You do know that you just expanded the spec when saying
or it cannot connect to remote computer
because the rights specified no interactive logins
What is it that you do want the account able to do?
Usually Administrators group will be granted the login rights.
You seem to want an account in that group but without some of
the login rights. In that case you either need to remove the grant
of login rights to Administrators and replace it with grant to the
accounts in Administrators that should have the right (I would
recommend defining a custom group for the purpose), or, you
leave the grant to Administrators in place but disallow the one
account by the Deny user right for local login.
But then, that only addresses your inital specification, not the
new "connect to remote computer" part.
Roger
"damongar" <damongar@discussions.microsoft.com> wrote in message
news:67AD9BB2-4191-4094-88AA-0DD59092BCB8@microsoft.com...
> Right, what I want is an account that has the same permissions as an admin
> but cannot login to a console. I have not been able to do this, either it
> has
> permissions to login to the console or it cannot connect to remote
> computer
> because the rights specified no interactive logins.
>
> "Tim Starid" wrote:
>
>> No, Administrator can always login to the console. You could create a
>> non-admin account and elevate the permissions though to match an Admin.
>>
>> "damongar" wrote:
>>
>> > I want to create a service account that has administrator permissions
>> > on
>> > servers but I do not want this account to be able to log in to the
>> > console of
>> > any server, is this possible?
>> >
>> > Thanks
>> > Ray