Solved

Preventing a Local Computer Administrator from Changing Password

Posted on 2011-02-25
4
426 Views
Last Modified: 2012-08-13
This is an odd request, I know, but I need to prevent a person from setting a password on his computer.

Now, the background is that the client that I'm working for has asked their employees to not use passwords on their computers. I've tried to argue the point that the idea is ludacris but they won't budge. The problem is that one employee continually puts on back on there.

The setup is that it is a local Windows XP machine that is not connected to a domain and the employee has administrative rights.

Now, the few ways that I have researched are:

1.

DisableChangePassword in the registry

2.

Disable Change Password in compmgmt.msc (which is probably the same as the above)
Now I know that since he is an administrator he can just undo anything I can put on there. But he most likely won't and isn't very tech savvy.

So any other ideas or thoughts?

0
Comment
Question by:ThievingSix
4 Comments
 
LVL 7

Expert Comment

by:Mdragga
ID: 34981775
I'd recommend looking into DeepFreeze or something similar. Deepfreeze is the one I'm familiar with so its the one I can recommend.

Complicated to get to the prompt within Windows
You set a password to access the programs
Reverts any changes user may have made on reboot

http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeEducation.aspx
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34981782
Hmm.  You could set a password policy that forces him to change his password everyday, and prevents him from reusing the last 100 passwords.  That might annoy him enough to get him to change his ways.
0
 
LVL 9

Expert Comment

by:sah18
ID: 34981788
I think the two solutions you've already come up with are probably the best ones.  In addition (and you may already be doing this as well), you could enable autologin to XP so that no prompt comes up to log in at all -- this way, you are at least controlling which user account is (auto)logging into the system.
0
 
LVL 2

Accepted Solution

by:
__ST earned 500 total points
ID: 34985314
DeepFreeze is a good solution if you want to put restrictions on all of the PCs but allow the users Administrative control.  If you need a free option, Microsoft SteadyState was a great package (sadly discontinued at the end of last year, but still unofficially available online).

Since you're really only concerned with one user on one PC, disabling the ability to change the password in the registry could be an easy fix for you.  If the user isn't too tech savvy, change the permissions on the registry key to read only for them and you should be fine; it's unlikely that they would know to take ownership of the registry key and modify it.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server Backup - full/normal versus fast 15 46
Troubleshooting MDT 13 44
encrypted folder 7 63
2008 R2 export VM includes VHD 1 6
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question