How Do I Create a Captive Account? - 30 Aug 2000

It is not possible to create a captive account, however you can force a user to run a program, and if they close that program they can be automatically logged off. The following step outline how to accomplish this:

1. Create a command file with the following lines:

2. Create a mandatory profile for the user.
3. Remove all groups from the profile except the Autostart group.
4. In this group, put the file created in step one.
The program "logout.exe" used in the command file above (available at the FAQ URL below) simply logs off the user.

It's also possible to restrict a user's access to applications with the Policy Editor. From the Policy Editor you can select which applications a user can access--just make sure you allow them to run Explorer or they may not get a desktop! In addition, Microsoft offers the Zero Administration Kit (URL below), which allows the administrator to confine a user to a single application or a set of applications.

For more help with restricting users' access to the desktop, including a script to logon a Windows Terminal Server session with a generic account, be sure to visit this FAQ on our Web site!

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.