Run As without log on locally permission? "Mark Walker" <walkem91[ at ]news.postalias> 12/13/2008 12:33:14 AM Hi As part of a new project, I have 16 Windows Servers. I was planning to set up basic generic login accounts to the servers and have the users run an application using "Run As" feature. (They need to use their normal desktop active directory accounts to log into the application.) The problem is, my company security policy does not allow desktop logins to be used to login to servers, so I need to use "run as" but still not allow them to log in directly to the server using their desktop login. From what I have figured out so far, I cant use run as without granting the log on locally permission. Is there any way round this or can anyone suggest a different method of achieving what I need ? Thanks in advance for any help or suggestions. Mark

Re: Run As without log on locally permission? "Anthony [MVP]" <anthony[ at ]no-reply.com> 12/13/2008 1:26:56 PM This sounds like a case for Terminal Services Anthony, http://www.airdesk.co.uk "Mark Walker" <walkem91[ at ]news.postalias> wrote in message news:3C804D85-282B-432D-9ACA-77315873ADC7[ at ]microsoft.com... [Quoted Text] > Hi > As part of a new project, I have 16 Windows Servers. I was planning to set > up basic generic login accounts to the servers and have the users run an > application using "Run As" feature. (They need to use their normal desktop > active directory accounts to log into the application.) > > The problem is, my company security policy does not allow desktop logins > to be used to login to servers, so I need to use "run as" but still not > allow them to log in directly to the server using their desktop login. > From what I have figured out so far, I cant use run as without granting > the log on locally permission. Is there any way round this or can anyone > suggest a different method of achieving what I need ? > > Thanks in advance for any help or suggestions. > > Mark

RE: Run As without log on locally permission? Dan H 12/20/2008 3:17:01 PM Mark, To use the "run as" option, the account that you're trying to use has to be able to log on locally to the system. See here for more info: http://support.microsoft.com/default.aspx/kb/225035. As far as work arounds, it would really depend on the architecture of the application you're trying to run. Does it allow you to enter credentials when you launch the app (without using run-as)? Is it a custom app that could be modified to run in a more flexible way? The easiest way to get your setup running may be to talk to the system admins and see if there is a compromise for allowing users to be allowed to log in locally to that server. Maybe creating a VERY restricted group on this system so that the users have virtually no rights (just log in locally and enough permissions to run the app...) -Dan Holton "Mark Walker" wrote: [Quoted Text] > Hi > As part of a new project, I have 16 Windows Servers. I was planning to set > up basic generic login accounts to the servers and have the users run an > application using "Run As" feature. (They need to use their normal desktop > active directory accounts to log into the application.) > > The problem is, my company security policy does not allow desktop logins to > be used to login to servers, so I need to use "run as" but still not allow > them to log in directly to the server using their desktop login. From what I > have figured out so far, I cant use run as without granting the log on > locally permission. Is there any way round this or can anyone suggest a > different method of achieving what I need ? > > Thanks in advance for any help or suggestions. > > Mark >