Solved

Preventing a Local Computer Administrator from Changing Password

Posted on 2011-02-25
4
427 Views
Last Modified: 2012-08-13
This is an odd request, I know, but I need to prevent a person from setting a password on his computer.

Now, the background is that the client that I'm working for has asked their employees to not use passwords on their computers. I've tried to argue the point that the idea is ludacris but they won't budge. The problem is that one employee continually puts on back on there.

The setup is that it is a local Windows XP machine that is not connected to a domain and the employee has administrative rights.

Now, the few ways that I have researched are:

1.

DisableChangePassword in the registry

2.

Disable Change Password in compmgmt.msc (which is probably the same as the above)
Now I know that since he is an administrator he can just undo anything I can put on there. But he most likely won't and isn't very tech savvy.

So any other ideas or thoughts?

0
Comment
Question by:ThievingSix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 7

Expert Comment

by:Mdragga
ID: 34981775
I'd recommend looking into DeepFreeze or something similar. Deepfreeze is the one I'm familiar with so its the one I can recommend.

Complicated to get to the prompt within Windows
You set a password to access the programs
Reverts any changes user may have made on reboot

http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeEducation.aspx
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34981782
Hmm.  You could set a password policy that forces him to change his password everyday, and prevents him from reusing the last 100 passwords.  That might annoy him enough to get him to change his ways.
0
 
LVL 9

Expert Comment

by:sah18
ID: 34981788
I think the two solutions you've already come up with are probably the best ones.  In addition (and you may already be doing this as well), you could enable autologin to XP so that no prompt comes up to log in at all -- this way, you are at least controlling which user account is (auto)logging into the system.
0
 
LVL 2

Accepted Solution

by:
__ST earned 500 total points
ID: 34985314
DeepFreeze is a good solution if you want to put restrictions on all of the PCs but allow the users Administrative control.  If you need a free option, Microsoft SteadyState was a great package (sadly discontinued at the end of last year, but still unofficially available online).

Since you're really only concerned with one user on one PC, disabling the ability to change the password in the registry could be an easy fix for you.  If the user isn't too tech savvy, change the permissions on the registry key to read only for them and you should be fine; it's unlikely that they would know to take ownership of the registry key and modify it.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question