Hello.
I have an issue, where I want to prevent domain users with administrative rights from modifying the password of the local administrator account on their respective computers. Any way of implementing this?
Ritesh_4
71
Posting Pro
Recommended Answers
Jump to PostI think this is nearly impossible. I had an IT staffer that wanted to do this and told them it wasn't possible today. Why? Tools like NTPASSWD make resetting the local admin a snap. Yes it got a little harder with the new BIOS (EFI) but not a big hurdle.
…
All 2 Replies
rproffitt
2,572
"Nothing to see here."
Moderator
I think this is nearly impossible. I had an IT staffer that wanted to do this and told them it wasn't possible today. Why? Tools like NTPASSWD make resetting the local admin a snap. Yes it got a little harder with the new BIOS (EFI) but not a big hurdle.
All this has us recalling what a PC is. It's a personal computer and not a terminal. If you need to get absolute control you may have to look at thin clients and such.
Ritesh_4
commented:
Thanks for the info
+6
sam07
-5
Newbie Poster
Hi there, you may try this, You can remove the domain users from local administrator group. To do so, use this
[Computer Configuration\Windows Settings\Security Settings\Restricted Groups]
and you can visit this for more info. . .technet.microsoft.com/en-us/library/cc785631(WS.10).aspx
rproffitt
commented:
Check the question again. This won't stop local password changes.
+0
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.