jkrjora
asked on
How do I prevent users from using lusrmgr to reset administrator password
Hi
Windows XP
Admin Users
Need Access to lusrmgr
I need to prevent them from resetting the admin password - even if you know where it lives in the reg, I may be able to set sys read only? (and admin full control so that admin can run app later on to restore permissions as req'd)
Windows XP
Admin Users
Need Access to lusrmgr
I need to prevent them from resetting the admin password - even if you know where it lives in the reg, I may be able to set sys read only? (and admin full control so that admin can run app later on to restore permissions as req'd)
ASKER
I am addressing offline access via another means, and the way that i am protecting some critical reg keys and folders involves a admin account having more permissions than system. There will be applications which pick up the credentials for this account in order to modify theses keys/files, so whatever account the application uses, if the users can reset the password and log in, they will automatically have access to those restricted keys and folders, or if it locks them out of these, it will render the system possibly useless, due to the critical nature of the files being protected.
jkrjora--Well, Admins will always be able to change the password.
But here is another look
http://support.microsoft.com/kb/239803
But here is another look
http://support.microsoft.com/kb/239803
ASKER
well does http://support.microsoft.com/kb/143475/EN-US/ answer my question then?
ASKER
sorry I got off track looking at that article. Can I create a user group that has all admin permissionss except when it comes to reseting user passwords?
ASKER
what search result were you thinking of?
jkrjora--create+user+group +that+has+ all+admin+ permission s+except+r esetting+u ser+passwo rds
ASKER
Results 1 - 10 of about 3,460,000 for create+user+group+that+has +all+admin +permissio ns+except+ resetting+ user+passw ords
so what result were you thinking of? if I wanted to spend hours googling it, I wouldn't have asked it here...
so what result were you thinking of? if I wanted to spend hours googling it, I wouldn't have asked it here...
jkrjora--I assumed you wanted a solution to your problem. I had made two earlier suggestions. Since those did not satisfy you and I had no further ideas or comments, I thought I would lead you to Google since you apparently had not gone there yourself.
Regrets.
Regrets.
Is this for domain users? If yes then I'd question why users need to be members of the Local Administrators Group? If you diminish the Administrators Groups Capacity in any way or the Administrator Account this could potentially cause more problems. If they do require more privileges than make them members of the users Group and then just add permissions on top of this.
Hope that helps.
Cheers
Hope that helps.
Cheers
ASKER
ok - so can you change permissions on a group that pretty much makes them admin (as far as installing programs etc?) if yes I will award points on this question and start another question to address that...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
[edit] to to these
To
to do these
=)
To
to do these
=)
ASKER
https://www.experts-exchange.com/questions/23089176/Prevent-users-from-changing-Administrator-password.html