Check out the GPO options :-) There's another one for "Deny Log on through Remote Desktop Services", and if you're really paranoid, you can also configure all the "DENY" assignments...
GPO location: Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment I use that areas when configuring service accounts, I set those up with similar restrictions as you're looking for. Dave > and this will prevent local desktop access, and rdp etc..? > > > > Jean-Paul Natola > > > > >> Date: Wed, 18 Jun 2014 08:47:13 -0700 >> Subject: Re: [NTSysADM] email access only - urgent >> From: [email protected] >> To: [email protected] >> >> Easy - GPO to disallow interactive logon, point the GPO to just that >> user. >> >> Dave >> >> > Hi all >> > >> > Got a strange request , a user will be leaving the company and they >> want >> > him to ONLY have access to his exchange account, so no RDP, TS, >> desktop >> > logons etc.. >> > >> > >> > If this is possible, what is the EASIEST way to go about it? >> > >> > >> > >> > >> > >> >> >> >> > >
