Solved

Denying Administrator The Right To Change Computer Name

Posted on 2007-11-23
6
496 Views
Last Modified: 2012-05-05
I want to deny a local administrator the right to be able to shut down a server and change it's computer name or remove it from the domain.

I have created a local group called Shutdown Users and edited the local security policy setting "Shut down the system" and this works a trat.

However i cannot find a setting to be able to do similar to stop them changing the computer name.

How can i acomplish this?
0
Comment
Question by:Avatar261
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:StevenTodd00
ID: 20339380
Can't be done. A domain admin rights can't be completely dumbed down.

Solution would be to NOT give out the admin password and only give out a secondary login that has delegated rights.

If someone else has the admin password that it not authorized then you have bigger issues.
solve that first then lock everything down.
0
 
LVL 2

Author Comment

by:Avatar261
ID: 20339402
This is not a domain admin.

I am talking about just a local admin on a server.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20342206
Is this a domain server or a Stand alone server?

There is an alternative. It is a GPO to deny "log on locally". Are you interested?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 2

Author Comment

by:Avatar261
ID: 20357008
Hmm, it is a domain server.

How does the deny log on locally stop them renaming the computer?
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 20358675
Just like you create a domain policy or group policy, you can create a local policy. It all depends on what you want to do.

Go to the local policy MMC snapin and add a user policy to that user. I don't know if there is a policy to prevent from changing computer name or prevent from logoff. That's something that someone more familiar with GPOs can tell you.
0
 
LVL 2

Accepted Solution

by:
Avatar261 earned 0 total points
ID: 20795889
i got round this using regedit to remove the properties button from my computer. Crude but affective.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question