Hello.
I have an issue, where I want to prevent domain users with administrative rights from modifying the password of the local administrator account on their respective computers. Any way of implementing this?

I think this is nearly impossible. I had an IT staffer that wanted to do this and told them it wasn't possible today. Why? Tools like NTPASSWD make resetting the local admin a snap. Yes it got a little harder with the new BIOS (EFI) but not a big hurdle.

All this has us recalling what a PC is. It's a personal computer and not a terminal. If you need to get absolute control you may have to look at thin clients and such.

commented: Thanks for the info +6

Hi there, you may try this, You can remove the domain users from local administrator group. To do so, use this
[Computer Configuration\Windows Settings\Security Settings\Restricted Groups]
and you can visit this for more info. . .technet.microsoft.com/en-us/library/cc785631(WS.10).aspx

commented: Check the question again. This won't stop local password changes. +0
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.