Denying Administrator The Right To Change Computer Name

I want to deny a local administrator the right to be able to shut down a server and change it's computer name or remove it from the domain.

I have created a local group called Shutdown Users and edited the local security policy setting "Shut down the system" and this works a trat.

However i cannot find a setting to be able to do similar to stop them changing the computer name.

How can i acomplish this?
LVL 2
Avatar261Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Avatar261Connect With a Mentor Author Commented:
i got round this using regedit to remove the properties button from my computer. Crude but affective.
0
 
StevenTodd00Commented:
Can't be done. A domain admin rights can't be completely dumbed down.

Solution would be to NOT give out the admin password and only give out a secondary login that has delegated rights.

If someone else has the admin password that it not authorized then you have bigger issues.
solve that first then lock everything down.
0
 
Avatar261Author Commented:
This is not a domain admin.

I am talking about just a local admin on a server.
0
Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

 
ChiefITCommented:
Is this a domain server or a Stand alone server?

There is an alternative. It is a GPO to deny "log on locally". Are you interested?
0
 
Avatar261Author Commented:
Hmm, it is a domain server.

How does the deny log on locally stop them renaming the computer?
0
 
ChiefITCommented:
Just like you create a domain policy or group policy, you can create a local policy. It all depends on what you want to do.

Go to the local policy MMC snapin and add a user policy to that user. I don't know if there is a policy to prevent from changing computer name or prevent from logoff. That's something that someone more familiar with GPOs can tell you.
0
All Courses

From novice to tech pro — start learning today.