Run as administrator / disable logon locally


  1. Siberiantiger
    Posts : 2
    Windows 7 Enterprise 64bit
       New #1

    Run as administrator / disable logon locally


    Hi!

    Is there a way to prevent users from logging on locally with a spesific local user (first PC login) but still be able to Run as local user after logged on to the PC with a AD user?
      My Computer
    Quote Quote

  3. logicearth
    Posts : 5,642
    Windows 10 Pro (x64)
       New #2

    To login with Run as requires the ability for one to login into that account locally. You cannot have your cake and eat it as well.
      My Computer
    Quote Quote

  4. Siberiantiger
    Posts : 2
    Windows 7 Enterprise 64bit
    Thread Starter
       New #3

    Thanks for your reply. Our case is users that have an active directory user that is not local administrator. But they do have access to a local administrator user on the computer that they can use to run or install certain software that needs admin rights, but we do not want them to only login as the local administrator all times, just when they really need it. So f.eks preventing them from reaching printeres or fileshares when logged on as a local user would be nice. Is this possible or is there any better ideas?
      My Computer
    Quote Quote

  6. macxs
    Posts : 1
    W7 Enterprise
       New #4

    Hi Siberiantiger,
    same thing here.

    I just want to show an option how to prevent people from logging in with local admin.
    We created a domain account and
    • removed this account from domain users
    • add this account to group "local admins"
    • make domain group "local admins" member of local group "Administrators"
    • script runs daily that changes password (14 chars)
    • same script sets the account to expire in 24hrs
    • daily password is listed on an intranet site


    Additionally a computer script creates a local admin, renews the random password every 2 Months and pushes the password to a SQL DB - in case of emergency.

    I was also interested in how to disable interactive logon preserving the ability to elevate rights with this account. Too bad that this is impossible.

    HTH
    Last edited by macxs; 14 Oct 2014 at 09:35. Reason: spelling
      My Computer
    Quote Quote

 

  Related Discussions
I started this question at the “Built-in Administrator Account - Enable or Disable” forum where it was suggested I move it here. I have a Toshiba laptop with Windows 7 32-bit. When I first got this laptop many months ago, I needed to perform some action (I do not remember the details) which...
I want to leave Administrator enabled but I do not want to see the Administrator account show on the normal Logon screen. I only want to see it if I boot to Safe Mode like XP Home used to do? Possible? No ... I DO NOT want to disable Administrator.
Im currently using a standard user account.Ive tried the elevated command prompt net user administrator/active:no command and it said the command had completed successfully.But i can still access the administrator account at log on. Any ideas please how i can disable the admin account and just...
Ultimate SP1 here. Just curious if this is possible. I moved in with some roommates and I wanted to allow them access to some file shares on my PC across our LAN. Since it prompts on their end for authentication, I didnt want to supply my logon, as that would allow write access to the files...
Disable automatic logon
in General Discussion

Few days ago my user account started to automatically logon. Before that I didn't have password, but I had to click on my username to start. I didn't change anything, or at least I didn't intentionally. When I go to netplwiz, option "users must enter a user name and password to use this computer"...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 02:39.
Find Us