Hi!
I have a set of computer that should logon automatically and launch an application (HMI) from which the users control certain tasks within a factory. At the same time I want most users to be unable to logon locally to the machine.
The autologon (with user:Domain\AutoUser) and launching the HMI application works fine. I allow for ctrl+alt+del in order or maintenance staff to logon locally with their user name.
I tried the the GPO of DenyLogonLocally on the limited users and it works fine, there is just one problem: The HMI application is using the AD Users names to logon the interacting user and control the application. If the he doesn't logon through his domain account he will not have access to the controls. If I don't use the GPO the user can control the application but he can also get into windows and start other applications (totally a nono!) or I use the GPO and the user can't get into windows, but at the same time he will not be able to log in to the application.
Anyone have an idea how to get around this?
(I do not have the source code for the application, so it is impossible for me to change anything there.)
Best regards Trace