Archived from groups: microsoft.public.win2000.group_policy (
More info?)
If the user can boot the computer from the floppy/cdrom he may be resetting the local
administrators password with one of the free password reset disks would be my guess
of what may be happening as of course a regular user can not change the
administrators password. The solution may be to prevent the computer from booting
from anything but the hard drive, disabling USB also if possible, password protecting
the cmos and having the computer case locked so that user can not change jumper
battery. Even that is not 100 percent [nothing is but death] but worth a try. ---
Steve
"Marin Marinov" <mlmarinov@askme.ca> wrote in message
news:MPG.1b18051b4c5b993c989802@msnews.microsoft.com...
> In article <1004401c43ee2$7cd8a3c0$a101280a@phx.gbl>,
> anonymous@discussions.microsoft.com says...
> > but my user is not member of administrator then now how i
> > restrct my user to chande local administrator password.
> <snip>
> He can't. Non-administrator users cannot perform administrative actions
> on other user or group accounts. So if he is not a member of
> Administrators or Domain Admins (Power Users can also elevate their
> privileges!) you have no worries.
>
> Of which groups is this user a member? What specific user rights is he
> granted? What is the client OS? You can use the Whoami.exe tool from
> Win2K Resource Kit to view group membership and user rights. Have you
> confirmed that he can indeed change the password? Which tool does he
> use?
> (no more questions for now
)
>
> --
> Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
> -
> This posting is provided "AS IS" with no warranties, and confers no
> rights.