I have a workstation, running Windows 8.1, that is joined to a domain.
I want to create a local (non-domain) user without the ability to log on interactively. I'd like to avoid Group Policy because the work I'm doing is just for testing - there is a production environment with a user that does not have logon privileges, and I want to make sure everything I'm doing will work for such a user.
I've tried to create an account and remove it from the Users and Administrators group, but I can still log in to the local console. I've also tried this code, running Revoke-UserRight -Account <AccountName> -Right SeInteractiveLogonRight
, and while that succeeds, I'm still able to log in to the local console using that account.
Is such a thing possible?