the method here - http://support.microsoft.com/kb/816666
    Reply With Quote Reply With Quote
  3. 03-02-2008 #3
    jigu902003
    jigu902003 is offline Member
    Join Date
    Sep 2005
    Posts
    179

    RE: Local Admin Account with Deny Logon Locally

    You can also use My Log On which would be a different alternative method. This will give a limited user to self promote, if he is given the admin password, and reminds them to de-promote after a reasonable time that has been allowed to do whatever thy need. It also avoids the issue of loss of settings inherent in changing account because it usually promotes the user's own account.
    Reply With Quote Reply With Quote
  4. 04-09-2008 #4
    Big Fish
    Big Fish is offline Member
    Join Date
    Jan 2006
    Posts
    3,792
    You can also try to set logon user rights by using the NTRights utility. The below link describes how to set logon user rights by using the NTRights utility. The NTRights utility (Ntrights.exe) is included in the Windows Server 2003 Resource Kit. For information about the Resource Kit, visit the following Microsoft Web site: http://www.microsoft.com/downloads/d...DisplayLang=en
    Reply With Quote Reply With Quote
« Windows XP immediately reboots after login | HELP - Security sites and Windows Update blocked - other sites available »

Similar Threads

  1. Deny Logon Locally
    By Micheaux in forum Windows Security
    Replies: 5
    Last Post: 24-12-2011, 04:24 PM
  2. Unable to see PNG files in user account except admin account
    By Baiju Bavara in forum Operating Systems
    Replies: 6
    Last Post: 02-07-2011, 09:56 AM
  3. Stuck on a guest account, cannot access windows 7 admin account
    By LavaStones in forum Windows Software
    Replies: 1
    Last Post: 11-02-2011, 10:49 PM
  4. Deny Log on Locally to some accounts through GPO
    By Hutchence in forum Active Directory
    Replies: 3
    Last Post: 08-11-2008, 01:25 AM
  5. Unable to logon to Windows XP locally - No logon box
    By Adriana| in forum MediaCenter
    Replies: 1
    Last Post: 12-03-2007, 09:15 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,751,297,088.20725 seconds with 16 queries