Archived from groups: microsoft.public.win2000.security (
More info?)
Then user the other setting here. "Deny logon to this computer from the
network" and/or "Access this computer from the network".
First will disable logon, second will prevent accessing file shares etc...
Mike
"greenbay" <greenbay@telia.com> wrote in message
news:5f7bd0599gpsp18t8ce7cavu2cpmgu9k50@4ax.com...
> On Sun, 20 Jun 2004 12:00:29 +0200, "Miha Pihler"
> <mihap-news@atlantis.si> wrote:
>
>>Hi,
>>
>>On Windows 2003 DC (I am not sure if this option is available on Windows
>>2000) I would create a security group and put all of these resource
>>accounts
>>in this group. If you want to have this policy company (domain) vide then
>>Default Domain Group Policy and under Computer configuration drill down to
>>Windows Settings -> Security Settings -> Local Policies -> User Rights
>>Assignment -> here look for e.g. Deny log on locally. Double click it and
>>enter group with resource accounts that you created earlier.
>>
>>I hope this helps you out...
>>
>>Mike
>>
>>"greenbay" <greenbay@telia.com> wrote in message
>>news:h8a9d0h33rgrg859f7vab79rnr8kn8trr5@4ax.com...
>>> We have a couple of accounts that nobody uses to log in to the domain.
>>> Some we use for booking resources in outlook. Is there a way to deny
>>> these accounts to log in the domain, but still have them active. Im
>>> looking for a way just ike the policy "not log on localy" but rather
>>> not log on remote.
>>>
>>>
>>
>
> My problem isnt to disable log on locally, my problem is that the
> accounts should not be able to logon the domain over network