troubleshooting Question

Restrict Domain Admins From Changing Built-In Administrator Account Password

Avatar of ctagle
ctagleFlag for United States of America asked on
Windows Server 2003SBSWindows Server 2008
7 Comments1 Solution1980 ViewsLast Modified:
Hello Everyone,

Our company does IT Outsourcing, as such we have many different businesses, users, and servers to look after on a day-to-day basis.  The problem that I am currently faced with is that as we grow we are requiring more techs to handle the workload, which is good but requires me to rethink our security policies, in that, if someone has to be let go, or quits, then instead of having a few passwords to change like in your typical in house IT department, we have many passwords to change, across, many servers, many clients, and many devices.  I've already worked out how to take care of most of the issues, such as network scanners that have the admin password for authentication to shares, but the main one I'm faced with right now is how do I make it so that my techs have the access they need to do work on the servers and preform installations and other things on local workstations, but cannot change the built-in administrator password.  This way if one of them is let go or quits, all I have to do is go through each server and change the tech admin account password since that's the only admin password they'll be privy to.  Any help is greatly appreciated, thanks.
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros