local user

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi
I have a domain environment in which my user can
chnage local administrator password .I want to restrict
that action and user is not allowed to change local
administrator password.How is it possible.

Thanks in advance
5 answers Last reply
More about local user
  1. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    <snip>
    Don't make the user a member of Administrators ;) Otherwise you can't.

    HTH
    --
    Cheers,
    Marin Marinov
    MCT, MCSE 2003/2000/NT4.0,
    MCSE:Security 2003/2000, MCP+I
    -
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
  2. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    but my user is not member of administrator then now how i
    restrct my user to chande local administrator password.


    >-----Original Message-----
    ><snip>
    >Don't make the user a member of Administrators ;)
    Otherwise you can't.
    >
    >HTH
    >--
    >Cheers,
    > Marin Marinov
    > MCT, MCSE 2003/2000/NT4.0,
    > MCSE:Security 2003/2000, MCP+I
    >-
    >This posting is provided "AS IS" with no warranties, and
    confers no
    >rights.
    >.
    >
  3. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    In article <1004401c43ee2$7cd8a3c0$a101280a@phx.gbl>,
    anonymous@discussions.microsoft.com says...
    > but my user is not member of administrator then now how i
    > restrct my user to chande local administrator password.
    <snip>
    He can't. Non-administrator users cannot perform administrative actions
    on other user or group accounts. So if he is not a member of
    Administrators or Domain Admins (Power Users can also elevate their
    privileges!) you have no worries.

    Of which groups is this user a member? What specific user rights is he
    granted? What is the client OS? You can use the Whoami.exe tool from
    Win2K Resource Kit to view group membership and user rights. Have you
    confirmed that he can indeed change the password? Which tool does he
    use?
    (no more questions for now ;))

    --
    Cheers,
    Marin Marinov
    MCT, MCSE 2003/2000/NT4.0,
    MCSE:Security 2003/2000, MCP+I
    -
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
  4. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    If the user can boot the computer from the floppy/cdrom he may be resetting the local
    administrators password with one of the free password reset disks would be my guess
    of what may be happening as of course a regular user can not change the
    administrators password. The solution may be to prevent the computer from booting
    from anything but the hard drive, disabling USB also if possible, password protecting
    the cmos and having the computer case locked so that user can not change jumper
    battery. Even that is not 100 percent [nothing is but death] but worth a try. ---
    Steve

    "Marin Marinov" <mlmarinov@askme.ca> wrote in message
    news:MPG.1b18051b4c5b993c989802@msnews.microsoft.com...
    > In article <1004401c43ee2$7cd8a3c0$a101280a@phx.gbl>,
    > anonymous@discussions.microsoft.com says...
    > > but my user is not member of administrator then now how i
    > > restrct my user to chande local administrator password.
    > <snip>
    > He can't. Non-administrator users cannot perform administrative actions
    > on other user or group accounts. So if he is not a member of
    > Administrators or Domain Admins (Power Users can also elevate their
    > privileges!) you have no worries.
    >
    > Of which groups is this user a member? What specific user rights is he
    > granted? What is the client OS? You can use the Whoami.exe tool from
    > Win2K Resource Kit to view group membership and user rights. Have you
    > confirmed that he can indeed change the password? Which tool does he
    > use?
    > (no more questions for now ;))
    >
    > --
    > Cheers,
    > Marin Marinov
    > MCT, MCSE 2003/2000/NT4.0,
    > MCSE:Security 2003/2000, MCP+I
    > -
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
  5. Archived from groups: microsoft.public.win2000.group_policy (More info?)

    <snip>
    Fully agreed and in accordance to:
    "Law #3: If a bad guy has unrestricted physical access to your computer,
    it's not your computer anymore"

    ;)

    --
    Cheers,
    Marin Marinov
    MCT, MCSE 2003/2000/NT4.0,
    MCSE:Security 2003/2000, MCP+I
    -
    This posting is provided "AS IS" with no warranties, and confers no
    rights.
Ask a new question

Read More

Policy Domain Microsoft Windows