No announcement yet.

Deny Interactive Logon but permit Privilege Escalation

  • Filter
  • Time
  • Show
Clear All
new posts

  • Deny Interactive Logon but permit Privilege Escalation

    hi guys

    There is a way to deny interactive logon to a workstation but permit the priviledge escalation(run as)?
    I tried with this

    Use Computer Configuration / Windows Settings / Security Settings / Local Policy User Rights Assignment
    to set Deny logon locally for this account.

    but it does not work because deny also the privilege escalarion or run as...not only the interactive logon. We would need for some Laptop in workgroup

    tanks a lot!

  • #2
    How do you expect to escalate privileges on an account that is NOT logged in?? Run as only works when a logged-in person wishes to execute something and use another set of credentials to do it. This is typically when a standard user is logged on but needs to run something with administrative rights.

    Can you explain in more detail exactly what program you're trying to run or limit, or what result you're trying to achieve?
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **