Solved

Restricting Domain Admin Accounts

Posted on 2014-04-03
4
40 Views
Last Modified: 2016-05-31
Hi,

We have IT and dev folks who currently are local administrators of their own systems.  We are looking to lock this down with standard user accounts as their main account and have a secondary admin account to use for administrative work.  

With that said, we would like for people to use this secondary admin account to do "run as" etc, but want to make sure to prevent users from trying to log onto machines locally with this admin account to use as their main account.

Can this be done?

Thanks.
0
Comment
Question by:mesadmin
  • 2
4 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
No.
Running a program with different credentials interactively would have to be allowed - but that implies to have the privilege to logon locally, sorry.
Look at 3rd party software (privilege manager) or simply enforce and trust UAC
0
 
LVL 142

Expert Comment

by:Guy Hengel [angelIII / a3]
Comment Utility
I've requested that this question be deleted for the following reason:

Not enough information to confirm an answer.
0
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 500 total points
Comment Utility
I object.
Surely my comment has covered the facts and concluded: it's not possible, at least not if we assume the users want to abuse it.

If we however assume that users are nice and not technically savvy, yes, then there's even a way to prevent local logons: https://www.experts-exchange.com/articles/24599/Free-yourself-of-your-administrative-account.html holds it at the end: we can trigger account deactivation when users try to switch to the logon screen by using scheduled tasks as outlined.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now