Sign in with
Sign up | Sign in
Your question

local user

Last response: in Windows 2000/NT
Share
Anonymous
May 20, 2004 9:58:36 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

Hi
I have a domain environment in which my user can
chnage local administrator password .I want to restrict
that action and user is not allowed to change local
administrator password.How is it possible.

Thanks in advance

More about : local user

Anonymous
May 20, 2004 2:07:21 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

<snip>
Don't make the user a member of Administrators ;)  Otherwise you can't.

HTH
--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
Anonymous
May 21, 2004 12:19:55 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

but my user is not member of administrator then now how i
restrct my user to chande local administrator password.


>-----Original Message-----
><snip>
>Don't make the user a member of Administrators ;) 
Otherwise you can't.
>
>HTH
>--
>Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
>-
>This posting is provided "AS IS" with no warranties, and
confers no
>rights.
>.
>
Related resources
Anonymous
May 21, 2004 5:23:28 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

In article <1004401c43ee2$7cd8a3c0$a101280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> but my user is not member of administrator then now how i
> restrct my user to chande local administrator password.
<snip>
He can't. Non-administrator users cannot perform administrative actions
on other user or group accounts. So if he is not a member of
Administrators or Domain Admins (Power Users can also elevate their
privileges!) you have no worries.

Of which groups is this user a member? What specific user rights is he
granted? What is the client OS? You can use the Whoami.exe tool from
Win2K Resource Kit to view group membership and user rights. Have you
confirmed that he can indeed change the password? Which tool does he
use?
(no more questions for now ;) )

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
Anonymous
May 22, 2004 6:27:27 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

If the user can boot the computer from the floppy/cdrom he may be resetting the local
administrators password with one of the free password reset disks would be my guess
of what may be happening as of course a regular user can not change the
administrators password. The solution may be to prevent the computer from booting
from anything but the hard drive, disabling USB also if possible, password protecting
the cmos and having the computer case locked so that user can not change jumper
battery. Even that is not 100 percent [nothing is but death] but worth a try. ---
Steve

"Marin Marinov" <mlmarinov@askme.ca> wrote in message
news:MPG.1b18051b4c5b993c989802@msnews.microsoft.com...
> In article <1004401c43ee2$7cd8a3c0$a101280a@phx.gbl>,
> anonymous@discussions.microsoft.com says...
> > but my user is not member of administrator then now how i
> > restrct my user to chande local administrator password.
> <snip>
> He can't. Non-administrator users cannot perform administrative actions
> on other user or group accounts. So if he is not a member of
> Administrators or Domain Admins (Power Users can also elevate their
> privileges!) you have no worries.
>
> Of which groups is this user a member? What specific user rights is he
> granted? What is the client OS? You can use the Whoami.exe tool from
> Win2K Resource Kit to view group membership and user rights. Have you
> confirmed that he can indeed change the password? Which tool does he
> use?
> (no more questions for now ;) )
>
> --
> Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
> -
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
Anonymous
May 22, 2004 2:10:52 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

<snip>
Fully agreed and in accordance to:
"Law #3: If a bad guy has unrestricted physical access to your computer,
it's not your computer anymore"

;) 

--
Cheers,
Marin Marinov
MCT, MCSE 2003/2000/NT4.0,
MCSE:Security 2003/2000, MCP+I
-
This posting is provided "AS IS" with no warranties, and confers no
rights.
!