WinSecWiki > Security Settings > Local Policies > User Rights > User Rights In-Depth > Deny logon locally

Deny logon locally

AKA: SeDenyInteractiveLogonRight, Deny logon locally

Default assignment: None

This is the opposite of Allow log on locally and any user with both rights will be denied the right to logon interactively. See discussion of logon rights.

If you inadvertently assign this right to Everyone you will not be able to logon to the computer with any account including administrator accounts. In such a case you will have to revoke this right through

group policy if the computer is a member of a domain
remotely with the ntrights resource kit utility
remotely replacing the %SystemRoot%\Security\Database\Secedit.sdb file from another working computer running the same operating system.

Normally this right would only be used for special exceptions where a user who should not be able to logon locally gets that right through membership in a group from which you cannot remove him for other reasons.

Upcoming Webinars

Additional Resources

User Rights In-Depth

•	Access from Network
•	Act as OS
•	Add Workstations
•	Adjust Memory Quotas
•	Allow log on locally
•	Allow Terminal Services logon
•	Backup Files & Directories
•	Bypass traverse checking
•	Change the system time
•	Create a pagefile
•	Create a token object
•	Create global objects
•	Permanent shared objects
•	Debug programs
•	Deny network access
•	Deny logon as a batch job
•	Deny logon as a service
•	Deny logon locally
•	Deny Terminal Services logon
•	Enable trusted for delegation
•	Force shutdown remotely
•	Generate security audits
•	Impersonate a client
•	Increase scheduling priority
•	Load and unload device drivers
•	Lock pages in memory
•	Log on as a batch job
•	Log on as a service
•	Manage auditing and security log
•	Modify firmware values
•	Volume maintenance
•	Profile single process
•	Profile system performance
•	Remove from docking station
•	Replace process level token
•	Restore files and directories
•	Shut down the system
•	Sync directory service data
•	Take ownership of files & objects

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.