Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This GPO has been implemented by request of the Information Security Office in order to control the following:

  • Users without a current affiliation (which are made members of the Domain Guests group) cannot logon to domain-joined computers at all

  • Service accounts cannot logon to domain-joined computers locally or through remote desktop. Services accounts do not require these rights for the most part, and this reduces the threat of these accounts being mis-used.

There may be a scenario where a service requires the local/interactive logon right. The following process can be used to override the GPO linked at austin.utexas.edu/Departments:

Create a GPO with the following configuration:

Setting under Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies - User Rights Assignment

Value

Deny access to this computer from the network

Deny log on as a service

Deny log on as a service

Deny log on locally

Deny log on through Terminal Services

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility