Properties on AD account, Account tab, "Log On To..." and enter a bogus hostname. Voila, can't logon to any workstation but can still validate against AD. Unless I'm missing something...
> Date: Wed, 18 Jun 2014 09:09:43 -0700 > Subject: RE: [NTSysADM] email access only - urgent > From: [email protected] > To: [email protected] > > Check out the GPO options :-) > > There's another one for "Deny Log on through Remote Desktop Services", and > if you're really paranoid, you can also configure all the "DENY" > assignments... > > GPO location: Computer Configuration/Windows Settings/Security > Settings/Local Policies/User Rights Assignment > > I use that areas when configuring service accounts, I set those up with > similar restrictions as you're looking for. > > Dave > > > and this will prevent local desktop access, and rdp etc..? > > > > > > > > Jean-Paul Natola > > > > > > > > > >> Date: Wed, 18 Jun 2014 08:47:13 -0700 > >> Subject: Re: [NTSysADM] email access only - urgent > >> From: [email protected] > >> To: [email protected] > >> > >> Easy - GPO to disallow interactive logon, point the GPO to just that > >> user. > >> > >> Dave > >> > >> > Hi all > >> > > >> > Got a strange request , a user will be leaving the company and they > >> want > >> > him to ONLY have access to his exchange account, so no RDP, TS, > >> desktop > >> > logons etc.. > >> > > >> > > >> > If this is possible, what is the EASIEST way to go about it? > >> > > >> > > >> > > >> > > >> > > >> > >> > >> > >> > > > > > > > >
