Solved

How to keep domain admin password only accessible at the actual server

Posted on 2014-11-17
3
143 Views
Last Modified: 2014-11-19
I have a small 2012 Active Directory network with about 300 clients. I recently found out that going on any client as an administrator and doing a "net user administrator <new-password> /Domain" the servers and all of the other clients password were changed. I wish to restrict that so only accessing the server itself can this be done. I have looked in group policy under default domain policy and can't seem to find the specific policy that provides that. Help please.
0
Comment
Question by:hatcherb1234
  • 2
3 Comments
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Why do you want to do that - what's the idea if I may ask?
Because only the domain admin himself can use that command in the first place.
0
 
LVL 1

Author Comment

by:hatcherb1234
Comment Utility
I realize that. I just feel uncomfortable about it and I believe it is a stupid design to allow any client on the domain the ability to make such powerful changes as that just in case someone learns the domain password. I'm from the old school where physical security was part of the rule.
0
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
I see. Well, if someone learned the password, the last thing he would do is change it, that would only arouse suspicions.

You cannot do anything about it since the ability to change a password is given anywhere.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now