Posts Tagged Deny logon locally
Windows 2003: Prevent user login via the console
You’d think that “Deny logon locally” would do it right? Even the documentation suggests that this is the case. But of course you can’t apply that policy to administrator account (presumably because any user called ‘administrator’ must be dumb), so it’s completely useless.
The perfectly obvious and not at all in any way obfuscated way to do it is actually to add the user in question to ‘Remote Operators’ group.
Wonderfully clear isn’t it. Windows I mean.