<div>
Why do you want to do that - what's the idea if I may ask?<br />
Because only the domain admin himself can use that command in the first place.
</div>


Why do you want to do that - what's the idea if I may ask?
Because only the domain admin himself can use that command in the first place.

<div>
I realize that. I just feel uncomfortable about it and I believe it is a stupid design to allow any client on the domain the ability to make such powerful changes as that just in case someone learns the domain password. I'm from the old school where physical security was part of the rule.
</div>


I realize that. I just feel uncomfortable about it and I believe it is a stupid design to allow any client on the domain the ability to make such powerful changes as that just in case someone learns the domain password. I'm from the old school where physical security was part of the rule.

<div>
<div class="content wysiwyg-content">
I have a small 2012 Active Directory network with about 300 clients. I recently found out that going on any client as an administrator and doing a &quot;net user administrator &lt;new-password&gt; /Domain&quot; the servers and all of the other clients password were changed. I wish to restrict that so only accessing the server itself can this be done. I have looked in group policy under default domain policy and can't seem to find the specific policy that provides that. Help please.
</div>
</div>


I have a small 2012 Active Directory network with about 300 clients. I recently found out that going on any client as an administrator and doing a "net user administrator <new-password> /Domain" the servers and all of the other clients password were changed. I wish to restrict that so only accessing the server itself can this be done. I have looked in group policy under default domain policy and can't seem to find the specific policy that provides that. Help please.

How to keep domain admin password only accessible at the actual server

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.