Creating a windows account only for share access

Solution 1:

As the reply of joeqwerty is not clear, I want to put the steps in line. This works for Windows 7, 8, and 10 (I'm on 10), as well as Windows Server 2003, 2008, and 2012.

1. Create the user (if you don't have it created already, and check this if you want it local on W10) from users, or Computer Management, whatever you like more.

2. Open Administrative Tools, then go to Local Security Policy, and go to Local Policies > User Rights Assignment

3. From there, look for the policy called Deny log on locally. Double click it and add the username that you just created to that list.

   • You can also add the user to Deny log on through Terminal Services option, which will be shown on Windows Server. You can also add the user to Deny log on through Remote Desktop Services which will be covered with the logon option, but just in case.

Solution 2:

Sure it can be done. When you've set up the local user account on the server add the user account to the "Deny log on locally" and "Deny log on through Terminal Services" user rights assignment. That will prevent anyone from using this user account to log on to the server locally or via TS/RDS but will allow them to access the share with this uer.