I ran into an issue when a software that was recommended to me requires to provide it with my admin user account and password not in a UAC prompt (which I do not want to do.)
So I was curious, can I create a Windows user account (belonging to the built-in Administrators group) that interactive users cannot log in to?
Answer
Yes, and this is sometimes done with "service accounts" in a business environment, to avoid staff using them for normal admin work. You can set the local policy for that user to "Deny Logon Locally". However, you must be running Win7 Pro or better.
Use GPEDIT.MSC; go to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment:
Add the user to the policy, as shown below for "guest":
No comments:
Post a Comment