Can you forbid a local administrator from having access to system restore and shadow copies?

Posted on 2017-10-12
Low Priority
Last Modified: 2017-10-16
I have a computer that runs 24x7 in a remote location. It needs to be logged in as a  local administrator due to a software requirement. Is there a way to prevent specific local admin accounts from deleting system restore points or shadow copies?

I ask due to a crypto-locker that recently affected this computer, which removed system restore points. I would like to prevent it happening again.
Question by:Bob Johnson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 37

Expert Comment

basically, local admin is local admin, which means it owns the privileges to access everything except those only controlled by the OS core.
you need another user account to do the same thing, with restricted rights comparing to a local admin.
if you have to access the system using this specific user, change the user's type from an admin to a power user instead.
LVL 96

Expert Comment

by:Lee W, MVP
You should probably look at the software you're running and consider changing it or modifying it's requirements.  Often "required" admin rights aren't required if you adjust certain permissions.
LVL 80

Expert Comment

One deal with auto-login, auto-lock workstation upon starting the application,
The short answer, no you can not block a local admin from doing what an admin is supposed to do.

If you have access to the software in a test environment, you could using rights assignment explore extending requisite rights to a standard user to make the software run without utilizing an administrative access.
LVL 80

Expert Comment

Whenever dealing with restricting administrators (local or domain), one should ask can one restrict the owner of a house from doing any task in their house they want? This thread of scenarios can go for ever, give a person your house key, and then try to prevent them from throwing a party when you are away?
LVL 15

Expert Comment

by:William Fulks
Your problem is not that local admin can remove restore points.

Your problem is that somebody on your network (or possibly that machine) opened an email or attachment that set off a cyptolocker on your network. Were people checking personal email from this machine? If so, that needs to stop ASAP.

Limiting the local admin account will only cause problems later plus, by design, it shouldn't be limited.

Featured Post

Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

Join & Write a Comment

Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question