Solved

How to keep domain admin password only accessible at the actual server

Posted on 2014-11-17
3
154 Views
Last Modified: 2014-11-19
I have a small 2012 Active Directory network with about 300 clients. I recently found out that going on any client as an administrator and doing a "net user administrator <new-password> /Domain" the servers and all of the other clients password were changed. I wish to restrict that so only accessing the server itself can this be done. I have looked in group policy under default domain policy and can't seem to find the specific policy that provides that. Help please.
0
Comment
Question by:hatcherb1234
  • 2
3 Comments
 
LVL 54

Expert Comment

by:McKnife
ID: 40448614
Why do you want to do that - what's the idea if I may ask?
Because only the domain admin himself can use that command in the first place.
0
 
LVL 1

Author Comment

by:hatcherb1234
ID: 40453126
I realize that. I just feel uncomfortable about it and I believe it is a stupid design to allow any client on the domain the ability to make such powerful changes as that just in case someone learns the domain password. I'm from the old school where physical security was part of the rule.
0
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 40453661
I see. Well, if someone learned the password, the last thing he would do is change it, that would only arouse suspicions.

You cannot do anything about it since the ability to change a password is given anywhere.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question