Solved

Denying Administrator The Right To Change Computer Name

Posted on 2007-11-23
6
491 Views
Last Modified: 2012-05-05
I want to deny a local administrator the right to be able to shut down a server and change it's computer name or remove it from the domain.

I have created a local group called Shutdown Users and edited the local security policy setting "Shut down the system" and this works a trat.

However i cannot find a setting to be able to do similar to stop them changing the computer name.

How can i acomplish this?
0
Comment
Question by:Avatar261
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:StevenTodd00
ID: 20339380
Can't be done. A domain admin rights can't be completely dumbed down.

Solution would be to NOT give out the admin password and only give out a secondary login that has delegated rights.

If someone else has the admin password that it not authorized then you have bigger issues.
solve that first then lock everything down.
0
 
LVL 2

Author Comment

by:Avatar261
ID: 20339402
This is not a domain admin.

I am talking about just a local admin on a server.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20342206
Is this a domain server or a Stand alone server?

There is an alternative. It is a GPO to deny "log on locally". Are you interested?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 2

Author Comment

by:Avatar261
ID: 20357008
Hmm, it is a domain server.

How does the deny log on locally stop them renaming the computer?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20358675
Just like you create a domain policy or group policy, you can create a local policy. It all depends on what you want to do.

Go to the local policy MMC snapin and add a user policy to that user. I don't know if there is a policy to prevent from changing computer name or prevent from logoff. That's something that someone more familiar with GPOs can tell you.
0
 
LVL 2

Accepted Solution

by:
Avatar261 earned 0 total points
ID: 20795889
i got round this using regedit to remove the properties button from my computer. Crude but affective.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now