[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Preventing a Local Computer Administrator from Changing Password

This is an odd request, I know, but I need to prevent a person from setting a password on his computer.

Now, the background is that the client that I'm working for has asked their employees to not use passwords on their computers. I've tried to argue the point that the idea is ludacris but they won't budge. The problem is that one employee continually puts on back on there.

The setup is that it is a local Windows XP machine that is not connected to a domain and the employee has administrative rights.

Now, the few ways that I have researched are:

1.

DisableChangePassword in the registry

2.

Disable Change Password in compmgmt.msc (which is probably the same as the above)
Now I know that since he is an administrator he can just undo anything I can put on there. But he most likely won't and isn't very tech savvy.

So any other ideas or thoughts?

0
ThievingSix
Asked:
ThievingSix
1 Solution
 
MdraggaCommented:
I'd recommend looking into DeepFreeze or something similar. Deepfreeze is the one I'm familiar with so its the one I can recommend.

Complicated to get to the prompt within Windows
You set a password to access the programs
Reverts any changes user may have made on reboot

http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeEducation.aspx
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Hmm.  You could set a password policy that forces him to change his password everyday, and prevents him from reusing the last 100 passwords.  That might annoy him enough to get him to change his ways.
0
 
sah18Commented:
I think the two solutions you've already come up with are probably the best ones.  In addition (and you may already be doing this as well), you could enable autologin to XP so that no prompt comes up to log in at all -- this way, you are at least controlling which user account is (auto)logging into the system.
0
 
__STCommented:
DeepFreeze is a good solution if you want to put restrictions on all of the PCs but allow the users Administrative control.  If you need a free option, Microsoft SteadyState was a great package (sadly discontinued at the end of last year, but still unofficially available online).

Since you're really only concerned with one user on one PC, disabling the ability to change the password in the registry could be an easy fix for you.  If the user isn't too tech savvy, change the permissions on the registry key to read only for them and you should be fine; it's unlikely that they would know to take ownership of the registry key and modify it.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now