Critical System Protection

 View Only

  • 1.  how to block interactive logon for local users ?

    Posted Jul 21, 2013 12:06 PM

    how to block interactive logon for local users ?

    i have tride to do this with limting acsses to winlogon.exe but with no success



  • 2.  RE: how to block interactive logon for local users ?

    Posted Jul 21, 2013 12:45 PM

    Can you please check this option on page 49

    Specify users with full/safe/ privileges
    This option gives full or safe privileges to interactive programs that are run by 
    specific users. Enable the option, and then list the users. Each entry in the list 
    must be a full path. Use of an asterisk (*) as a wildcard character is permitted.
     


  • 3.  RE: how to block interactive logon for local users ?

    Posted Jul 24, 2013 04:28 PM

    I think you are better off using the Windows Security Policy (either local or AD based) to achieve this.

    Locally, use secpol.msc > Local Policies > User Rights Assignment > Deny Log On Locally, and add the users/groups you want to block,

    Then monitor AD or Local Users for changes using SCSP IDS.  For added security, block write access to the Registry using IPS, to prevent the security policy from being changed and do not allow windows\system32\mmc.exe to run so you can get an event if anyone attempts to thwart your lockdown.