Link to home
Start Free TrialLog in
Avatar of rbudj
rbudjFlag for United States of America

asked on

"Main" Administrator

I have to provide a solution for this scenario:

Single workstation running Windows Vista HP. No domain. The owner wants to be the "Main" administrator of the computer. The idea is to have a Standard account and an Administrator account. Everyone who uses the computer will work under the Standard account. Only the Manager and the Owner have the password to the Administrator account. Now, the Owner wants another Administrator account where he only knows the password. I told him the problem is that any administrator can change or delete the password of another administrator. It is my guess that the main issue here would be preventing any other account from changing or deleting the password of a "Main" administrator account. The only use for having the Managers Administrator account is to perform some duties such as installing printers and programs.

I am looking for a solution to this problem. I prefer to handle this all through Windows although I am willing to look at third party software as a possible option.
Avatar of jerseysam
jerseysam
Flag of United Kingdom of Great Britain and Northern Ireland image

You can set up accounts that have different names but still have Administrator or standard user profiles. So even though you have 3 "Administrator Privaledged" accounts, they all have different names and passwords.
But yes you are correct, ANY administrator can change ANY other administrators password.
As you point out, any adminstrator ID can change the password of every other account. But since only the Manager and Owner know the key passwords, that should be no problem. So set the Owner up with a new ID that is a member of the administrators group.

The bigger concern is that the Owner will go to dodgy places and hose the computer with viruses. Make this clear to the owner in diplomatic language. Make sure the computer has top grade, paid, commercial antivirus. Forget free A/V for this machine

.... Thinkpads_User
Avatar of rbudj

ASKER

Thanks for the replies.

There seems to be no budging the Owner from the requirement of having the top level administrator account. I can present to her that we can't do it exactly how she wants but I have to offer another solution. I wonder if I can use some Local Policy that will restrict changing passwords or to some other effect?

So really option 1 is:

Have only 1 Administrator account for Owner. Any time Manager or Employee needs to perform administrative task, Owner must enter password.

What other options can we come up with?
Avatar of rbudj

ASKER

I guess another option could be to use local policy to exclude user accounts from control panel, or remove control panel all together.
SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rbudj

ASKER

I had better stick with a Windows solution. The owner wants simplicity. More or less a set it and forget it method.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Moving on from all the comments here, get a copy of Ghost (cheap) or equivalent imaging solution and a USB hard drive. Make an image of the system so you can quickly restore the computer to operation when disaster strikes. ... Thinkpads_User
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Educating people about proper use is almost as good. It does not take much to undo group policies (having used them myself for this purpose). However, it could serve you well here.


... Thinkpads_User
@rbudj - Please let us know if we can help further, otherwise, you should probably close this question. ... Thinkpads_User
Avatar of rbudj

ASKER

I am deciding to use local policy. Thanks for helping me brainstorm.