Hi !
I am going to define and use some accounts in a 2008 domain which are used for some sql proxy accounts (running xp_cmdshell)
to say briefly, these accounts should not be able to login locally or remotely to domain computers
they should have log on as a batch job and as a service permission on SQL servers (which they have)
i do not want to define a GPO just for this (or change default domain policy) and add this 1 or 2 users to that (disabling logon locally)
is there any property for a user or a less dangerous with little side effects to prevent these users to log on locally or interactively ?