WinSecWiki

WinSecWiki » Windows Security Settings » Local Policies » User Rights Assignment » User Rights In-Depth » Deny logon locally

Deny logon locally

Deny logon locally

AKA: SeDenyInteractiveLogonRight, Deny logon locally

Default assignment: None

This is the opposite of Allow log on locally and any user with both rights will be denied the right to logon interactively. See discussion of logon rights.

If you inadvertently assign this right to Everyone you will not be able to logon to the computer with any account including administrator accounts. In such a case you will have to revoke this right through

group policy if the computer is a member of a domain
remotely with the ntrights resource kit utility
remotely replacing the %SystemRoot%\Security\Database\Secedit.sdb file from another working computer running the same operating system.

Normally this right would only be used for special exceptions where a user who should not be able to logon locally gets that right through membership in a group from which you cannot remove him for other reasons.

Add Your Comments

Name:	*
Email Address:
Web Address:

Verification Code:	*

Details

Article not rated yet.
Article has been viewed 1,531 times.

Options

Bookmark Article
Social Bookmarks

Social Bookmarks
Comments RSS

Comments RSS

Upcoming Webinars

Additional Resources

Home

Windows

WinSecWiki

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2012 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.